| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.01.2013, 16:21
| #1 |
 |  GVU-Trojaner Hallo, scheinbar bin ich nicht der einzige der sich einen GVU-Trojaner eingefangen hat. Mein Rechner ist seit gut einer Stunde davon befallen und nun hab ich ihn im abgesicherten Modus neugestartet. Kann mir jemand Hilfestellung geben wie ich den Eindringling wieder loswerden kann?  Hoffe auf Hilfe und schonmal herzlichen Dank dafür! Beste Grüße, Markus Geändert von markust89 (20.01.2013 um 16:41 Uhr) |
|
20.01.2013, 16:41
| #2 |
| /// Malware-holic   | GVU-Trojaner Hi
__________________bitte abgesicherter Modus mit Netzwerk wählen, im betroffenen Konto anmelden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
20.01.2013, 17:00
| #3 |
| | GVU-Trojaner Super!
__________________ Scan ist durch, hier das aus OTL.txt:OTL Logfile:Code:
ATTFilter OTL logfile created on: 20.01.2013 16:44:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,91% Memory free 8,16 Gb Paging File | 7,16 Gb Available in Paging File | 87,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 252,30 Gb Free Space | 55,93% Space Free | Partition Type: NTFS Drive E: | 14,65 Gb Total Space | 6,78 Gb Free Space | 46,31% Space Free | Partition Type: NTFS Computer Name: WALL-E | User Name: Markus | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.20 15:44:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Desktop\OTL.exe PRC - [2013.01.19 11:40:48 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.01.17 09:32:34 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe ========== Modules (No Company Name) ========== MOD - [2013.01.19 11:40:48 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.01.17 09:32:33 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.05.12 14:20:28 | 000,382,464 | ---- | M] (Marvell) [Auto | Stopped] -- C:\Windows\SysNative\ykx64mpcoinst.dll -- (yksvc) SRV:64bit: - [2009.05.11 20:21:42 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV) SRV:64bit: - [2009.05.11 20:21:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2009.05.08 00:58:30 | 000,935,424 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2013.01.19 11:40:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 09:12:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 09:12:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.03 16:07:48 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.06.15 12:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 09:12:48 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 09:12:48 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2010.07.12 13:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2010.07.12 13:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.12 14:20:28 | 000,406,016 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2009.05.11 20:22:00 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.05.08 01:39:36 | 000,266,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2009.05.08 01:28:02 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR) DRV:64bit: - [2009.05.08 00:58:34 | 004,993,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2009.05.08 00:58:34 | 004,993,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.04.28 21:20:06 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.03.09 16:00:00 | 000,311,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA013Vid.sys -- (OA013Vid) DRV:64bit: - [2009.03.06 06:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA013Ufd.sys -- (OA013Ufd) DRV:64bit: - [2008.12.31 03:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2008.12.21 18:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) DRV:64bit: - [2008.06.14 23:12:08 | 000,395,800 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.02.09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {4a8f88b8-4a70-41bd-bc89-385c364116d9} - C:\Program Files (x86)\NHL\prxtbNH0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1004241217\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=982f2520-08a8-11e1-8d97-002564444b8d&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2395289 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE Suche - die Suchmaschine IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {4a8f88b8-4a70-41bd-bc89-385c364116d9} - C:\Program Files (x86)\NHL\prxtbNH0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1004241217\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{0CA701F6-5980-4077-BB5A-E6236ECFF346}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4912_6&babsrc=SP_clro&mntrId=223df3310000000000000022fb9eb9cc IE - HKCU\..\SearchScopes\{1CE758C7-BF70-4656-B049-F194D7CC8716}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{5AFAE96B-827B-473E-9169-8580096BFB83}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=982f2520-08a8-11e1-8d97-002564444b8d&q={searchTerms} IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2395289 IE - HKCU\..\SearchScopes\{B98A3F3F-5C50-41EA-8BE9-0D09DB3F035E}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich IE - HKCU\..\SearchScopes\{CDFD7688-6D10-4238-B96A-0BB06BB163C0}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6OyECFrMuY&i=26 IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKCU\..\SearchScopes\{E7E6D96A-E123-4FE7-A84F-61B3ECAE7D46}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{F5378E30-6B3A-4C13-A78E-B0FEBEEB437D}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.18.0.1:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?tab=wm#inbox" FF - prefs.js..extensions.enabledAddons: ytd%40mybrowserbar.com:6.6 FF - prefs.js..extensions.enabledAddons: wtxpcom%40mybrowserbar.com:6.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.ftp: "172.18.0.1" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "172.18.0.1" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "172.18.0.1" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "172.18.0.1" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "172.18.0.1" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.05 17:44:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.10.24 21:59:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:40:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 11:40:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.10.24 21:59:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:40:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 11:40:45 | 000,000,000 | ---D | M] [2010.04.27 20:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions [2012.12.24 15:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\hw2xlp1f.default\extensions [2012.12.24 15:24:22 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\hw2xlp1f.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2012.02.24 21:19:40 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\hw2xlp1f.default\extensions\ffxtlbra@softonic.com [2012.02.27 08:16:45 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\hw2xlp1f.default\extensions\info@bflix.info [2012.02.17 15:45:58 | 000,000,000 | ---D | M] (instplugin) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\hw2xlp1f.default\extensions\info@instmin.com [2012.02.17 17:36:41 | 000,150,835 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\hw2xlp1f.default\extensions\skrillbar@extensions.econa.com.xpi [2012.02.07 09:40:52 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\hw2xlp1f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.11.23 19:04:54 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\hw2xlp1f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.11 13:08:16 | 000,002,203 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\hw2xlp1f.default\searchplugins\MyStart Search.xml [2013.01.19 11:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.12 08:03:08 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2012.12.04 17:11:55 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF [2013.01.19 11:40:48 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2012.06.21 15:31:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.09 17:31:25 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.21 20:38:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.21 15:31:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.17 15:48:09 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2012.06.21 15:31:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.17 15:45:58 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2012.06.21 15:31:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 15:31:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: StartPins O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (NHL Toolbar) - {4a8f88b8-4a70-41bd-bc89-385c364116d9} - C:\Program Files (x86)\NHL\prxtbNH0.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (NHL Toolbar) - {4a8f88b8-4a70-41bd-bc89-385c364116d9} - C:\Program Files (x86)\NHL\prxtbNH0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1004241217\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (instplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Markus\AppData\Roaming\instplugin\toolbar.dll () O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (NHL Toolbar) - {4A8F88B8-4A70-41BD-BC89-385C364116D9} - C:\Program Files (x86)\NHL\prxtbNH0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found O4 - HKCU..\Run: [ieodjrzotp] C:\Users\Markus\AppData\Roaming\phxzbypky.exe (BitTech Co. Ltd.) O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.131.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CCA480F-9BCD-4483-BBA0-1C314A2DEA7E}: DhcpNameServer = 10.131.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\23811~1.154\{61d8b~1\pcpmngr.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Markus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Markus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.03 23:10:21 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{8f8eafa5-591c-11e0-a338-002564444b8d}\Shell - "" = AutoRun O33 - MountPoints2\{8f8eafa5-591c-11e0-a338-002564444b8d}\Shell\AutoRun\command - "" = D:\MyDiSa.exe O33 - MountPoints2\{942b5022-024b-11e0-8174-002564444b8d}\Shell\Auto\command - "" = MSOCache\doWTP_RESTORE.exe O33 - MountPoints2\{942b5022-024b-11e0-8174-002564444b8d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe O33 - MountPoints2\{df45ce57-1d82-11df-8fd1-002564444b8d}\Shell\AutoRun\command - "" = D:\avira.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{20BC354E-45E0-4908-9143-B3CEB8EE3FE6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - MsConfig:64bit - StartUpFolder: C:^Users^Markus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cgs8h0.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.01.20 15:44:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markus\Desktop\OTL.exe [2013.01.20 15:27:27 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\Users\Markus\AppData\Roaming\phxzbypky.exe [2013.01.20 15:25:54 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\Users\Markus\AppData\Local\phxzbypky.exe [2013.01.20 15:25:53 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\ProgramData\phxzbypky.exe [2013.01.19 11:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.15 11:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Deutsche Post AG [2013.01.15 11:25:13 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Deutsche Post AG [2012.12.31 14:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.20 15:44:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Desktop\OTL.exe [2013.01.20 15:39:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.20 15:27:27 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- C:\Users\Markus\AppData\Roaming\phxzbypky.exe [2013.01.20 15:27:27 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- C:\Users\Markus\AppData\Local\phxzbypky.exe [2013.01.20 15:27:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.20 15:27:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.20 15:27:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.20 15:25:53 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- C:\ProgramData\phxzbypky.exe [2013.01.20 15:06:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.18 21:13:45 | 008,912,031 | ---- | M] () -- C:\Users\Markus\Desktop\Calming And Relaxing Hypnotherapy, Eddini.mp3 [2013.01.18 21:13:01 | 007,470,923 | ---- | M] () -- C:\Users\Markus\Desktop\Hypnosis Session For Opening Up Your Creative Abilities, Eddini.mp3 [2013.01.14 20:33:07 | 000,000,000 | -H-- | M] () -- C:\Users\Markus\Documents\Default.rdp [2013.01.13 19:25:04 | 000,244,854 | ---- | M] () -- C:\Users\Markus\Desktop\2. Theoretische Grundlagen.pdf [2013.01.11 11:18:14 | 000,272,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 10:50:25 | 001,469,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.10 10:50:25 | 000,628,992 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.10 10:50:25 | 000,596,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.10 10:50:25 | 000,126,704 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.10 10:50:25 | 000,104,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.30 12:14:32 | 000,000,954 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.27 19:07:24 | 000,017,408 | ---- | M] () -- C:\Users\Markus\AppData\Local\WebpageIcons.db [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.18 21:12:00 | 008,912,031 | ---- | C] () -- C:\Users\Markus\Desktop\Calming And Relaxing Hypnotherapy, Eddini.mp3 [2013.01.18 21:11:28 | 007,470,923 | ---- | C] () -- C:\Users\Markus\Desktop\Hypnosis Session For Opening Up Your Creative Abilities, Eddini.mp3 [2013.01.14 20:33:07 | 000,000,000 | -H-- | C] () -- C:\Users\Markus\Documents\Default.rdp [2013.01.13 19:25:04 | 000,244,854 | ---- | C] () -- C:\Users\Markus\Desktop\2. Theoretische Grundlagen.pdf [2012.11.23 13:33:13 | 000,000,156 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.06.11 20:09:04 | 000,017,408 | ---- | C] () -- C:\Users\Markus\AppData\Local\WebpageIcons.db [2012.06.10 11:42:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.06.10 11:31:07 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.06.12 20:42:01 | 000,002,102 | ---- | C] () -- C:\Users\Markus\.recently-used.xbel [2011.05.10 10:45:25 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.04.09 16:10:19 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{8240915C-A7E0-412D-95A9-622C6C48CEEF}.dat [2010.03.02 19:11:11 | 002,621,440 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\DataSafeDotNet.exe [2009.09.05 10:25:19 | 000,006,836 | ---- | C] () -- C:\Users\Markus\AppData\Local\d3d9caps.dat [2009.09.03 16:40:51 | 000,025,863 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\UserTile.png [2009.08.27 18:21:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.26 18:39:44 | 000,100,864 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.26 21:27:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Babylon [2013.01.20 15:29:00 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Dropbox [2010.12.01 21:45:53 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\GetRightToGo [2012.09.19 08:05:49 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\go [2011.05.28 18:47:54 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\gtk-2.0 [2012.04.22 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Gutscheinmieze [2011.09.16 11:36:27 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICQ [2012.02.17 15:45:58 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\instplugin [2009.09.03 16:40:51 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PeerNetworking [2012.12.09 17:34:10 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PerformerSoft [2012.09.16 20:36:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\pokerth [2012.06.11 11:52:06 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Samsung [2009.09.03 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.12.10 11:40:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.11.24 17:34:45 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2009.12.27 15:53:40 | 000,000,000 | ---D | M] -- C:\BlueByte [2010.12.16 23:47:46 | 000,000,000 | -HSD | M] -- C:\boot [2010.01.16 10:55:56 | 000,000,000 | ---D | M] -- C:\Codemasters [2013.01.16 09:21:59 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.08.26 19:41:44 | 000,000,000 | ---D | M] -- C:\DELL [2009.08.26 18:16:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.30 05:49:34 | 000,000,000 | ---D | M] -- C:\Drivers [2009.07.30 04:10:24 | 000,000,000 | ---D | M] -- C:\EFI [2009.08.20 14:14:30 | 000,000,000 | ---D | M] -- C:\Intel [2009.08.20 14:17:21 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.06.11 13:08:19 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.19 12:33:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.20 15:25:53 