| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trj/Dtcontx.A - cgm.exe bzw. uninx84.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2013, 08:59
| #1 |
| |  Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe Hallo, ich habe seit ein paar Tagen ein Problem auf dem Rechner meiner Frau. Ein paar Minuten nach dem Start von Windows findet Panda Cloud einen Trojaner Dtcontx.A in der Datei cgm.exe und schiebt diese in die Quarantäne. Daraufhin meldet Windows, dass uninx84.exe nicht mehr funktionieren würde und meldet einen E/A-Fehler 105 in uninx84.de. Die cgm.exe befand sich im Ordner cgnew in den Eigenen Dokumenten. In diesem Ordner befinden sich einige DLLs, einige TXT-Dateien und ein Ordner "bitstream" Wenn in nun sowohl den Ordner cgnew als auch die Datei uninx84.de lösche und Windows dann neu starte, tauchen die beiden nach kurzer Zeit automatisch wieder auf und Panda schlägt wieder wegen der cgm.exe an. Habe nun schon ein paar Tools ausprobiert (Spy Doctor etc.) aber nichts hat geholfen. Hoffe, hier weiss jemand Rat... Danke schon einmal im vorraus... |
|
08.03.2013, 13:13
| #2 |
| /// Malware-holic   | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe Hi
__________________bitte nur noch das von uns gepostete einsetzen Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
08.03.2013, 14:44
| #3 |
| | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe Ich habe das System inzwischen mit "Anti-Malware" untersucht und er hat auch ein paar Sachen gefunden und seitdem ist das Problem auch nicht mehr aufgetreten.
__________________Hier nun trotzdem noch die Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.03.2013 14:05:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Didi\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,72% Memory free 5,98 Gb Paging File | 4,96 Gb Available in Paging File | 82,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,14 Gb Total Space | 6,29 Gb Free Space | 10,46% Space Free | Partition Type: NTFS Drive D: | 405,52 Gb Total Space | 97,77 Gb Free Space | 24,11% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: Didi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.08 09:01:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Didi\Downloads\OTL.exe PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.27 22:38:26 | 000,037,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe PRC - [2013.01.27 22:38:26 | 000,032,480 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe PRC - [2013.01.27 20:16:48 | 000,140,512 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.06.08 08:02:24 | 000,521,344 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Online Games Manager\ogmservice.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.09.15 09:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe PRC - [2010.09.15 09:33:32 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009.11.13 09:30:50 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.11.13 09:28:44 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.10.30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2009.08.06 16:59:52 | 000,381,440 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2008.02.27 13:35:42 | 000,498,792 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe ========== Modules (No Company Name) ========== MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2013.02.20 21:39:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.27 22:38:26 | 000,037,088 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService) SRV - [2013.01.27 20:16:48 | 000,140,512 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.18 11:07:32 | 000,084,848 | ---- | M] (Moborobo Inc.) [Auto | Stopped] -- C:\Program Files\Moborobo\MoboroboDeviceService.exe -- (MoboroboDeviceService) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.06.08 08:02:24 | 000,521,344 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice) SRV - [2012.03.09 22:08:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.09.15 09:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc) SRV - [2010.09.15 09:33:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.12.01 12:12:42 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.11.13 09:28:44 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.11.13 09:24:42 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.02.27 13:35:42 | 000,498,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2008.02.27 10:42:06 | 000,427,288 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Windows\System32\oodag.exe -- (O&O Defrag) SRV - [2007.03.09 15:29:44 | 002,232,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abhlsd6l) DRV - [2013.01.09 21:45:52 | 000,095,584 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttps.sys -- (NNSHTTPS) DRV - [2012.11.28 14:04:00 | 000,218,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM) DRV - [2012.11.28 14:04:00 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW) DRV - [2012.11.26 16:48:51 | 000,108,200 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP) DRV - [2012.11.26 16:48:51 | 000,093,096 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC) DRV - [2012.11.26 16:48:50 | 000,286,888 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT) DRV - [2012.11.26 16:48:50 | 000,159,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV) DRV - [2012.11.26 16:48:50 | 000,105,640 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3) DRV - [2012.11.26 16:48:48 | 000,094,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC) DRV - [2012.11.26 16:48:47 | 000,123,944 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS) DRV - [2012.11.26 16:48:47 | 000,119,080 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP) DRV - [2012.11.26 16:48:46 | 000,082,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC) DRV - [2012.11.09 19:01:19 | 000,123,944 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt) DRV - [2012.11.09 19:01:19 