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.08.26 18:16:56 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.23 13:33:31 | 000,000,000 | ---D | M] -- C:\Sierra [2013.01.19 20:08:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.11 21:32:08 | 000,000,000 | R--D | M] -- C:\Users [2012.12.14 08:50:23 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2013.01.20 15:27:27 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- C:\Users\Markus\AppData\Local\phxzbypky.exe < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2006.11.02 16:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 16:42:03 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.13 14:44:04 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.02.13 14:44:05 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys [2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.04.30 11:48:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2009.04.30 11:48:36 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2009.04.30 11:48:37 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2009.04.30 11:48:36 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2009.04.30 11:48:36 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2009.04.30 11:48:36 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2009.04.30 11:48:35 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2009.04.30 11:48:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: IASTOR.SYS > [2008.06.14 23:12:08 | 000,395,800 | ---- | M] (Intel Corporation) MD5=0B6C9C8F2E00E8B61C8379E62A9F921B -- C:\Drivers\storage\R228145\f6flpy64\IaStor.sys [2008.06.15 12:12:08 | 000,395,800 | ---- | M] (Intel Corporation) MD5=0B6C9C8F2E00E8B61C8379E62A9F921B -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.06.14 23:12:08 | 000,395,800 | ---- | M] (Intel Corporation) MD5=0B6C9C8F2E00E8B61C8379E62A9F921B -- C:\Windows\SysNative\drivers\iaStor.sys [2008.06.15 12:11:58 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.06.12 20:42:01 | 000,002,102 | ---- | M] () -- C:\Users\Markus\.recently-used.xbel [2013.01.20 16:44:13 | 005,767,168 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT [2013.01.20 16:44:13 | 000,262,144 | -H-- | M] () -- C:\Users\Markus\ntuser.dat.LOG1 [2009.08.26 18:20:47 | 000,000,000 | -H-- | M] () -- C:\Users\Markus\ntuser.dat.LOG2 [2013.01.20 00:13:34 | 000,065,536 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2013.01.20 00:13:34 | 000,524,288 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2012.11.26 15:08:32 | 000,524,288 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2009.08.26 18:20:47 | 000,000,020 | -HS- | M] () -- C:\Users\Markus\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > und das aus Extra.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.01.2013 16:44:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,91% Memory free
8,16 Gb Paging File | 7,16 Gb Available in Paging File | 87,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 252,30 Gb Free Space | 55,93% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,78 Gb Free Space | 46,31% Space Free | Partition Type: NTFS
Computer Name: WALL-E | User Name: Markus | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 18 20 2F 68 73 9D CB 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{120B9B98-5F72-4486-9257-6C7B5DA2A59A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17FEA2B3-AC17-4C59-A2F9-5564C678DFD2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{21B0CE10-CBE9-42EF-9EF2-AC0BD19C806A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{22FDACE7-2427-462F-A1B0-41291FC8906E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24C9893D-F7F6-40FE-A9E7-5281F49C173D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29A1B87B-6ECA-46BC-B274-F851ECE688CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{2DBD7E8A-2EDD-4D9F-BE90-E8DFAE80F03A}" = rport=137 | protocol=17 | dir=out | app=system |
"{2E46FFF9-BD48-4D7A-BE8F-EA9126C2E887}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3C4EA66C-0A36-4DD5-972C-CDC9BAB37F23}" = rport=445 | protocol=6 | dir=out | app=system |
"{3F64095A-DA76-434B-87E2-FA69EF48AF00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46765787-6A0E-43DA-917A-8DB9282657FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4F66012D-57A3-40AF-A24F-F2817CB48348}" = lport=138 | protocol=17 | dir=in | app=system |
"{52D526DD-5622-4DE0-8409-64FBF7198131}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5765EDA8-2C56-4153-BB30-D896BFC11AD2}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C9F8DD5-F9C0-451B-A46C-9DF4AC492720}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F034B73-75B6-4C7B-9F6C-7D0552FB6720}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{612F96DC-987C-47CE-B696-F1B7FF283937}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{66018F9B-A6B8-4386-B981-5877B7738E7D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{695421B0-1B37-4A96-8DE9-B5F28FE5F9AB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F339261-9F75-454E-A45B-F3F6993C83B9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{7BC57F6A-18A3-4AEF-8C7E-534694351DB0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{81B9D3D1-6B88-4FFA-BE69-B3130C5572AD}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8299EA34-635F-4570-8095-963400B10327}" = lport=139 | protocol=6 | dir=in | app=system |
"{953C1065-53C3-494B-9E3F-B8ADF7564F11}" = rport=139 | protocol=6 | dir=out | app=system |
"{A22615BB-FC7E-4515-9908-523A45849E48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A60062E1-EB99-4C19-A040-382B7D1CB9B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA4C4BC5-1DF1-4F85-81C1-98A3ABE20018}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AF93B606-57DC-490D-A346-8F6A6B7D111C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B60D9704-CECD-40BC-BBD8-3DFFB2E05A79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BA00E134-FA52-4268-8286-AC5D9FDD2538}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4D7AFDF-03D4-4A8F-B4EF-238DDBA9FEF3}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C6A70AF3-8819-49B5-93D1-FE858EBA29E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{CAC24C52-A697-426E-ABBE-C99F73C2BA99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD2C5BD7-4378-4B37-9381-7A602CD129E1}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{CFBF076B-CB3B-42F1-9B39-E14000440F20}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD89F962-CD3D-4295-B700-E3D5C9AC1AD6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E3225308-4793-4412-A111-DDF8D6A7A07D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E4E582A1-67F7-48B9-84BC-5ECB4081A494}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6FDE6F3-2144-48E2-ACB6-E549E9CFA0A9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7618302-8B7E-4A6F-8CB2-A774A9AD7326}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F14902E8-57D6-412E-BA79-81792AE03DB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035E82D0-7FC8-4364-A345-B92ED1C816A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{03C17B83-3D13-4D23-9050-55D2CEB0F07D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{052A6FB4-0720-4D37-8A9F-A3A8DC66747C}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 10\programs\umi.exe |
"{0AD02BB7-FA92-4DC9-B8A9-78000377B540}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13BD42D0-287C-4AEC-AC3D-7BEDC2F52216}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13D274BE-A865-4EC7-BDCB-B8767E38B9CA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{19E7A2F8-AD46-45D0-AE7C-A07B6BA38FB6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{1B899C10-96A5-42D8-92F5-1E614AC6C607}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{1EE59E62-0A70-4588-B2A8-1E19EFCF0369}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1FD2BB51-34C6-48A0-9FDF-C0274E4B2BEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{21E2CB52-15B5-4058-A283-54CF928828E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{24AA504D-FE56-4734-A0BE-2C45E63BD872}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 10\programs\studio.exe |
"{2521B797-30A0-4FEA-B366-47EC92EFC29E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{2619A792-E800-4888-9B43-AFE1AED6C981}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{290DDF0F-9914-48B0-ACFF-44D1B54AF6CE}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{2BB7C790-5CC1-4544-809B-96B4DBB9D7E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32CE3BAA-4119-4975-AC9B-1D59917B3FB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3561583D-FD10-4505-8104-05368C1A7285}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{36F0F676-35DD-49E5-9690-0F2B32008044}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{392E6343-3AA7-4C5D-95A6-D8BC4E786D74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4105CB0D-62E5-4FF7-B2E9-055D47760FDD}" = protocol=6 | dir=out | app=system |
"{42093311-B992-4EFA-B9BC-CE50E3ECFE2F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42DC0B7F-3C2B-458F-AD71-25B1FC00124F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46A4E468-C78B-406C-B5C8-88821F666CA8}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 10\programs\rm.exe |
"{4A33E2CF-C0D3-4B73-979B-0C9316980B39}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{4F6F4EFE-E5D8-4849-B218-107DA8CAF258}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 10\programs\pmsregisterfile.exe |
"{53AA8E6D-8D3F-4472-AA2A-535882925E37}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{546CDE75-5803-4288-9A82-E425E8B86E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{553911EA-7073-485D-885A-65824D278E03}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 10\programs\studio.exe |
"{5541A4D2-E22B-4B36-9849-6A58489FA8AD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{557F6913-F2B1-4B84-A72C-5BD3F42C9DCF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{666D27DF-52EF-482E-905B-1CC5B772AF3F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{68DF09E6-6DC4-49B6-8C92-F08255DCDBD1}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 10\programs\umi.exe |
"{6CC2C29D-33B2-4DCB-97B1-A24EA00BA6C9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 10\programs\pmsregisterfile.exe |
"{6F3138A7-CC73-4F11-AC0B-C91AAB0E7DC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{70892DA6-6C51-4775-BA5A-1815DFD2FBD1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{70C10280-CD20-41CD-B947-5B8A9C1267DB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{70D671F1-7334-4BA9-90C0-57CAC417EAD2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{7165CB33-E6C9-4765-AF13-EB10123DCB00}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{735CC368-D4D1-454D-A118-33DB7212E1DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{748CC656-4EC9-4B36-BAF6-C6507756B8F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7690BA32-DD21-4ED2-856D-D2F77BD11183}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 10\programs\rm.exe |
"{7A327F7F-F321-4BD4-A661-F2C1DB77F7C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B37F96F-4E7D-4F61-B1DA-DCC905A8ABB4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{818774F4-1CCA-4524-82C6-582D98980124}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{8562533D-F922-4BCF-BE42-2B7E2EF9E62B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{89FFF0C1-C843-442F-8AB3-7B8804E67E42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8F05D923-4723-460E-BB42-A02536CADDC1}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8F8027EA-5A5A-46C2-81C5-DE152420432C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{92DCEDCE-3732-49BA-B052-49504A8E0592}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{998D7F80-EC7B-47BC-A36E-7A53305D7D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A05D4752-19C5-42A9-8267-94F2A4E535C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{A3F23B4D-64AB-4E9E-B6C6-54DC99C7A2EF}" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe |
"{A551B368-2864-4B59-ADCD-AB7DC7B3219A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{AA3780AB-D74C-419C-892B-04B2AD6E4C40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{AA510665-D9E6-42D1-831A-CBF8A2EFFDA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4716E61-A74B-4669-9B1F-CB9F0DA83A3C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{B79293CC-DE71-447A-BBAA-3A03FBBB6539}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising demo\ofdr demo.exe |
"{BC2EB0A6-6856-4B40-AED6-97DFD9E50572}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{CAA98C3D-D010-4E7D-B833-C483C85D80F4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D6F59FCC-0D60-451A-B9EB-109D0C3BD3E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{D77B57CB-B362-4E9D-AC3D-9C8F85C3387B}" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe |
"{DC0B0584-AD18-41B0-9421-EB37CD56E560}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{DFC1FFC2-CB26-4C1D-A630-BA740B79810B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{E0012690-2863-427F-8144-B3E32061F5CA}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising demo\ofdr demo.exe |
"{E10F5703-C7DD-42B1-8BDD-1C237BA44836}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EACD2ED6-E31A-431C-B46F-CC68E3453482}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{F0CB2DDD-6021-4754-838C-5E75716E8A8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1B7592B-0499-440C-AD83-9423DB6D0019}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F89142BB-D25C-4E89-B16E-ACDB845BF51F}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{FB5A42FD-C193-4793-9CA8-9A3A925CE4B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD8B8F1C-86CC-410F-B643-F1C29589A04C}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{FFF69D46-9180-423E-B50E-2D65D1EFCF61}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"TCP Query User{1AEE44A7-EA22-421A-AAA6-DD1841D4B768}C:\program files (x86)\pokerth-0.9.5\pokerth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pokerth-0.9.5\pokerth.exe |
"TCP Query User{271BDEDD-1DFA-4F00-B345-46FA45E39365}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{2EB9EB34-9191-43E0-A45E-D831C88AC9DF}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{3648EDC2-B70A-4C93-8A87-A4BF6484A9B7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{3C1D80AE-54A5-47A0-AD72-AB305AFBC830}C:\program files (x86)\ea sports\nhl 2002\nhl2002.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\nhl 2002\nhl2002.exe |
"TCP Query User{7FA19875-18D9-4DF0-8BF4-B36F3F901A87}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{848E9FBF-087C-4CD1-BE32-091D49EC841C}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"TCP Query User{8F0C3C4B-678C-4E2A-81C3-E994895C71CA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{91CBE087-F359-4FFD-82A1-31983EADE3E5}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe |
"TCP Query User{9432C3C6-42AE-402B-9BFC-F7F9B27845A9}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{98C9AF61-EFF1-45C8-8C81-0A3624CA898B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{AF911200-B9FE-453D-B09D-F7082728D8FA}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{F530A392-0F78-4C0C-A280-B3A587C5FBC6}C:\program files (x86)\anno 1701 demo\anno1701_demo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701 demo\anno1701_demo.exe |
"TCP Query User{FAD85FC2-78AD-450F-A19B-B71D0A08811E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{FAEA017C-59C7-418B-B01F-53DC9AA9D35A}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{042715D8-A392-4539-970C-1D4DA0C2BC2B}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{482B9D93-4DAF-44DD-81B3-E3952FC051D1}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{497136A9-D8A0-493B-A014-A725013CAF99}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{51B9E6E6-050E-4FC2-B70B-58433B4D455C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{54A1A770-D794-4ADA-B021-64541210CA0A}C:\program files (x86)\pokerth-0.9.5\pokerth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pokerth-0.9.5\pokerth.exe |
"UDP Query User{60FA7EB6-0064-439B-AD4D-2708D1F8DD2A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{6F9BF40A-6498-4325-96FF-F913E05B98F7}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{81CEF74C-A46D-447D-AC59-89A80D839250}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{954858D7-4FE4-4478-8AE3-824F77C77D23}C:\program files (x86)\ea sports\nhl 2002\nhl2002.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\nhl 2002\nhl2002.exe |
"UDP Query User{98F2383D-216E-4265-A371-AD5DCD385465}C:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii trial\empires2.exe |
"UDP Query User{AAE83A81-0C01-4FBC-933F-22ED0A6FC8D0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{ADBBC07A-7656-4A7D-9AF7-298E99214B8E}C:\program files (x86)\anno 1701 demo\anno1701_demo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701 demo\anno1701_demo.exe |
"UDP Query User{DABA03CC-89D6-40F5-9FD9-8FE04AD0DFDB}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{F5AD0E7F-F817-474C-9594-61712574818C}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{FFDD7FA4-715A-414F-8748-6B00BF9CCA9C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B89FA075-12C2-16F9-85E7-BD1A4EBE8828}" = ccc-utility64
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Creative OA013" = Integrated Webcam Driver (1.00.04.0310)
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad
"WNLT" = Web Optimizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0568BF74-8EA7-F577-12C4-ACA664850BB4}" = Catalyst Control Center Localization Dutch
"{05F84591-D572-32C9-2F50-60BD0A06F6ED}" = Catalyst Control Center Graphics Previews Common
"{06C7BC0B-B9E3-E329-F43E-49D833511553}" = Catalyst Control Center Localization Norwegian
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12E19522-2ED0-879C-6BDB-0C8702057982}" = Catalyst Control Center Localization Korean
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1BCF8073-BB9E-F4DD-DDB4-885A6A9F4DB9}" = CCC Help Norwegian
"{1DE37FF6-6858-1226-AE0A-91FA57A1131E}" = Catalyst Control Center Graphics Full New
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D8E6B9-5E1A-4CE5-83D8-EF3626B6CEF9}" = Catalyst Control Center - Branding
"{222FD583-5E5C-CCD3-8985-411CDCF5A53D}" = Catalyst Control Center Localization Spanish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22C29076-0897-EC77-E014-5BE69F534341}" = CCC Help Spanish
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{232EF3A8-3F3C-5451-F771-88B6CCC63A3A}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3203AA3A-F8B2-3870-368E-BEB97B63E078}" = Catalyst Control Center Graphics Previews Vista
"{3626901D-951B-C73C-2F46-F1B6CAB4EA2C}" = CCC Help Chinese Standard
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3E06104A-0977-642D-94E7-7E66E66380F4}" = CCC Help Korean
"{3ECECC41-64EC-47F7-BCD1-6EC7039FF88A}" = YTD Toolbar v6.6
"{40DB7876-3204-C9CB-CD84-779A14574CB7}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{546568C8-6E75-4600-A875-335A08B43D3E}" = CCC Help Russian
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{593BA7E2-B10D-2610-E19A-BB9C4C2D5AA4}" = Catalyst Control Center Localization Chinese Traditional
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{610F49CD-AF09-510C-7931-3D705CA1D05E}" = Catalyst Control Center Localization Russian
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67819B47-548B-B5C4-A322-BD320DBFC932}" = Skins
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{765356C0-15E5-10E4-4C83-24E3A23C5969}" = Catalyst Control Center Graphics Full Existing
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F90C6BF-7B22-6AFC-C160-9E891F5FFCEB}" = ccc-core-static
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89E0B4B2-14DC-CE7C-8B91-4857748C64EC}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{99EF36FC-2B0C-DEDF-946B-BBCE91FD7A37}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A188CB7C-D7E9-BB51-78B6-814EEBE59D82}" = Catalyst Control Center Localization Danish
"{A8F35F8F-0554-4420-465E-1DFB2DE11A96}" = Catalyst Control Center Localization Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B641A74D-DF4B-65BC-483B-18C48C8E08D4}" = Catalyst Control Center Localization Finnish
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7042826-DF8F-41D7-903D-AC6F543BB7D4}_is1" = Don't Get Angry! 3 (Trial) 1.06
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{B9BF2556-F414-4E75-DF71-1C30878D343E}" = Catalyst Control Center Localization Japanese
"{BB448C54-4E83-B1CD-A99D-6B90289B7877}" = Catalyst Control Center Localization Italian
"{BCBF29DB-94FA-260C-A287-C615C7535DA5}" = Catalyst Control Center Graphics Light
"{BCC78B32-851D-4FA1-9E58-62E3237D30E4}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{BF1926DC-925A-72D8-20D4-8B7CBCD151F3}" = Catalyst Control Center InstallProxy
"{C0BD9756-6F7A-369B-A5DA-442B599CF86F}" = CCC Help Dutch
"{C3E413A0-40D0-3A3D-2695-8DAC668F5D3C}" = Catalyst Control Center Localization Swedish
"{C41C3410-8E6B-E468-0AD1-ECD377B525CE}" = Catalyst Control Center Core Implementation
"{C647001D-212E-46E6-279E-3E0BD328D016}" = CCC Help Danish
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB8D07A2-D676-CA34-5F92-000A5ECD1A42}" = CCC Help Italian
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CD4778C1-0AEB-75FB-0D73-4B3F9F94533A}" = CCC Help French
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D28B0CC2-56F1-44EE-EEA9-54FF5434FBE6}" = CCC Help German
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D96041CA-E723-CF83-CD3D-459CD853A0CC}" = Catalyst Control Center Localization German
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E096A50A-5F13-7133-2DC7-36182F76E7CF}" = Catalyst Control Center Localization Portuguese
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4C869A3-F64E-53D3-40E8-19E75B66B931}" = CCC Help Portuguese
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E8A09A9C-5886-D1BD-6E00-A15CD7F63F42}" = CCC Help English
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"{FE67075F-48D5-42A8-863C-3FA7C5651BE1}" = Anno 1701 Demo
"7-Zip" = 7-Zip 9.20
"abramania - poker duell - freeware" = abramania - poker duell - freeware 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blue Byte Game Channel" = Blue Byte Game Channel
"CicloTour_is1" = CicloTour 3.02
"CicloTrainer_is1" = CicloTrainer 5.00
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Don't Get Angry! 2 Demo_is1" = Don't Get Angry! 2 Demo
"Dynamic-Photo HDR 4 (Trial)_is1" = Dynamic-Photo HDR Trial 4.5
"Hactronic_is1" = Hactronic 1.82
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hugin_is1" = Hugin 0.7.0 (SVN 3465)
"ICQToolbar" = ICQ Toolbar
"KaloMa_is1" = KaloMa 4.76
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NHL Toolbar" = NHL Toolbar
"Operation Flashpoint Demo" = Operation Flashpoint Demo uninstall
"Picasa 3" = Picasa 3
"PokerTH 0.9.5" = PokerTH
"S4Uninst" = Die Siedler IV
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.01.2013 18:01:12 | Computer Name = WALL-E | Source = EventSystem | ID = 4621
Description =
Error - 18.01.2013 05:08:08 | Computer Name = WALL-E | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 16:55:23 | Computer Name = WALL-E | Source = EventSystem | ID = 4621
Description =
Error - 19.01.2013 06:25:41 | Computer Name = WALL-E | Source = WinMgmt | ID = 10
Description =
Error - 19.01.2013 06:26:55 | Computer Name = WALL-E | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Der
Remotename konnte nicht aufgelöst werden: 'wsvcdell.backup.com' bei System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) bei System.Net.HttpWebRequest.GetRequestStream() bei System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) bei Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) bei Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error - 19.01.2013 19:13:32 | Computer Name = WALL-E | Source = EventSystem | ID = 4621
Description =
Error - 20.01.2013 05:00:08 | Computer Name = WALL-E | Source = WinMgmt | ID = 10
Description =
Error - 20.01.2013 10:28:44 | Computer Name = WALL-E | Source = WinMgmt | ID = 10
Description =
Error - 20.01.2013 10:40:32 | Computer Name = WALL-E | Source = EventSystem | ID = 4609
Description =
Error - 20.01.2013 10:41:21 | Computer Name = WALL-E | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 29.09.2010 09:14:21 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 175
seconds with 60 seconds of active time. This session ended with a crash.
Error - 02.02.2011 15:43:22 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2124 seconds with 960 seconds of active time. This session ended with a
crash.
Error - 02.02.2011 15:44:13 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 43 seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.02.2011 15:44:35 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 11 seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.03.2011 15:23:59 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4543
seconds with 1560 seconds of active time. This session ended with a crash.
Error - 14.04.2011 10:00:38 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 359
seconds with 300 seconds of active time. This session ended with a crash.
Error - 28.09.2011 15:08:11 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.05.2012 07:53:59 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.09.2012 05:38:15 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 882
seconds with 780 seconds of active time. This session ended with a crash.
Error - 13.12.2012 08:06:30 | Computer Name = WALL-E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 38
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20.01.2013 10:29:52 | Computer Name = WALL-E | Source = Service Control Manager | ID = 7022
Description =
Error - 20.01.2013 10:29:53 | Computer Name = WALL-E | Source = Service Control Manager | ID = 7026
Description =
Error - 20.01.2013 10:40:00 | Computer Name = WALL-E | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 20.01.2013 um 15:38:01 unerwartet heruntergefahren.
Error - 20.01.2013 10:40:25 | Computer Name = WALL-E | Source = DCOM | ID = 10005
Description =
Error - 20.01.2013 10:40:32 | Computer Name = WALL-E | Source = DCOM | ID = 10005
Description =
Error - 20.01.2013 10:40:34 | Computer Name = WALL-E | Source = DCOM | ID = 10005
Description =
Error - 20.01.2013 10:40:54 | Computer Name = WALL-E | Source = DCOM | ID = 10005
Description =
Error - 20.01.2013 10:40:55 | Computer Name = WALL-E | Source = DCOM | ID = 10005
Description =
Error - 20.01.2013 10:41:21 | Computer Name = WALL-E | Source = Service Control Manager | ID = 7001
Description =
Error - 20.01.2013 10:41:21 | Computer Name = WALL-E | Source = Service Control Manager | ID = 7026
Description =
< End of report >
und nu? Achja, fast vergessen: das Design der Benutzeroberfläche ist klassisch, also das alte (ich hab Windows Vista) - wie komm ich wieder zum neuen Vista-Design?  Geändert von markust89 (20.01.2013 um 17:07 Uhr) |
|
20.01.2013, 19:51
| #4 |
| /// Malware-holic | GVU-Trojaner hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [ieodjrzotp] C:\Users\Markus\AppData\Roaming\phxzbypky.exe (BitTech Co. Ltd.)
[2013.01.20 15:27:27 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\Users\Markus\AppData\Roaming\phxzbypky.exe
[2013.01.20 15:25:54 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\Users\Markus\AppData\Local\phxzbypky.exe
[2013.01.20 15:25:53 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\ProgramData\phxzbypky.exe
:Files
C:\Users\Markus\AppData\Roaming\phxzbypky.exe
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.01.2013, 20:24
| #5 |
| | GVU-Trojaner Hi! Jetzt geht's mir schon ein Stückchen besser wenn das System ohne Unterbruch läuft Danke nochmal dafür!!Der Upload hat funktioniert und hier ist der Text der nach dem Neustart zu sehen war... sind jetzt Dateien oder so verloren gegangen wenn da steht "All processes killed"? Sorry für die vielleicht dumme Frage aber ich kenn mich bei Computern nicht sonderlich gut aus... All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ieodjrzotp deleted successfully. C:\Users\Markus\AppData\Roaming\phxzbypky.exe moved successfully. File C:\Users\Markus\AppData\Roaming\phxzbypky.exe not found. C:\Users\Markus\AppData\Local\phxzbypky.exe moved successfully. C:\ProgramData\phxzbypky.exe moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: AppData User: Default User: Default User User: Markus ->Flash cache emptied: 2834048 bytes User: Public Total Flash Files Cleaned = 3,00 mb [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Markus ->Temp folder emptied: 3556650670 bytes ->Temporary Internet Files folder emptied: 165071434 bytes ->Java cache emptied: 28523437 bytes ->FireFox cache emptied: 171709113 bytes ->Google Chrome cache emptied: 856432 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1533399 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 720751279 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 16204072133 bytes Total Files Cleaned = 19.883,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01202013_200119 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
20.01.2013, 20:43
| #6 |
| /// Malware-holic | GVU-Trojaner hi, hatt geklappt. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ --> GVU-Trojaner |
|
21.01.2013, 09:35
| #7 |
| | GVU-Trojaner Hat soweit alles geklappt Hier der Text aus der tdss-txt-Datei:09:30:14.0926 2016 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 09:30:15.0156 2016 ============================================================ 09:30:15.0156 2016 Current date / time: 2013/01/21 09:30:15.0156 09:30:15.0156 2016 SystemInfo: 09:30:15.0156 2016 09:30:15.0156 2016 OS Version: 6.0.6002 ServicePack: 2.0 09:30:15.0156 2016 Product type: Workstation 09:30:15.0156 2016 ComputerName: WALL-E 09:30:15.0156 2016 UserName: Markus 09:30:15.0156 2016 Windows directory: C:\Windows 09:30:15.0156 2016 System windows directory: C:\Windows 09:30:15.0156 2016 Running under WOW64 09:30:15.0156 2016 Processor architecture: Intel x64 09:30:15.0156 2016 Number of processors: 2 09:30:15.0156 2016 Page size: 0x1000 09:30:15.0156 2016 Boot type: Normal boot 09:30:15.0156 2016 ============================================================ 09:30:15.0786 2016 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:30:15.0791 2016 ============================================================ 09:30:15.0791 2016 \Device\Harddisk0\DR0: 09:30:15.0791 2016 MBR partitions: 09:30:15.0791 2016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 09:30:15.0791 2016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830 09:30:15.0791 2016 ============================================================ 09:30:15.0831 2016 C: <-> \Device\Harddisk0\DR0\Partition2 09:30:15.0881 2016 E: <-> \Device\Harddisk0\DR0\Partition1 09:30:15.0886 2016 ============================================================ 09:30:15.0886 2016 Initialize success 09:30:15.0886 2016 ============================================================ 09:30:46.0891 4688 ============================================================ 09:30:46.0891 4688 Scan started 09:30:46.0891 4688 Mode: Manual; SigCheck; TDLFS; 09:30:46.0891 4688 ============================================================ 09:30:47.0236 4688 ================ Scan system memory ======================== 09:30:47.0236 4688 System memory - ok 09:30:47.0236 4688 ================ Scan services ============================= 09:30:47.0441 4688 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 09:30:47.0606 4688 ACPI - ok 09:30:47.0811 4688 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:30:47.0821 4688 AdobeARMservice - ok 09:30:47.0916 4688 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 09:30:47.0961 4688 adp94xx - ok 09:30:48.0026 4688 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 09:30:48.0066 4688 adpahci - ok 09:30:48.0161 4688 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 09:30:48.0261 4688 adpu160m - ok 09:30:48.0281 4688 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 09:30:48.0386 4688 adpu320 - ok 09:30:48.0436 4688 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 09:30:48.0586 4688 AeLookupSvc - ok 09:30:48.0686 4688 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe 09:30:48.0801 4688 AESTFilters - ok 09:30:48.0866 4688 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 09:30:48.0986 4688 AFD - ok 09:30:49.0041 4688 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 09:30:49.0061 4688 agp440 - ok 09:30:49.0121 4688 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 09:30:49.0146 4688 aic78xx - ok 09:30:49.0171 4688 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 09:30:49.0381 4688 ALG - ok 09:30:49.0426 4688 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys 09:30:49.0466 4688 aliide - ok 09:30:49.0506 4688 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 09:30:49.0531 4688 amdide - ok 09:30:49.0566 4688 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 09:30:49.0616 4688 AmdK8 - ok 09:30:49.0676 4688 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 09:30:49.0686 4688 AntiVirSchedulerService - ok 09:30:49.0726 4688 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 09:30:49.0736 4688 AntiVirService - ok 09:30:49.0811 4688 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 09:30:49.0901 4688 Appinfo - ok 09:30:49.0976 4688 [ 2C349460E40EF6B9604D774AAF367730 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe 09:30:50.0026 4688 Application Updater ( UnsignedFile.Multi.Generic ) - warning 09:30:50.0026 4688 Application Updater - detected UnsignedFile.Multi.Generic (1) 09:30:50.0046 4688 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 09:30:50.0066 4688 arc - ok 09:30:50.0186 4688 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 09:30:50.0206 4688 arcsas - ok 09:30:50.0246 4688 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 09:30:50.0296 4688 AsyncMac - ok 09:30:50.0326 4688 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys 09:30:50.0341 4688 atapi - ok 09:30:50.0386 4688 [ 31C5A1C3C0DCD34720B6BF59940CC9F3 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 09:30:50.0566 4688 Ati External Event Utility - ok 09:30:50.0746 4688 [ A4379447148EE55330768CC491EE999E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 09:30:51.0406 4688 atikmdag - ok 09:30:51.0506 4688 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 09:30:51.0556 4688 AudioEndpointBuilder - ok 09:30:51.0566 4688 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 09:30:51.0601 4688 AudioSrv - ok 09:30:51.0736 4688 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 09:30:51.0756 4688 avgntflt - ok 09:30:51.0881 4688 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 09:30:51.0901 4688 avipbb - ok 09:30:51.0956 4688 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 09:30:51.0966 4688 avkmgr - ok 09:30:52.0056 4688 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 09:30:52.0121 4688 BFE - ok 09:30:52.0241 4688 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll 09:30:52.0426 4688 BITS - ok 09:30:52.0466 4688 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 09:30:52.0526 4688 blbdrive - ok 09:30:52.0581 4688 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 09:30:52.0636 4688 bowser - ok 09:30:52.0671 4688 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 09:30:52.0696 4688 BrFiltLo - ok 09:30:52.0736 4688 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 09:30:52.0781 4688 BrFiltUp - ok 09:30:52.0831 4688 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 09:30:52.0951 4688 Browser - ok 09:30:52.0981 4688 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 09:30:53.0216 4688 Brserid - ok 09:30:53.0241 4688 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 09:30:53.0336 4688 BrSerWdm - ok 09:30:53.0346 4688 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 09:30:53.0436 4688 BrUsbMdm - ok 09:30:53.0461 4688 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 09:30:53.0521 4688 BrUsbSer - ok 09:30:53.0561 4688 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 09:30:53.0616 4688 BTHMODEM - ok 09:30:53.0636 4688 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 09:30:53.0676 4688 cdfs - ok 09:30:53.0741 4688 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 09:30:53.0801 4688 cdrom - ok 09:30:53.0856 4688 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 09:30:53.0886 4688 CertPropSvc - ok 09:30:53.0896 4688 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 09:30:53.0956 4688 circlass - ok 09:30:54.0011 4688 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 09:30:54.0076 4688 CLFS - ok 09:30:54.0236 4688 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:30:54.0261 4688 clr_optimization_v2.0.50727_32 - ok 09:30:54.0446 4688 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:30:54.0466 4688 clr_optimization_v2.0.50727_64 - ok 09:30:54.0566 4688 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:30:54.0636 4688 clr_optimization_v4.0.30319_32 - ok 09:30:54.0686 4688 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:30:54.0721 4688 clr_optimization_v4.0.30319_64 - ok 09:30:54.0781 4688 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 09:30:54.0901 4688 CmBatt - ok 09:30:54.0956 4688 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 09:30:54.0971 4688 cmdide - ok 09:30:55.0011 4688 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 09:30:55.0021 4688 Compbatt - ok 09:30:55.0026 4688 COMSysApp - ok 09:30:55.0036 4688 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 09:30:55.0051 4688 crcdisk - ok 09:30:55.0131 4688 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 09:30:55.0171 4688 CryptSvc - ok 09:30:55.0201 4688 [ FC1F55BA03832FBB0DAF965F746C47BB ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 09:30:55.0241 4688 CtClsFlt - ok 09:30:55.0321 4688 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 09:30:55.0401 4688 DcomLaunch - ok 09:30:55.0441 4688 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 09:30:55.0486 4688 DfsC - ok 09:30:55.0596 4688 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 09:30:56.0106 4688 DFSR - ok 09:30:56.0216 4688 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 09:30:56.0256 4688 Dhcp - ok 09:30:56.0386 4688 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 09:30:56.0406 4688 disk - ok 09:30:56.0446 4688 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 09:30:56.0471 4688 Dnscache - ok 09:30:56.0576 4688 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 09:30:56.0626 4688 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 09:30:56.0626 4688 DockLoginService - detected UnsignedFile.Multi.Generic (1) 09:30:56.0681 4688 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 09:30:56.0716 4688 dot3svc - ok 09:30:56.0766 4688 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 09:30:56.0816 4688 Dot4 - ok 09:30:56.0831 4688 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 09:30:56.0891 4688 Dot4Print - ok 09:30:56.0906 4688 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 09:30:56.0971 4688 dot4usb - ok 09:30:57.0016 4688 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 09:30:57.0091 4688 DPS - ok 09:30:57.0181 4688 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 09:30:57.0231 4688 drmkaud - ok 09:30:57.0296 4688 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 09:30:57.0351 4688 DXGKrnl - ok 09:30:57.0401 4688 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys 09:30:57.0496 4688 e1express - ok 09:30:57.0511 4688 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 09:30:57.0566 4688 E1G60 - ok 09:30:57.0621 4688 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 09:30:57.0696 4688 EapHost - ok 09:30:57.0771 4688 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 09:30:57.0806 4688 Ecache - ok 09:30:57.0871 4688 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 09:30:58.0001 4688 ehRecvr - ok 09:30:58.0046 4688 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 09:30:58.0156 4688 ehSched - ok 09:30:58.0181 4688 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 09:30:58.0211 4688 ehstart - ok 09:30:58.0246 4688 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 09:30:58.0281 4688 elxstor - ok 09:30:58.0351 4688 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 09:30:58.0456 4688 EMDMgmt - ok 09:30:58.0511 4688 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys 09:30:58.0546 4688 ErrDev - ok 09:30:58.0616 4688 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 09:30:58.0671 4688 EventSystem - ok 09:30:58.0726 4688 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 09:30:58.0776 4688 exfat - ok 09:30:58.0841 4688 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 09:30:58.0911 4688 fastfat - ok 09:30:58.0936 4688 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 09:30:59.0016 4688 fdc - ok 09:30:59.0061 4688 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 09:30:59.0121 4688 fdPHost - ok 09:30:59.0166 4688 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 09:30:59.0221 4688 FDResPub - ok 09:30:59.0241 4688 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 09:30:59.0256 4688 FileInfo - ok 09:30:59.0296 4688 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 09:30:59.0331 4688 Filetrace - ok 09:30:59.0371 4688 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 09:30:59.0476 4688 flpydisk - ok 09:30:59.0531 4688 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 09:30:59.0566 4688 FltMgr - ok 09:30:59.0651 4688 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 09:30:59.0746 4688 FontCache - ok 09:30:59.0836 4688 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:30:59.0856 4688 FontCache3.0.0.0 - ok 09:30:59.0926 4688 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 09:30:59.0966 4688 Fs_Rec - ok 09:31:00.0021 4688 [ ED07200CFF78FACFB66EBB0B89F503A4 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys 09:31:00.0041 4688 FTDIBUS - ok 09:31:00.0096 4688 [ 9980E7584484A009E77E9BFA14C0C18A ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys 09:31:00.0116 4688 FTSER2K - ok 09:31:00.0211 4688 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 09:31:00.0246 4688 gagp30kx - ok 09:31:00.0331 4688 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 09:31:00.0416 4688 gpsvc - ok 09:31:00.0566 4688 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:31:00.0576 4688 gupdate - ok 09:31:00.0611 4688 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:31:00.0621 4688 gupdatem - ok 09:31:00.0671 4688 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 09:31:00.0691 4688 gusvc - ok 09:31:00.0736 4688 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 09:31:00.0811 4688 HDAudBus - ok 09:31:00.0841 4688 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 09:31:00.0896 4688 HidBth - ok 09:31:00.0916 4688 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 09:31:00.0981 4688 HidIr - ok 09:31:01.0021 4688 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll 09:31:01.0076 4688 hidserv - ok 09:31:01.0111 4688 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 09:31:01.0156 4688 HidUsb - ok 09:31:01.0201 4688 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 09:31:01.0246 4688 hkmsvc - ok 09:31:01.0286 4688 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 09:31:01.0311 4688 HpCISSs - ok 09:31:01.0416 4688 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 09:31:01.0461 4688 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 09:31:01.0461 4688 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 09:31:01.0526 4688 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 09:31:01.0536 4688 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 09:31:01.0536 4688 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 09:31:01.0611 4688 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 09:31:01.0731 4688 HTTP - ok 09:31:01.0806 4688 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 09:31:01.0826 4688 i2omp - ok 09:31:01.0886 4688 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 09:31:01.0931 4688 i8042prt - ok 09:31:02.0026 4688 [ F148C2E931BFC20397EDC0A7B4F8E22B ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 09:31:02.0041 4688 IAANTMON - ok 09:31:02.0061 4688 [ 0B6C9C8F2E00E8B61C8379E62A9F921B ] iaStor C:\Windows\system32\drivers\iastor.sys 09:31:02.0086 4688 iaStor - ok 09:31:02.0146 4688 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 09:31:02.0181 4688 iaStorV - ok 09:31:02.0286 4688 [ 848EDEBB3C1D6FEC50E09EDA95C21E84 ] ICQ Service C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 09:31:02.0306 4688 ICQ Service - ok 09:31:02.0386 4688 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:31:02.0466 4688 idsvc - ok 09:31:02.0491 4688 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 09:31:02.0516 4688 iirsp - ok 09:31:02.0581 4688 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 09:31:02.0656 4688 IKEEXT - ok 09:31:02.0681 4688 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 09:31:02.0701 4688 intelide - ok 09:31:02.0736 4688 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 09:31:02.0771 4688 intelppm - ok 09:31:02.0806 4688 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 09:31:02.0861 4688 IPBusEnum - ok 09:31:02.0921 4688 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:31:02.0961 4688 IpFilterDriver - ok 09:31:03.0021 4688 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 09:31:03.0076 4688 iphlpsvc - ok 09:31:03.0076 4688 IpInIp - ok 09:31:03.0211 4688 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 09:31:03.0246 4688 IPMIDRV - ok 09:31:03.0266 4688 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 09:31:03.0316 4688 IPNAT - ok 09:31:03.0331 4688 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 09:31:03.0376 4688 IRENUM - ok 09:31:03.0416 4688 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 09:31:03.0431 4688 isapnp - ok 09:31:03.0486 4688 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 09:31:03.0501 4688 iScsiPrt - ok 09:31:03.0536 4688 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 09:31:03.0551 4688 iteatapi - ok 09:31:03.0571 4688 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 09:31:03.0586 4688 iteraid - ok 09:31:03.0601 4688 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 09:31:03.0616 4688 kbdclass - ok 09:31:03.0681 4688 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 09:31:03.0721 4688 kbdhid - ok 09:31:03.0741 4688 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 09:31:03.0776 4688 KeyIso - ok 09:31:03.0836 4688 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 09:31:03.0911 4688 KSecDD - ok 09:31:03.0936 4688 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 09:31:03.0976 4688 ksthunk - ok 09:31:04.0061 4688 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 09:31:04.0111 4688 KtmRm - ok 09:31:04.0191 4688 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll 09:31:04.0241 4688 LanmanServer - ok 09:31:04.0321 4688 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 09:31:04.0366 4688 LanmanWorkstation - ok 09:31:04.0386 4688 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 09:31:04.0466 4688 lltdio - ok 09:31:04.0506 4688 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 09:31:04.0621 4688 lltdsvc - ok 09:31:04.0646 4688 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 09:31:04.0701 4688 lmhosts - ok 09:31:04.0761 4688 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 09:31:04.0786 4688 LSI_FC - ok 09:31:04.0831 4688 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 09:31:04.0856 4688 LSI_SAS - ok 09:31:04.0906 4688 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 09:31:04.0931 4688 LSI_SCSI - ok 09:31:04.0961 4688 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 09:31:05.0026 4688 luafv - ok 09:31:05.0101 4688 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 09:31:05.0131 4688 McComponentHostService - ok 09:31:05.0166 4688 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 09:31:05.0191 4688 Mcx2Svc - ok 09:31:05.0216 4688 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 09:31:05.0241 4688 megasas - ok 09:31:05.0291 4688 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 09:31:05.0336 4688 MegaSR - ok 09:31:05.0371 4688 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 09:31:05.0431 4688 MMCSS - ok 09:31:05.0461 4688 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 09:31:05.0511 4688 Modem - ok 09:31:05.0521 4688 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 09:31:05.0576 4688 monitor - ok 09:31:05.0591 4688 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 09:31:05.0606 4688 mouclass - ok 09:31:05.0636 4688 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 09:31:05.0696 4688 mouhid - ok 09:31:05.0731 4688 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 09:31:05.0746 4688 MountMgr - ok 09:31:05.0806 4688 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 09:31:05.0826 4688 MozillaMaintenance - ok 09:31:05.0866 4688 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 09:31:05.0886 4688 mpio - ok 09:31:05.0911 4688 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 09:31:05.0966 4688 mpsdrv - ok 09:31:06.0016 4688 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 09:31:06.0091 4688 MpsSvc - ok 09:31:06.0141 4688 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 09:31:06.0171 4688 Mraid35x - ok 09:31:06.0226 4688 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 09:31:06.0256 4688 MRxDAV - ok 09:31:06.0316 4688 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 09:31:06.0356 4688 mrxsmb - ok 09:31:06.0416 4688 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:31:06.0461 4688 mrxsmb10 - ok 09:31:06.0501 4688 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:31:06.0546 4688 mrxsmb20 - ok 09:31:06.0581 4688 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys 09:31:06.0596 4688 msahci - ok 09:31:06.0646 4688 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 09:31:06.0666 4688 msdsm - ok 09:31:06.0706 4688 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 09:31:06.0761 4688 MSDTC - ok 09:31:06.0791 4688 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 09:31:06.0841 4688 Msfs - ok 09:31:06.0886 4688 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 09:31:06.0901 4688 msisadrv - ok 09:31:06.0941 4688 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 09:31:06.0996 4688 MSiSCSI - ok 09:31:07.0001 4688 msiserver - ok 09:31:07.0036 4688 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 09:31:07.0086 4688 MSKSSRV - ok 09:31:07.0096 4688 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 09:31:07.0146 4688 MSPCLOCK - ok 09:31:07.0166 4688 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 09:31:07.0206 4688 MSPQM - ok 09:31:07.0286 4688 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 09:31:07.0356 4688 MsRPC - ok 09:31:07.0361 4688 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 09:31:07.0376 4688 mssmbios - ok 09:31:07.0401 4688 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 09:31:07.0436 4688 MSTEE - ok 09:31:07.0456 4688 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 09:31:07.0486 4688 Mup - ok 09:31:07.0556 4688 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 09:31:07.0586 4688 napagent - ok 09:31:07.0641 4688 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 09:31:07.0681 4688 NativeWifiP - ok 09:31:07.0746 4688 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 09:31:07.0796 4688 NDIS - ok 09:31:07.0846 4688 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 09:31:07.0891 4688 NdisTapi - ok 09:31:07.0921 4688 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 09:31:07.0986 4688 Ndisuio - ok 09:31:08.0041 4688 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 09:31:08.0096 4688 NdisWan - ok 09:31:08.0156 4688 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 09:31:08.0221 4688 NDProxy - ok 09:31:08.0291 4688 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 09:31:08.0301 4688 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:31:08.0301 4688 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:31:08.0321 4688 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 09:31:08.0396 4688 NetBIOS - ok 09:31:08.0441 4688 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 09:31:08.0471 4688 netbt - ok 09:31:08.0506 4688 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 09:31:08.0516 4688 Netlogon - ok 09:31:08.0661 4688 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 09:31:08.0736 4688 Netman - ok 09:31:08.0811 4688 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 09:31:08.0896 4688 netprofm - ok 09:31:08.0996 4688 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:31:09.0016 4688 NetTcpPortSharing - ok 09:31:09.0161 4688 [ F17EDA58C8C5B1A4F873B322729168FF ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys 09:31:10.0331 4688 NETw5v64 - ok 09:31:10.0441 4688 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 09:31:10.0466 4688 nfrd960 - ok 09:31:10.0501 4688 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 09:31:10.0561 4688 NlaSvc - ok 09:31:10.0631 4688 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 09:31:10.0741 4688 Npfs - ok 09:31:10.0751 4688 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 09:31:10.0851 4688 nsi - ok 09:31:10.0886 4688 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 09:31:10.0941 4688 nsiproxy - ok 09:31:11.0071 4688 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 09:31:11.0291 4688 Ntfs - ok 09:31:11.0316 4688 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 09:31:11.0401 4688 Null - ok 09:31:11.0431 4688 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 09:31:11.0451 4688 nvraid - ok 09:31:11.0471 4688 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 09:31:11.0486 4688 nvstor - ok 09:31:11.0571 4688 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 09:31:11.0591 4688 nv_agp - ok 09:31:11.0596 4688 NwlnkFlt - ok 09:31:11.0601 4688 NwlnkFwd - ok 09:31:11.0631 4688 [ 404B0121AE1A75D9A63B6934EB07C258 ] OA013Ufd C:\Windows\system32\DRIVERS\OA013Ufd.sys 09:31:11.0681 4688 OA013Ufd - ok 09:31:11.0711 4688 [ 650BCC8FF8ED939F3F79D1E8A1CF0595 ] OA013Vid C:\Windows\system32\DRIVERS\OA013Vid.sys 09:31:11.0811 4688 OA013Vid - ok 09:31:11.0881 4688 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 09:31:11.0901 4688 odserv - ok 09:31:11.0961 4688 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 09:31:12.0056 4688 ohci1394 - ok 09:31:12.0121 4688 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:31:12.0136 4688 ose - ok 09:31:12.0241 4688 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 09:31:12.0361 4688 p2pimsvc - ok 09:31:12.0371 4688 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 09:31:12.0396 4688 p2psvc - ok 09:31:12.0426 4688 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 09:31:12.0581 4688 Parport - ok 09:31:12.0836 4688 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 09:31:12.0861 4688 partmgr - ok 09:31:12.0931 4688 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 09:31:13.0021 4688 PcaSvc - ok 09:31:13.0206 4688 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 09:31:13.0246 4688 pci - ok 09:31:13.0656 4688 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys 09:31:13.0696 4688 pciide - ok 09:31:13.0706 4688 PCLEPCI - ok 09:31:13.0761 4688 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 09:31:13.0776 4688 pcmcia - ok 09:31:14.0086 4688 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 09:31:15.0276 4688 PEAUTH - ok 09:31:15.0426 4688 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 09:31:15.0461 4688 PerfHost - ok 09:31:15.0571 4688 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 09:31:15.0846 4688 pla - ok 09:31:15.0936 4688 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 09:31:15.0976 4688 PlugPlay - ok 09:31:16.0061 4688 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 09:31:16.0091 4688 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:31:16.0091 4688 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:31:16.0221 4688 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 09:31:16.0246 4688 PNRPAutoReg - ok 09:31:16.0361 4688 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 09:31:16.0436 4688 PNRPsvc - ok 09:31:16.0531 4688 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 09:31:16.0621 4688 PolicyAgent - ok 09:31:16.0916 4688 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 09:31:17.0171 4688 PptpMiniport - ok 09:31:17.0566 4688 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys 09:31:18.0056 4688 Processor - ok 09:31:18.0281 4688 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 09:31:18.0316 4688 ProfSvc - ok 09:31:18.0341 4688 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 09:31:18.0351 4688 ProtectedStorage - ok 09:31:18.0586 4688 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 09:31:18.0616 4688 PSched - ok 09:31:18.0766 4688 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 09:31:18.0776 4688 PxHlpa64 - ok 09:31:18.0856 4688 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 09:31:18.0976 4688 ql2300 - ok 09:31:19.0066 4688 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 09:31:19.0096 4688 ql40xx - ok 09:31:19.0166 4688 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 09:31:19.0281 4688 QWAVE - ok 09:31:19.0311 4688 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 09:31:19.0346 4688 QWAVEdrv - ok 09:31:19.0571 4688 [ A4379447148EE55330768CC491EE999E ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys 09:31:20.0116 4688 R300 - ok 09:31:20.0211 4688 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 09:31:20.0541 4688 RasAcd - ok 09:31:20.0576 4688 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 09:31:20.0616 4688 RasAuto - ok 09:31:20.0781 4688 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 09:31:21.0236 4688 Rasl2tp - ok 09:31:21.0531 4688 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 09:31:21.0611 4688 RasMan - ok 09:31:21.0761 4688 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 09:31:21.0926 4688 RasPppoe - ok 09:31:22.0051 4688 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 09:31:22.0111 4688 RasSstp - ok 09:31:22.0366 4688 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 09:31:22.0426 4688 rdbss - ok 09:31:22.0481 4688 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 09:31:22.0531 4688 RDPCDD - ok 09:31:22.0686 4688 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 09:31:22.0836 4688 rdpdr - ok 09:31:22.0951 4688 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 09:31:23.0181 4688 RDPENCDD - ok 09:31:23.0566 4688 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 09:31:24.0306 4688 RDPWD - ok 09:31:24.0391 4688 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 09:31:24.0486 4688 RemoteAccess - ok 09:31:25.0211 4688 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 09:31:25.0316 4688 RemoteRegistry - ok 09:31:25.0446 4688 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 09:31:26.0296 4688 RpcLocator - ok 09:31:26.0701 4688 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 09:31:26.0791 4688 RpcSs - ok 09:31:27.0836 4688 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 09:31:27.0871 4688 rspndr - ok 09:31:27.0921 4688 [ 39E74E264338934DBF11F8DB79A3E116 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS 09:31:28.0816 4688 RTSTOR - ok 09:31:29.0171 4688 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 09:31:29.0206 4688 SamSs - ok 09:31:29.0256 4688 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 09:31:29.0301 4688 sbp2port - ok 09:31:30.0681 4688 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 09:31:30.0911 4688 SCardSvr - ok 09:31:31.0106 4688 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 09:31:32.0601 4688 Schedule - ok 09:31:32.0921 4688 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 09:31:32.0951 4688 SCPolicySvc - ok 09:31:33.0011 4688 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 09:31:33.0196 4688 SDRSVC - ok 09:31:33.0211 4688 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 09:31:33.0291 4688 secdrv - ok 09:31:34.0861 4688 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 09:31:34.0896 4688 seclogon - ok 09:31:35.0041 4688 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 09:31:35.0086 4688 SENS - ok 09:31:35.0166 4688 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 09:31:35.0286 4688 Serenum - ok 09:31:35.0386 4688 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 09:31:35.0516 4688 Serial - ok 09:31:35.0541 4688 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 09:31:35.0681 4688 sermouse - ok 09:31:35.0966 4688 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 09:31:36.0436 4688 SessionEnv - ok 09:31:36.0481 4688 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 09:31:36.0601 4688 sffdisk - ok 09:31:37.0151 4688 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 09:31:37.0676 4688 sffp_mmc - ok 09:31:38.0076 4688 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 09:31:38.0446 4688 sffp_sd - ok 09:31:38.0616 4688 [ 40567781F0785C4A69411D1B40DA8987 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 09:31:38.0656 4688 sfloppy - ok 09:31:38.0761 4688 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 09:31:38.0866 4688 SharedAccess - ok 09:31:38.0951 4688 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 09:31:39.0041 4688 ShellHWDetection - ok 09:31:39.0076 4688 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 09:31:39.0096 4688 SiSRaid2 - ok 09:31:39.0151 4688 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 09:31:39.0171 4688 SiSRaid4 - ok 09:31:39.0296 4688 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 09:31:39.0356 4688 SkypeUpdate - ok 09:31:39.0456 4688 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 09:31:40.0091 4688 slsvc - ok 09:31:40.0201 4688 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 09:31:40.0236 4688 SLUINotify - ok 09:31:40.0656 4688 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 09:31:40.0721 4688 Smb - ok 09:31:40.0871 4688 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 09:31:40.0921 4688 SNMPTRAP - ok 09:31:41.0091 4688 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 09:31:41.0106 4688 spldr - ok 09:31:41.0321 4688 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 09:31:41.0511 4688 Spooler - ok 09:31:41.0746 4688 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 09:31:41.0761 4688 sprtsvc_DellSupportCenter - ok 09:31:41.0891 4688 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 09:31:42.0241 4688 srv - ok 09:31:42.0306 4688 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 09:31:42.0421 4688 srv2 - ok 09:31:42.0706 4688 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 09:31:42.0756 4688 srvnet - ok 09:31:43.0036 4688 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 09:31:43.0096 4688 SSDPSRV - ok 09:31:43.0766 4688 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 09:31:43.0801 4688 SstpSvc - ok 09:31:44.0176 4688 [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe 09:31:44.0201 4688 STacSV - ok 09:31:44.0496 4688 StarOpen - ok 09:31:44.0531 4688 [ BA16447226ABFD342E130D2F24F73D32 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 09:31:44.0581 4688 STHDA - ok 09:31:44.0841 4688 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 09:31:45.0166 4688 stisvc - ok 09:31:45.0236 4688 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 09:31:45.0256 4688 stllssvr - ok 09:31:45.0451 4688 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 09:31:46.0176 4688 swenum - ok 09:31:46.0301 4688 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 09:31:46.0401 4688 swprv - ok 09:31:46.0416 4688 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 09:31:46.0431 4688 Symc8xx - ok 09:31:46.0501 4688 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 09:31:46.0516 4688 Sym_hi - ok 09:31:46.0681 4688 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 09:31:46.0721 4688 Sym_u3 - ok 09:31:46.0921 4688 [ D783E043FCD2F152488B3F09640835BF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 09:31:48.0881 4688 SynTP - ok 09:31:49.0031 4688 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 09:31:49.0216 4688 SysMain - ok 09:31:49.0446 4688 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 09:31:49.0506 4688 TabletInputService - ok 09:31:49.0766 4688 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 09:31:49.0831 4688 TapiSrv - ok 09:31:49.0891 4688 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 09:31:49.0986 4688 TBS - ok 09:31:50.0441 4688 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys 09:31:51.0941 4688 Tcpip - ok 09:31:52.0006 4688 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 09:31:52.0246 4688 Tcpip6 - ok 09:31:52.0496 4688 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 09:31:52.0706 4688 tcpipreg - ok 09:31:52.0746 4688 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 09:31:53.0031 4688 TDPIPE - ok 09:31:53.0061 4688 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 09:31:53.0146 4688 TDTCP - ok 09:31:53.0276 4688 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 09:31:53.0586 4688 tdx - ok 09:31:53.0716 4688 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 09:31:53.0731 4688 TermDD - ok 09:31:53.0946 4688 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 09:31:54.0191 4688 TermService - ok 09:31:54.0231 4688 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 09:31:54.0276 4688 Themes - ok 09:31:54.0316 4688 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 09:31:54.0351 4688 THREADORDER - ok 09:31:54.0386 4688 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 09:31:54.0441 4688 TrkWks - ok 09:31:54.0696 4688 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 09:31:54.0726 4688 TrustedInstaller - ok 09:31:54.0781 4688 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 09:31:54.0816 4688 tssecsrv - ok 09:31:55.0031 4688 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 09:31:55.0376 4688 tunmp - ok 09:31:55.0716 4688 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 09:31:55.0746 4688 tunnel - ok 09:31:56.0146 4688 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 09:31:56.0191 4688 uagp35 - ok 09:31:56.0256 4688 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 09:31:56.0541 4688 udfs - ok 09:31:56.0776 4688 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 09:31:56.0871 4688 UI0Detect - ok 09:31:56.0996 4688 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 09:31:57.0046 4688 uliagpkx - ok 09:31:57.0251 4688 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 09:31:57.0551 4688 uliahci - ok 09:31:57.0811 4688 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 09:31:57.0966 4688 UlSata - ok 09:31:58.0006 4688 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 09:31:58.0091 4688 ulsata2 - ok 09:31:58.0196 4688 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 09:31:58.0231 4688 umbus - ok 09:31:58.0296 4688 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 09:31:58.0376 4688 upnphost - ok 09:31:58.0496 4688 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 09:31:58.0576 4688 usbaudio - ok 09:31:58.0636 4688 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 09:31:58.0696 4688 usbccgp - ok 09:31:58.0781 4688 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 09:31:58.0891 4688 usbcir - ok 09:31:58.0931 4688 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 09:31:59.0001 4688 usbehci - ok 09:31:59.0056 4688 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 09:31:59.0161 4688 usbhub - ok 09:31:59.0216 4688 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys 09:31:59.0301 4688 usbohci - ok 09:31:59.0381 4688 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 09:31:59.0416 4688 usbprint - ok 09:31:59.0461 4688 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 09:31:59.0496 4688 usbscan - ok 09:31:59.0566 4688 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 09:31:59.0636 4688 USBSTOR - ok 09:31:59.0671 4688 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 09:31:59.0696 4688 usbuhci - ok 09:31:59.0746 4688 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 09:31:59.0786 4688 usbvideo - ok 09:31:59.0846 4688 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 09:31:59.0871 4688 UxSms - ok 09:31:59.0951 4688 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 09:31:59.0986 4688 vds - ok 09:32:00.0061 4688 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 09:32:00.0106 4688 vga - ok 09:32:00.0126 4688 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 09:32:00.0201 4688 VgaSave - ok 09:32:00.0256 4688 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 09:32:00.0271 4688 viaide - ok 09:32:00.0296 4688 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 09:32:00.0316 4688 volmgr - ok 09:32:00.0376 4688 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 09:32:00.0431 4688 volmgrx - ok 09:32:00.0486 4688 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys 09:32:00.0516 4688 volsnap - ok 09:32:00.0566 4688 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 09:32:00.0586 4688 vsmraid - ok 09:32:00.0671 4688 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 09:32:00.0806 4688 VSS - ok 09:32:00.0896 4688 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 09:32:00.0941 4688 W32Time - ok 09:32:00.0996 4688 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 09:32:01.0121 4688 WacomPen - ok 09:32:01.0161 4688 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 09:32:01.0251 4688 Wanarp - ok 09:32:01.0256 4688 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 09:32:01.0281 4688 Wanarpv6 - ok 09:32:01.0321 4688 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 09:32:01.0366 4688 wcncsvc - ok 09:32:01.0421 4688 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 09:32:01.0456 4688 WcsPlugInService - ok 09:32:01.0536 4688 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 09:32:01.0551 4688 Wd - ok 09:32:01.0621 4688 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 09:32:01.0706 4688 Wdf01000 - ok 09:32:01.0731 4688 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 09:32:01.0776 4688 WdiServiceHost - ok 09:32:01.0781 4688 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 09:32:01.0811 4688 WdiSystemHost - ok 09:32:01.0826 4688 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 09:32:01.0926 4688 WebClient - ok 09:32:01.0966 4688 WebOptimizer - ok 09:32:02.0006 4688 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 09:32:02.0081 4688 Wecsvc - ok 09:32:02.0136 4688 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 09:32:02.0166 4688 wercplsupport - ok 09:32:02.0186 4688 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 09:32:02.0221 4688 WerSvc - ok 09:32:02.0256 4688 WinDefend - ok 09:32:02.0266 4688 WinHttpAutoProxySvc - ok 09:32:02.0396 4688 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 09:32:02.0456 4688 Winmgmt - ok 09:32:02.0566 4688 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 09:32:02.0721 4688 WinRM - ok 09:32:02.0781 4688 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 09:32:02.0951 4688 Wlansvc - ok 09:32:03.0016 4688 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 09:32:03.0046 4688 WmiAcpi - ok 09:32:03.0146 4688 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 09:32:03.0191 4688 wmiApSrv - ok 09:32:03.0261 4688 WMPNetworkSvc - ok 09:32:03.0316 4688 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 09:32:03.0421 4688 WPCSvc - ok 09:32:03.0486 4688 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 09:32:03.0536 4688 WPDBusEnum - ok 09:32:03.0571 4688 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 09:32:03.0601 4688 WpdUsb - ok 09:32:03.0806 4688 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 09:32:03.0856 4688 WPFFontCache_v0400 - ok 09:32:03.0886 4688 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 09:32:03.0961 4688 ws2ifsl - ok 09:32:04.0021 4688 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll 09:32:04.0046 4688 wscsvc - ok 09:32:04.0051 4688 WSearch - ok 09:32:04.0191 4688 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 09:32:04.0451 4688 wuauserv - ok 09:32:04.0551 4688 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 09:32:04.0586 4688 WudfPf - ok 09:32:04.0646 4688 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 09:32:04.0681 4688 WUDFRd - ok 09:32:04.0726 4688 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 09:32:04.0771 4688 wudfsvc - ok 09:32:04.0811 4688 [ D433F6726A727B0528F6E39F423FE1FD ] yksvc C:\Windows\System32\ykx64mpcoinst.dll 09:32:04.0961 4688 yksvc - ok 09:32:05.0106 4688 [ 541CBA0F3F679CC6E5ED4967F3FD4F6C ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys 09:32:05.0136 4688 yukonx64 - ok 09:32:05.0591 4688 ================ Scan global =============================== 09:32:05.0636 4688 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 09:32:05.0901 4688 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 09:32:06.0126 4688 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 09:32:06.0336 4688 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 09:32:06.0341 4688 [Global] - ok 09:32:06.0341 4688 ================ Scan MBR ================================== 09:32:06.0381 4688 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0 09:32:09.0691 4688 \Device\Harddisk0\DR0 - ok 09:32:09.0691 4688 ================ Scan VBR ================================== 09:32:09.0731 4688 [ A4B2AC1F4D0F66F038EDE522B0E4FC44 ] \Device\Harddisk0\DR0\Partition1 09:32:09.0731 4688 \Device\Harddisk0\DR0\Partition1 - ok 09:32:09.0946 4688 [ 220E408EF416370A9ED28B0369A3312C ] \Device\Harddisk0\DR0\Partition2 09:32:09.0951 4688 \Device\Harddisk0\DR0\Partition2 - ok 09:32:09.0951 4688 ============================================================ 09:32:09.0951 4688 Scan finished 09:32:09.0951 4688 ============================================================ 09:32:09.0981 3680 Detected object count: 6 09:32:09.0981 3680 Actual detected object count: 6 09:32:30.0131 3680 Application Updater ( UnsignedFile.Multi.Generic ) - skipped by user 09:32:30.0131 3680 Application Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:32:30.0136 3680 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 09:32:30.0136 3680 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:32:30.0136 3680 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 09:32:30.0136 3680 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:32:30.0141 3680 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 09:32:30.0141 3680 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:32:30.0146 3680 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:32:30.0146 3680 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:32:30.0151 3680 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:32:30.0151 3680 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
21.01.2013, 14:03
| #8 | |
| /// Malware-holic | GVU-Trojaner hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 15:21
| #9 |
| | GVU-Trojaner Hier der Text der ComboFix-Datei Combofix Logfile: Code:
ATTFilter ComboFix 13-01-21.01 - Markus 21.01.2013 14:49:32.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4091.1652 [GMT 1:00]
ausgeführt von:: c:\users\Markus\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\100
c:\users\Markus\AppData\Roaming\instplugin\toOLbar.dll
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-21 bis 2013-01-21 ))))))))))))))))))))))))))))))
.
.
2013-01-21 13:56 . 2013-01-21 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-21 13:44 . 2013-01-21 13:47 -------- d-----w- C:\32788R22FWJFW
2013-01-20 19:01 . 2013-01-20 19:17 -------- d-----w- C:\_OTL
2013-01-18 09:16 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63292C87-1D22-45A6-B2B2-5E5AE2E34E87}\mpengine.dll
2013-01-15 10:25 . 2013-01-15 10:28 -------- d-----w- c:\programdata\Deutsche Post AG
2013-01-09 12:50 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 12:50 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 12:50 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 12:50 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 12:50 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 12:50 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 12:50 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 12:50 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
2012-12-31 13:45 . 2012-12-31 13:45 -------- d-----w- c:\program files (x86)\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 08:32 . 2012-10-11 10:19 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 08:32 . 2011-06-18 08:15 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 09:37 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2012-12-16 13:31 . 2012-12-21 08:13 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-21 08:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-21 08:13 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-21 08:13 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-11-14 07:06 . 2012-12-14 07:33 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 07:33 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 07:33 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 07:33 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 07:33 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 07:33 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 07:33 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 07:33 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 07:33 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 07:33 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 07:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 07:33 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 07:33 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 07:33 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 07:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 07:33 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 07:33 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 07:33 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 07:33 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 07:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 07:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 07:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-13 09:04 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-13 09:04 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 10:45 . 2012-12-13 09:04 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-13 09:04 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-13 09:04 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-13 09:04 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-13 09:04 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2006-05-03 09:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4a8f88b8-4a70-41bd-bc89-385c364116d9}"= "c:\program files (x86)\NHL\prxtbNH0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{4a8f88b8-4a70-41bd-bc89-385c364116d9}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4a8f88b8-4a70-41bd-bc89-385c364116d9}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\NHL\prxtbNH0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2012-11-28 15:42 1230216 ----a-w- c:\program files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4a8f88b8-4a70-41bd-bc89-385c364116d9}"= "c:\program files (x86)\NHL\prxtbNH0.dll" [2011-01-17 175912]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll" [2012-11-28 1230216]
.
[HKEY_CLASSES_ROOT\clsid\{4a8f88b8-4a70-41bd-bc89-385c364116d9}]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-11-28 1123720]
.
c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2011-5-11 537968]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-05-11 89600]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 93054430
*Deregistered* - 93054430
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-13 13:43]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-13 13:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-08 1780520]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 172.18.0.1:3128
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 10.131.0.1
FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\hw2xlp1f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?tab=wm#inbox
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.ftp - 172.18.0.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 172.18.0.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 172.18.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.18.0.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.18.0.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-07 10:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-10-24 22:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 223df3310000000000000022fb9eb9cc
FF - user.js: extensions.softonic_i.instlDay - 15394
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.521:24
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 223df3310000000000000022fb9eb9cc
FF - user.js: extensions.BabylonToolbar_i.hardId - 223df3310000000000000022fb9eb9cc
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15396
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyECFrMuY&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 223df3310000000000000022fb9eb9cc
FF - user.js: extensions.incredibar_i.instlDay - 15502
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:08
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyECFrMuY
FF - user.js: extensions.incredibar_i.upn2n - 92261566888359224
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10657
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 223df3310000000000000022fb9eb9cc
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15683
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1017:31
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\Web Assistant\Extension32.dll
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - c:\users\Markus\AppData\Roaming\instplugin\toolbar.dll
Toolbar-{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{4A8F88B8-4A70-41BD-BC89-385C364116D9} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-01-21 15:04:28
ComboFix-quarantined-files.txt 2013-01-21 14:04
.
Vor Suchlauf: 15 Verzeichnis(se), 287.009.337.344 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 285.838.372.864 Bytes frei
.
- - End Of File - - 68AD582E22CB215C8689FD1D2E9EE214
|
|
21.01.2013, 19:05
| #10 |
| /// Malware-holic | GVU-Trojaner hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 19:15
| #11 |
| | GVU-Trojaner OK, die Liste hab ich - muss ich das direkt hinter den Programmnamen schreiben oder hinter das Datum und die Dateigröße die da noch dahinter stehen? Nur um sicher zu gehen |
|
21.01.2013, 20:04
| #12 |
| /// Malware-holic | GVU-Trojaner hinter die Programm informationen bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 20:08
| #13 |
| | GVU-Trojaner OK, hier sind ist die Liste... ist fast alles notwenig 7-Zip 9.20 17.03.2011 3,53MB notwendig abramania - poker duell - freeware 1.0 15.11.2012 1.0 notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 18.06.2011 10.3.181.26 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 17.01.2013 11.5.502.146 notwendig Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 10.01.2013 121MB 10.1.5 notwendig Advanced Audio FX Engine Creative Technology Ltd 20.08.2009 112KB 1.12.05 notwendig Amazon MP3-Downloader 1.0.5 08.01.2010 1,67MB notwendig Anno 1701 Demo Sunflowers 24.02.2012 797MB 1.00 notwendig Apple Application Support Apple Inc. 29.05.2012 61,0MB 2.1.7 notwendig Apple Software Update Apple Inc. 17.11.2011 2,38MB 2.1.3.127 notwendig ATI Catalyst Control Center 20.08.2009 24,0KB 2.008.1210.1622 notwendig Avira Free Antivirus Avira 14.11.2012 71,7MB 12.1.9.1236 notwendig Blue Byte Game Channel UbiSoft 27.12.2009 2,09MB notwendig CCleaner Piriform 19.12.2012 10,4MB 3.26 notwendig CicloTour 3.02 CicloSport 16.12.2011 5,86MB 3.02 notwendig CicloTrainer 5.00 CicloSport : http:\\Startseite - ciclosport.com 04.11.2010 4,52MB 5 notwendig Dell DataSafe Online Dell, Inc. 20.08.2009 1.1.0029 notwendig Dell Dock Dell 20.08.2009 1.0.0 notwendig Dell Getting Started Guide Dell Inc. 20.08.2009 1.00.0000 notwendig Dell Support Center (Support Software) Dell 20.08.2009 2.5.09100 notwendig Dell Touchpad Synaptics Incorporated 20.08.2009 27,8MB 13.0.2.0 notwendig Dell Video Chat SightSpeed Inc. 20.08.2009 22,0MB 6.0 (6567) notwendig Dell Webcam Central Creative Technology Ltd 20.08.2009 64,3MB 1.20.10 notwendig Die Siedler IV 27.12.2009 261MB notwendig DivX DivX, Inc. 24.07.2010 1,63MB 6.2.2 notwendig Don't Get Angry! 2 Demo X-PRESSIVE.COM 01.09.2011 20,4MB notwendig Don't Get Angry! 3 (Trial) 1.06 Mike Dogan / X-PRESSIVE.COM Games & Multimedia 04.09.2011 113MB notwendig Dropbox Dropbox, Inc. 30.12.2012 27,8MB 1.6.11 notwendig Dynamic-Photo HDR Trial 4.5 Mediachance 23.10.2009 21,9MB notwendig EA.com Matchup 19.12.2009 2,43MB notwendig EA.com Update 19.12.2009 2,42MB notwendig GIMP 2.6.10 The GIMP Team 02.09.2010 112MB 2.6.10 notwendig Google Earth Google 22.11.2011 92,7MB 6.1.0.5001 notwendig Hactronic 1.82 CicloSport 04.11.2010 1,73MB 1.82 notwendig HP Customer Participation Program 11.0 HP 24.10.2009 147MB 11.0 notwendig HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 HP 24.10.2009 16,1MB 11.0 notwendig HP Imaging Device Functions 11.0 HP 24.10.2009 2,41MB 11.0 notwendig HP Photosmart Essential 3.0 HP 24.10.2009 2,39MB 3.0 notwendig HP Smart Web Printing HP 24.10.2009 8,50MB 4.0 notwendig HP Solution Center 11.0 HP 24.10.2009 2,39MB 11.0 notwendig HP Update Hewlett-Packard 13.12.2012 3,92MB 5.003.001.001 notwendig Hugin 0.7.0 (SVN 3465) Guido 10.12.2009 71,6MB 0.7.0.3465 notwendig ICQ Toolbar ICQ 27.08.2009 3.0.0 unnötig ICQ7.1 ICQ 24.04.2010 38,6MB 7.1 unnötig ImageMixer 3 SE Ver.6 Transfer Utility PIXELA 20.06.2011 15,1MB 6.00.017 notwendig ImageMixer 3 SE Ver.6 Video Tools PIXELA 20.06.2011 163MB 6.00.018 notwendig Integrated Webcam Driver (1.00.04.0310) Creative Technology Ltd. 16.12.2010 1.00.04.0310 notwendig Intel® Matrix Storage Manager Intel Corporation 20.08.2009 37,3MB notwendig Jasc Paint Shop Pro 8 Jasc Software Inc 10.12.2009 99,7MB 8.00.0000 notwendig Java(TM) 6 Update 13 (64-bit) Sun Microsystems, Inc. 20.08.2009 89,7MB 6.0.130 notwendig Java(TM) 6 Update 32 Oracle 15.05.2012 95,7MB 6.0.320 notwendig KaloMa 4.76 Frank Böpple 17.04.2010 2,33MB notwendig Live! Cam Avatar Creator Creative Technology Ltd 20.08.2009 170MB 4.6.2303.1 notwendig McAfee Security Scan Plus McAfee, Inc. 08.11.2011 9,38MB 2.0.181.2 notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 07.09.2009 42,2MB notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 30.04.2009 41,6MB notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.06.2012 189MB 4.0.30320 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 11.06.2012 46,4MB 4.0.30320 notwendig Microsoft Age of Empires II Trial Version 09.12.2012 80,4MB notwendig Microsoft Default Manager Microsoft Corporation 20.08.2009 2.0.69.0 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003 notwendig Microsoft Office Home and Student 2007 Microsoft Corporation 31.03.2012 294MB 12.0.6612.1000 notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 26.04.2012 506KB 2.0.4024.1 notwendig Microsoft Silverlight Microsoft Corporation 10.05.2012 4.1.10329.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 20.08.2009 1,74MB 3.1.0000 notwendig Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 20.08.2009 624KB 1.0.1215.0 notwendig Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 20.08.2009 1,44MB 1.0.1215.0 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 20.11.2009 251KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 294KB 8.0.61001 notwendig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 07.09.2009 199KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 27.08.2009 590KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 594KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.03.2012 16,5MB 10.0.40219 notwendig Mozilla Firefox 18.0.1 (x86 de) Mozilla 19.01.2013 45,4MB 18.0.1 notwendig Mozilla Maintenance Service Mozilla 19.01.2013 216KB 18.0.1 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.11.2009 1,27MB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 15.12.2009 1,33MB 4.20.9876.0 notwendig MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 03.10.2009 1,22MB 4.20.9818.0 notwendig NHL 2002 19.12.2009 345MB notwendig NHL Toolbar NHL 08.04.2011 3,96MB 6.3.2.17 notwendig Operation Flashpoint Demo uninstall 16.01.2010 90,5MB unnötig Picasa 3 Google, Inc. 03.01.2011 53,6MB 3.8 notwendig PokerTH Home - PokerTH - Community Portal 16.09.2012 47,3MB 0.9.5 notwendig PowerDVD DX Dell Corp. 20.08.2009 38,3MB 8.2.5024 notwendig Quickset Dell Inc. 20.08.2009 9.4.7 notwendig QuickTime Apple Inc. 29.05.2012 73,2MB 7.72.80.56 notwendig Roxio Creator DE Roxio 20.08.2009 18,0MB 10.1 notwendig SAMSUNG Mobile Composite Device Software 10.06.2012 unnötig SAMSUNG Mobile Modem Driver Set 10.06.2012 unnötig Samsung Mobile phone USB driver Software 10.06.2012 unnötig SAMSUNG Mobile USB Modem 1.0 Software 10.06.2012 unnötig SAMSUNG Mobile USB Modem Software 10.06.2012 unnötig Shop for HP Supplies HP 24.10.2009 147MB 11.0 notwendig Skype™ 6.0 Skype Technologies S.A. 23.11.2012 20,3MB 6.0.126 notwendig Stronghold Crusader 25.12.2009 653MB notwendig SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 eRightSoft 10.05.2011 36,9MB v2011.build.48 notwendig Veetle TV 0.9.18 Veetle, Inc 12.02.2011 10,0MB 0.9.18 notwendig VLC media player 1.0.5 VideoLAN Team 12.02.2010 76,1MB 1.0.5 notwendig vShare.tv plugin 1.3 vShare.tv, Inc. 06.11.2011 592KB 1.3 notwendig Web Assistant 2.0.0.478 IncrediBar 25.10.2012 2,11MB 2.0.0.478 notwendig Web Optimizer 22.08.2012 1.0.0.4 notwendig Windows Live Anmelde-Assistent Microsoft Corporation 07.09.2009 1,93MB 5.000.818.6 notwendig Windows Live Essentials Microsoft Corporation 20.08.2009 139MB 14.0.8050.1202 notwendig Windows Live Sync Microsoft Corporation 20.08.2009 2,79MB 14.0.8050.1202 notwendig Windows Live-Uploadtool Microsoft Corporation 20.08.2009 225KB 14.0.8014.1029 notwendig WinRAR 17.11.2010 3,78MB notwendig YTD Toolbar v6.6 Spigot, Inc. 04.12.2012 20,3MB 6.6 notwendig YTD Video Downloader 3.9.6 GreenTree Applications SRL 17.01.2013 9,63MB 3.9.6 notwendig Zattoo4 4.0.5 Zattoo Inc. 11.06.2012 39,8MB 4.0.5 notwendig |
|
21.01.2013, 20:16
| #14 |
| /// Malware-holic | GVU-Trojaner deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ICQ: beide Java: beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Operation SAMSUNG : alle YTD Toolbar : finger weg von toolbars, nur ein zusatzrisiko, und verlangsamen den Browser. Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 22:12
| #15 |
| | GVU-Trojaner # AdwCleaner v2.107 - Datei am 21/01/2013 um 22:11:38 erstellt # Aktualisiert am 21/01/2013 von Xplode # Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # Benutzer : Markus - WALL-E # Bootmodus : Normal # Ausgeführt unter : C:\Users\Markus\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : WebOptimizer ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Datei Gefunden : C:\user.js Datei Gefunden : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\hw2xlp1f.default\searchplugins\MyStart Search.xml Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar Ordner Gefunden : C:\Program Files (x86)\NHL Ordner Gefunden : C:\Program Files (x86)\v-Grabber Ordner Gefunden : C:\Program Files (x86)\vShare.tv plugin Ordner Gefunden : C:\Program Files\Web Assistant Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\IBUpdaterService Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar Ordner Gefunden : C:\ProgramData\InstallMate Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix Ordner Gefunden : C:\Users\Markus\AppData\Local\Babylon Ordner Gefunden : C:\Users\Markus\AppData\Local\Conduit Ordner Gefunden : C:\Users\Markus\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Markus\AppData\LocalLow\NHL Ordner Gefunden : C:\Users\Markus\AppData\LocalLow\PriceGong Ordner Gefunden : C:\Users\Markus\AppData\LocalLow\Softonic Ordner Gefunden : C:\Users\Markus\AppData\LocalLow\TheBflix Ordner Gefunden : C:\Users\Markus\AppData\Roaming\Babylon Ordner Gefunden : C:\Users\Markus\AppData\Roaming\instplugin Ordner Gefunden : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\hw2xlp1f.default\Conduit Ordner Gefunden : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\hw2xlp1f.default\ConduitCommon Ordner Gefunden : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\hw2xlp1f.default\CT2431245 Ordner Gefunden : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\hw2xlp1f.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} Ordner Gefunden : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\hw2xlp1f.default\extensions\ffxtlbra@softonic.com Ordner Gefunden : C:\Users\Markus\AppData\Roaming\PerformerSoft Ordner Gefunden : C:\Windows\SysWOW64\WNLT ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\APN PIP Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\NHL Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : HKCU\Software\IM Schlüssel Gefunden : HKCU\Software\ImInstaller Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NHL Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4A8F88B8-4A70-41BD-BC89-385C364116D9} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A8F88B8-4A70-41BD-BC89-385C364116D9} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D00318DE-6A22-4813-9066-719FDA1F1A42} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\StartSearch Schlüssel Gefunden : HKCU\Software\594dd8de23fef40 Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2395289 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\DataMngr Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D00318DE-6A22-4813-9066-719FDA1F1A42} Schlüssel Gefunden : HKLM\Software\NHL Schlüssel Gefunden : HKLM\Software\PIP Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\594dd8de23fef40 Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4A8F88B8-4A70-41BD-BC89-385C364116D9} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D00318DE-6A22-4813-9066-719FDA1F1A42} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CBAE76F-BDF2-4359-9B4B-403A676D4658} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A73C6A2-49D4-4DB1-ACF1-58E69EFE19E7} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A8F88B8-4A70-41BD-BC89-385C364116D9} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NHL Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant Schlüssel Gefunden : HKU\S-1-5-21-645264027-4063872082-1614495343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKU\S-1-5-21-645264027-4063872082-1614495343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gefunden : HKU\S-1-5-21-645264027-4063872082-1614495343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKU\S-1-5-21-645264027-4063872082-1614495343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4A8F88B8-4A70-41BD-BC89-385C364116D9}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4A8F88B8-4A70-41BD-BC89-385C364116D9}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4A8F88B8-4A70-41BD-BC89-385C364116D9}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4A8F88B8-4A70-41BD-BC89-385C364116D9}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd -\\ Mozilla Firefox v18.0.1 (de) Datei : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\hw2xlp1f.default\prefs.js Gefunden : user_pref("CT2431245..clientLogIsEnabled", true); Gefunden : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Gefunden : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Gefunden : user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Gefunden : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gefunden : user_pref("CT2431245.AppTrackingLastCheckTime", "Tue Nov 22 2011 20:14:42 GMT+0100"); Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129659302539581540", true); Gefunden : user_pref("CT2431245.CTID", "CT2431245"); Gefunden : user_pref("CT2431245.CommunitiesChangesLastCheckTime", "0"); Gefunden : user_pref("CT2431245.CurrentServerDate", "23-11-2011"); Gefunden : user_pref("CT2431245.DialogsAlignMode", "LTR"); Gefunden : user_pref("CT2431245.DialogsGetterLastCheckTime", "Tue Nov 22 2011 20:14:29 GMT+0100"); Gefunden : user_pref("CT2431245.DownloadReferralCookieData", ""); Gefunden : user_pref("CT2431245.EMailNotifierPollDate", "Fri Nov 04 2011 19:22:06 GMT+0100"); Gefunden : user_pref("CT2431245.EnableClickToSearchBox", false); Gefunden : user_pref("CT2431245.EnableSearchHistory", false); Gefunden : user_pref("CT2431245.EnableSearchSuggest", false); Gefunden : user_pref("CT2431245.FirstServerDate", "4-11-2011"); Gefunden : user_pref("CT2431245.FirstTime", true); Gefunden : user_pref("CT2431245.FirstTimeFF3", true); Gefunden : user_pref("CT2431245.FixPageNotFoundErrors", true); Gefunden : user_pref("CT2431245.GroupingInvalidateCache", false); Gefunden : user_pref("CT2431245.GroupingLastCheckTime", "0"); Gefunden : user_pref("CT2431245.GroupingLastServerUpdateTime", "0"); Gefunden : user_pref("CT2431245.GroupingServerCheckInterval", 1440); Gefunden : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gefunden : user_pref("CT2431245.HasUserGlobalKeys", true); Gefunden : user_pref("CT2431245.HomePageProtectorEnabled", false); Gefunden : user_pref("CT2431245.HomepageBeforeUnload", "hxxps://mail.google.com/mail/?hl=de&tab=wm#inbox"); Gefunden : user_pref("CT2431245.Initialize", true); Gefunden : user_pref("CT2431245.InitializeCommonPrefs", true); Gefunden : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3); Gefunden : user_pref("CT2431245.InstallationId", "integrated_CT2431245 .exe"); Gefunden : user_pref("CT2431245.InstallationType", "ConduitIntegration"); Gefunden : user_pref("CT2431245.InstalledDate", "Fri Nov 04 2011 13:44:17 GMT+0100"); Gefunden : user_pref("CT2431245.InvalidateCache", false); Gefunden : user_pref("CT2431245.IsAlertDBUpdated", true); Gefunden : user_pref("CT2431245.IsGrouping", false); Gefunden : user_pref("CT2431245.IsMulticommunity", false); Gefunden : user_pref("CT2431245.IsOpenThankYouPage", false); Gefunden : user_pref("CT2431245.IsOpenUninstallPage", true); Gefunden : user_pref("CT2431245.LanguagePackLastCheckTime", "Tue Nov 22 2011 20:14:29 GMT+0100"); Gefunden : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440); Gefunden : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gefunden : user_pref("CT2431245.LastLogin_3.2.1.3", "Sun Nov 06 2011 09:54:47 GMT+0100"); Gefunden : user_pref("CT2431245.LastLogin_3.7.0.6", "Tue Nov 08 2011 10:10:55 GMT+0100"); Gefunden : user_pref("CT2431245.LastLogin_3.8.0.8", "Wed Nov 23 2011 08:02:45 GMT+0100"); Gefunden : user_pref("CT2431245.LatestVersion", "3.5.0.12"); Gefunden : user_pref("CT2431245.Locale", "de-de"); Gefunden : user_pref("CT2431245.MCDetectTooltipHeight", "83"); Gefunden : user_pref("CT2431245.MCDetectTooltipShow", false); Gefunden : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gefunden : user_pref("CT2431245.MCDetectTooltipWidth", "295"); Gefunden : user_pref("CT2431245.MyStuffEnabledAtInstallation", true); Gefunden : user_pref("CT2431245.RadioIsPodcast", false); Gefunden : user_pref("CT2431245.RadioLastCheckTime", "0"); Gefunden : user_pref("CT2431245.RadioLastUpdateIPServer", "0"); Gefunden : user_pref("CT2431245.RadioLastUpdateServer", "0"); Gefunden : user_pref("CT2431245.RadioMediaID", "20503672"); Gefunden : user_pref("CT2431245.RadioMediaType", "Media Player"); Gefunden : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672"); Gefunden : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland"); Gefunden : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u"); Gefunden : user_pref("CT2431245.SHRINK_TOOLBAR", 1); Gefunden : user_pref("CT2431245.SavedHomepage", "hxxp://www.freemail.web.de/"); Gefunden : user_pref("CT2431245.SearchBackToDefaultEngine", false); Gefunden : user_pref("CT2431245.SearchBoxWidth", 113); Gefunden : user_pref("CT2431245.SearchEngineBeforeUnload", "softonic-de3 Customized Web Search"); Gefunden : user_pref("CT2431245.SearchFromAddressBarIsInit", true); Gefunden : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Gefunden : user_pref("CT2431245.SearchInNewTabEnabled", true); Gefunden : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440); Gefunden : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Tue Nov 22 2011 20:14:29 GMT+0100"); Gefunden : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gefunden : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Gefunden : user_pref("CT2431245.SearchInNewTabUserEnabled", false); Gefunden : user_pref("CT2431245.SearchProtectorEnabled", true); Gefunden : user_pref("CT2431245.SearchProtectorToolbarDisabled", false); Gefunden : user_pref("CT2431245.ServiceMapLastCheckTime", "Tue Nov 22 2011 20:14:29 GMT+0100"); Gefunden : user_pref("CT2431245.SettingsLastCheckTime", "Wed Nov 23 2011 10:15:34 GMT+0100"); Gefunden : user_pref("CT2431245.SettingsLastUpdate", "1321973227"); Gefunden : user_pref("CT2431245.ThirdPartyComponentsInterval", 504); Gefunden : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri Nov 04 2011 13:44:16 GMT+0100"); Gefunden : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255344657"); Gefunden : user_pref("CT2431245.ToolbarShrinkedFromSetup", false); Gefunden : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245"); Gefunden : user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Gefunden : user_pref("CT2431245.UserID", "UN91591143314002453"); Gefunden : user_pref("CT2431245.ValidationData_Search", 2); Gefunden : user_pref("CT2431245.ValidationData_Toolbar", 2); Gefunden : user_pref("CT2431245.WeatherNetwork", ""); Gefunden : user_pref("CT2431245.WeatherPollDate", "Sun Nov 06 2011 12:45:22 GMT+0100"); Gefunden : user_pref("CT2431245.WeatherUnit", "C"); Gefunden : user_pref("CT2431245.alertChannelId", "825452"); Gefunden : user_pref("CT2431245.approveUntrustedApps", false); Gefunden : user_pref("CT2431245.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e.:2z527", "2423"); Gefunden : user_pref("CT2431245.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e06cg5el8:", "6E6D6F726F7375746E77"); Gefunden : user_pref("CT2431245.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757875797B7A747D242F4B4947[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cj3befbj#nc&?j", "247E61393F236B25727479782A212C6E414F4[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cjeik4!lad", "247E61393F236B25767179732A212C6E414F444D3[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cjig=ki\"mbe", "247E61393F236B2574717829202B6D404E434C3[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Gefunden : user_pref("CT2431245.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...] Gefunden : user_pref("CT2431245.backendstorage./9b-0?3g>d", "3B3E6E6F426F72757A7272774A204C76204B252121504F2A21[...] Gefunden : user_pref("CT2431245.backendstorage./9b-0?3g@6:5;", ""); Gefunden : user_pref("CT2431245.backendstorage./9b-0?3gfa7ef", "2B2E2C3D"); Gefunden : user_pref("CT2431245.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...] Gefunden : user_pref("CT2431245.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); Gefunden : user_pref("CT2431245.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...] Gefunden : user_pref("CT2431245.backendstorage./9b5ba==9cjag", "6E693D69426E6E767A6F45717B4777484C4E207B7C"); Gefunden : user_pref("CT2431245.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F726F7375707170757274"); Gefunden : user_pref("CT2431245.backendstorage./9b9643g3/9e", "6A"); Gefunden : user_pref("CT2431245.backendstorage./9b<:222h64<", "393F352F3E"); Gefunden : user_pref("CT2431245.backendstorage./9b=+03eh8h8j?:", "4443"); Gefunden : user_pref("CT2431245.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Gefunden : user_pref("CT2431245.backendstorage./9b?b0d:8aj62<h", "6D"); Gefunden : user_pref("CT2431245.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Gefunden : user_pref("CT2431245.backendstorage.autocompletepro_enable", "31"); Gefunden : user_pref("CT2431245.backendstorage.autocompletepro_enable_auto", "30"); Gefunden : user_pref("CT2431245.backendstorage.facebook_mode", "32"); Gefunden : user_pref("CT2431245.backendstorage.facebook_user_locale", "6465"); Gefunden : user_pref("CT2431245.components.1000034", false); Gefunden : user_pref("CT2431245.components.1000082", false); Gefunden : user_pref("CT2431245.components.129009402593156547", false); Gefunden : user_pref("CT2431245.components.129009402595656583", false); Gefunden : user_pref("CT2431245.components.129453393919975934", false); Gefunden : user_pref("CT2431245.components.129453393922944692", false); Gefunden : user_pref("CT2431245.components.129453393923725944", false); Gefunden : user_pref("CT2431245.components.129453394044193841", false); Gefunden : user_pref("CT2431245.components.129460318377631679", false); Gefunden : user_pref("CT2431245.components.129530497903908208", false); Gefunden : user_pref("CT2431245.components.129530498480786171", false); Gefunden : user_pref("CT2431245.components.129633225487491098", false); Gefunden : user_pref("CT2431245.components.129659302539581540", false); Gefunden : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Gefunden : user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Wed Nov 23 2011 08:02:45 GMT+0100"); Gefunden : user_pref("CT2431245.homepageProtectorEnableByLogin", true); Gefunden : user_pref("CT2431245.initDone", true); Gefunden : user_pref("CT2431245.isAppTrackingManagerOn", true); Gefunden : user_pref("CT2431245.isSearchProtectorNotifyChanges", false); Gefunden : user_pref("CT2431245.myStuffEnabled", true); Gefunden : user_pref("CT2431245.myStuffPublihserMinWidth", 400); Gefunden : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gefunden : user_pref("CT2431245.myStuffServiceIntervalMM", 1440); Gefunden : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gefunden : user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129460318377631679,129[...] Gefunden : user_pref("CT2431245.revertSettingsEnabled", true); Gefunden : user_pref("CT2431245.searchProtectorDialogDelayInSec", 10); Gefunden : user_pref("CT2431245.searchProtectorEnableByLogin", true); Gefunden : user_pref("CT2431245.testingCtid", ""); Gefunden : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Tue Nov 22 2011 20:14:29 GMT+0100"); Gefunden : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Fri Nov 18 2011 14:22:39 GMT+0100"); Gefunden : user_pref("CT2431245.usageEnabled", false); Gefunden : user_pref("CT2431245.usagesFlag", 2); Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"2-207[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63455331608580[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2431245&octid=[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Gefunden : user_pref("CommunityToolbar.EngineOwner", ""); Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3"); Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Markus\\AppData\\Roaming\\Mozilla\\[...] Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8"); Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.10/gadget.html", [...] Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...] Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...] Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245"); Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"); Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3"); Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2431245"); Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245"); Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Nov 05 2011 16:09:50 GMT+0100"); Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gefunden : user_pref("CommunityToolbar.alert.locale", "en"); Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Nov 05 2011 17:11:35 GMT+0100"); Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false); Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Gefunden : user_pref("CommunityToolbar.alert.userId", "088e7e3f-ed92-469e-8df7-d1501428b297"); Gefunden : user_pref("CommunityToolbar.globalUserId", "d4e18509-866a-4ad6-a58e-d016ffa44b74"); Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Gefunden : user_pref("CommunityToolbar.killedEngine", true); Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Nov 21 2011 21:30:1[...] Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Nov 23 2011 08:02:53 GMT+010[...] Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gefunden : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Gefunden : user_pref("CommunityToolbar.notifications.locale", "en"); Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Nov 22 2011 20:14:30 GMT+0100"); Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Gefunden : user_pref("CommunityToolbar.notifications.userId", "84d30ac6-b5b6-472e-b865-74344e3f36cf"); Gefunden : user_pref("CommunityToolbar.undefined", ""); Gefunden : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search"); Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&Sea[...] Gefunden : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/?tab=wm#inbox"); Gefunden : user_pref("extensions.3499ur3ur4hfsudfs.scode", "\n(function(){var bdomains={\"search.babylon.com\":[...] Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100888"); Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "223df3310000000000000022fb9eb9cc"); Gefunden : user_pref("extensions.BabylonToolbar_i.id", "223df3310000000000000022fb9eb9cc"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15396"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true); Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114506&tt=491[...] Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:27:10"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Gefunden : user_pref("extensions.claro.admin", false); Gefunden : user_pref("extensions.claro.aflt", "babsst"); Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); Gefunden : user_pref("extensions.claro.dfltLng", "en"); Gefunden : user_pref("extensions.claro.excTlbr", false); Gefunden : user_pref("extensions.claro.id", "223df3310000000000000022fb9eb9cc"); Gefunden : user_pref("extensions.claro.instlDay", "15683"); Gefunden : user_pref("extensions.claro.instlRef", "sst"); Gefunden : user_pref("extensions.claro.prdct", "claro"); Gefunden : user_pref("extensions.claro.prtnrId", "claro"); Gefunden : user_pref("extensions.claro.tlbrId", "claro"); Gefunden : user_pref("extensions.claro.tlbrSrchUrl", ""); Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10"); Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10"); Gefunden : user_pref("extensions.claro_i.smplGrp", "none"); Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1017:31:53"); Gefunden : user_pref("extensions.incredibar.admin", false); Gefunden : user_pref("extensions.incredibar.aflt", "orgnl"); Gefunden : user_pref("extensions.incredibar.cntry", "DE"); Gefunden : user_pref("extensions.incredibar.dfltLng", ""); Gefunden : user_pref("extensions.incredibar.dfltSrch", false); Gefunden : user_pref("extensions.incredibar.did", "10657"); Gefunden : user_pref("extensions.incredibar.envrmnt", "production"); Gefunden : user_pref("extensions.incredibar.excTlbr", false); Gefunden : user_pref("extensions.incredibar.hdrMd5", "5169A3FB665C775B626531A64ABCA69B"); Gefunden : user_pref("extensions.incredibar.hmpg", false); Gefunden : user_pref("extensions.incredibar.id", "223df3310000000000000022fb9eb9cc"); Gefunden : user_pref("extensions.incredibar.installerproductid", "26"); Gefunden : user_pref("extensions.incredibar.instlDay", "15502"); Gefunden : user_pref("extensions.incredibar.instlRef", ""); Gefunden : user_pref("extensions.incredibar.isDcmntCmplt", true); Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1414:08:25"); Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Gefunden : user_pref("extensions.incredibar.newTab", false); Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false); Gefunden : user_pref("extensions.incredibar.ppd", ""); Gefunden : user_pref("extensions.incredibar.prdct", "incredibar"); Gefunden : user_pref("extensions.incredibar.productid", "26"); Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Gefunden : user_pref("extensions.incredibar.sg", "none"); Gefunden : user_pref("extensions.incredibar.smplGrp", "none"); Gefunden : user_pref("extensions.incredibar.tlbrId", "base"); Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyECFrMuY&loc=IB_T[...] Gefunden : user_pref("extensions.incredibar.upn2", "6OyECFrMuY"); Gefunden : user_pref("extensions.incredibar.upn2n", "92261566888359224"); Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1414:08:25"); Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl"); Gefunden : user_pref("extensions.incredibar_i.dfltLng", ""); Gefunden : user_pref("extensions.incredibar_i.did", "10657"); Gefunden : user_pref("extensions.incredibar_i.excTlbr", false); Gefunden : user_pref("extensions.incredibar_i.id", "223df3310000000000000022fb9eb9cc"); Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26"); Gefunden : user_pref("extensions.incredibar_i.instlDay", "15502"); Gefunden : user_pref("extensions.incredibar_i.instlRef", ""); Gefunden : user_pref("extensions.incredibar_i.ms_url_id", ""); Gefunden : user_pref("extensions.incredibar_i.newTab", false); Gefunden : user_pref("extensions.incredibar_i.ppd", ""); Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar"); Gefunden : user_pref("extensions.incredibar_i.productid", "26"); Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none"); Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base"); Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyECFrMuY&loc=IB[...] Gefunden : user_pref("extensions.incredibar_i.upn2", "6OyECFrMuY"); Gefunden : user_pref("extensions.incredibar_i.upn2n", "92261566888359224"); Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1414:08:25"); Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Gefunden : user_pref("extensions.softonic.admin", false); Gefunden : user_pref("extensions.softonic.aflt", "SD"); Gefunden : user_pref("extensions.softonic.dfltLng", "DE"); Gefunden : user_pref("extensions.softonic.dfltSrch", false); Gefunden : user_pref("extensions.softonic.excTlbr", false); Gefunden : user_pref("extensions.softonic.hmpg", false); Gefunden : user_pref("extensions.softonic.id", "223df3310000000000000022fb9eb9cc"); Gefunden : user_pref("extensions.softonic.instlDay", "15394"); Gefunden : user_pref("extensions.softonic.instlRef", "MON00015"); Gefunden : user_pref("extensions.softonic.lastVrsnTs", "1.5.11.521:24:33"); Gefunden : user_pref("extensions.softonic.newTab", false); Gefunden : user_pref("extensions.softonic.noFFXTlbr", false); Gefunden : user_pref("extensions.softonic.prdct", "softonic"); Gefunden : user_pref("extensions.softonic.prtnrId", "softonic"); Gefunden : user_pref("extensions.softonic.smplGrp", "eng7"); Gefunden : user_pref("extensions.softonic.tlbrId", "de12JANdefault"); Gefunden : user_pref("extensions.softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource[...] Gefunden : user_pref("extensions.softonic.vrsn", "1.5.11.5"); Gefunden : user_pref("extensions.softonic.vrsnTs", "1.5.11.521:24:33"); Gefunden : user_pref("extensions.softonic.vrsni", "1.5.11.5"); Gefunden : user_pref("extensions.softonic_i.aflt", "SD"); Gefunden : user_pref("extensions.softonic_i.dfltLng", "de"); Gefunden : user_pref("extensions.softonic_i.excTlbr", false); Gefunden : user_pref("extensions.softonic_i.id", "223df3310000000000000022fb9eb9cc"); Gefunden : user_pref("extensions.softonic_i.instlDay", "15394"); Gefunden : user_pref("extensions.softonic_i.instlRef", "MON00015"); Gefunden : user_pref("extensions.softonic_i.newTab", false); Gefunden : user_pref("extensions.softonic_i.prdct", "softonic"); Gefunden : user_pref("extensions.softonic_i.prtnrId", "softonic"); Gefunden : user_pref("extensions.softonic_i.smplGrp", "eng7"); Gefunden : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault"); Gefunden : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSour[...] Gefunden : user_pref("extensions.softonic_i.vrsn", "1.5.11.5"); Gefunden : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.521:24:33"); Gefunden : user_pref("extensions.softonic_i.vrsni", "1.5.11.5"); Gefunden : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="); -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [43078 octets] - [21/01/2013 22:11:38] ########## EOF - C:\AdwCleaner[R1].txt - [43139 octets] ########## |
|
| Themen zu GVU-Trojaner |
| abgesicherte, abgesicherten, abgesicherten modus, befallen, eindringling, eingefangen, einzige, ellung, gefangen, gen, gvu-trojaner, herzlichen, herzlichen dank, heulen, hilfestellung, loswerden, modus, rechner, schonmal, stunde |
Linear-Darstellung