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc) DRV - [2012.11.09 19:01:18 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2012.11.09 19:00:37 | 000,149,544 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2012.11.09 19:00:37 | 000,104,488 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile) DRV - [2012.11.07 09:00:12 | 000,046,672 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD) DRV - [2012.10.22 12:08:35 | 000,029,224 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL) DRV - [2012.03.14 18:57:50 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.15 09:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.09.15 09:33:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.04.12 21:44:32 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2010.01.17 10:53:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.01.13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.10.22 18:06:12 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2009.10.22 18:06:12 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2009.10.22 18:06:09 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2009.10.22 18:06:07 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.25 10:04:28 | 000,006,144 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sioctl.sys -- (SIoctl) DRV - [2008.02.05 00:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2008.01.18 23:43:20 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007.11.09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.03.31 23:00:00 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2007.01.24 15:27:54 | 000,039,704 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcblan.sys -- (RemoteControl-USBLAN) DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB DC 62 47 51 27 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local;192.168.*.* ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: adapter%40babylontc.com:1.0.0.1 FF - prefs.js..extensions.enabledAddons: fastdial%40telega.phpnet.us:3.4 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: LDSI_plashcor%40gmail.com:0.7.0 FF - prefs.js..extensions.enabledAddons: ocr%40babylon.com:1.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.7 FF - prefs.js..extensions.enabledAddons: %7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:1.3.10 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4 FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.8 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6i: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Didi\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Didi\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.10 00:45:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 21:39:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.20 21:39:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.08.27 21:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Didi\AppData\Roaming\mozilla\Extensions [2013.03.08 11:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Didi\AppData\Roaming\mozilla\Firefox\Profiles\tcyumvmt.default\extensions [2011.11.10 12:42:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Didi\AppData\Roaming\mozilla\Firefox\Profiles\tcyumvmt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.02.13 11:14:05 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\Didi\AppData\Roaming\mozilla\Firefox\Profiles\tcyumvmt.default\extensions\fastdial@telega.phpnet.us [2011.06.02 00:14:53 | 000,073,154 | ---- | M] () (No name found) -- C:\Users\Didi\AppData\Roaming\mozilla\firefox\profiles\tcyumvmt.default\extensions\LDSI_plashcor@gmail.com.xpi [2011.10.04 13:31:42 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Didi\AppData\Roaming\mozilla\firefox\profiles\tcyumvmt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.17 09:59:40 | 000,688,596 | ---- | M] () (No name found) -- C:\Users\Didi\AppData\Roaming\mozilla\firefox\profiles\tcyumvmt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2009.11.23 13:44:54 | 000,004,687 | ---- | M] () -- C:\Users\Didi\AppData\Roaming\mozilla\firefox\profiles\tcyumvmt.default\searchplugins\cover-paradies.xml [2011.11.21 16:17:11 | 000,004,873 | ---- | M] () -- C:\Users\Didi\AppData\Roaming\mozilla\firefox\profiles\tcyumvmt.default\searchplugins\isohunt---bt-search.xml [2009.09.14 22:38:06 | 000,000,913 | ---- | M] () -- C:\Users\Didi\AppData\Roaming\mozilla\firefox\profiles\tcyumvmt.default\searchplugins\torrentsto.xml [2013.02.20 21:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions File not found (No name found) -- C:\USERS\DIDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TCYUMVMT.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI File not found (No name found) -- C:\USERS\DIDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TCYUMVMT.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM File not found (No name found) -- C:\USERS\DIDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TCYUMVMT.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI [2013.02.20 21:39:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.08.30 09:04:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2012.05.05 18:07:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.15 10:16:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.05 18:07:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.05 18:07:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.05 18:07:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.05 18:07:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Didi\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Didi\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Didi\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll CHR - plugin: VLC Multimedia Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: YouTube = C:\Users\Didi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Didi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Didi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Didi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Didi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.10.22 23:02:02 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13DAB22F-6456-4295-937A-A2231A8D5F39}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7F1501C-823F-4A6C-BF6E-56391AA6D458}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b7c72d84-bf47-11de-ab97-001e3368ec5e}\Shell - "" = AutoRun O33 - MountPoints2\{b7c72d84-bf47-11de-ab97-001e3368ec5e}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: BDRegion - hkey= - key= - File not found MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.03.08 11:55:50 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys [2013.03.08 09:49:06 | 000,000,000 | ---D | C] -- C:\Users\Didi\AppData\Roaming\Malwarebytes [2013.03.08 09:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.08 09:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.08 09:48:43 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.08 09:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.08 09:43:43 | 000,000,000 | ---D | C] -- C:\Users\Didi\AppData\Roaming\GoforFiles [2013.03.08 09:11:42 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.07 14:47:19 | 000,000,000 | ---D | C] -- C:\Users\Didi\Documents\ProcAlyzer Dumps [2013.03.07 14:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.03.07 14:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.03.07 14:44:19 | 000,000,000 | ---D | C] -- C:\Users\Didi\AppData\Local\Programs [2013.03.07 14:16:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.07 14:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.03.07 14:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.03.07 11:40:57 | 000,000,000 | ---D | C] -- C:\Users\Didi\AppData\Roaming\QuickScan [2013.03.06 06:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus [2013.02.20 21:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.19 13:53:18 | 000,000,000 | ---D | C] -- C:\Users\Didi\.gstreamer-0.10 [2013.02.19 13:45:54 | 000,000,000 | ---D | C] -- C:\Users\Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DreamStream-E2 [2013.02.19 13:45:54 | 000,000,000 | ---D | C] -- C:\Users\Didi\.dreamstream [2013.02.19 13:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\DreamStream-E2 [2013.02.09 15:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.06 19:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.06 19:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.06 19:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.06 19:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.06 19:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.02.06 19:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime ========== Files - Modified Within 30 Days ========== [2013.03.08 13:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.08 13:24:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1392898032-1716291131-2285585058-1001UA.job [2013.03.08 13:24:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1392898032-1716291131-2285585058-1001Core.job [2013.03.08 12:00:39 | 000,023,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 12:00:39 | 000,023,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 11:55:41 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.08 11:55:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.08 11:55:23 | 2408,026,112 | -HS- | M] () -- C:\hiberfil.sys [2013.03.08 11:55:22 | 000,521,664 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2013.03.08 11:50:36 | 000,751,030 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.08 11:50:36 | 000,695,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.08 11:50:36 | 000,165,652 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.08 11:50:36 | 000,135,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.08 11:24:02 | 007,069,714 | ---- | M] () -- C:\Users\Didi\Documents\explor.temp [2013.03.08 09:51:34 | 000,597,667 | ---- | M] () -- C:\Users\Didi\Desktop\adwcleaner.exe [2013.03.08 09:48:46 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.07 15:40:18 | 000,008,324 | ---- | M] () -- C:\Windows\wininit.ini [2013.03.06 11:31:27 | 000,482,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.19 13:47:21 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\DreamStream E2.lnk [2013.02.19 13:47:21 | 000,001,021 | ---- | M] () -- C:\Users\Didi\Application Data\Microsoft\Internet Explorer\Quick Launch\DreamStream E2.lnk [2013.02.09 15:51:11 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.09 15:51:11 | 000,002,011 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.06 19:19:59 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.06 19:16:28 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk ========== Files Created - No Company Name ========== [2013.03.08 09:51:33 | 000,597,667 | ---- | C] () -- C:\Users\Didi\Desktop\adwcleaner.exe [2013.03.08 09:48:46 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.07 15:40:17 | 000,008,324 | ---- | C] () -- C:\Windows\wininit.ini [2013.02.19 13:47:21 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\DreamStream E2.lnk [2013.02.19 13:47:21 | 000,001,021 | ---- | C] () -- C:\Users\Didi\Application Data\Microsoft\Internet Explorer\Quick Launch\DreamStream E2.lnk [2013.02.06 19:19:59 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.06 19:16:28 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.12 23:15:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl [2012.09.10 15:01:17 | 000,007,605 | ---- | C] () -- C:\Users\Didi\AppData\Local\Resmon.ResmonCfg [2012.07.09 14:40:35 | 000,000,600 | ---- | C] () -- C:\Users\Didi\AppData\Roaming\winscp.rnd [2011.12.07 11:44:16 | 000,000,853 | ---- | C] () -- C:\Windows\wiso.ini [2011.12.01 11:17:21 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.12.01 11:10:24 | 000,000,275 | ---- | C] () -- C:\Users\Didi\AppData\Local\HamsterVideoConverterSettings.cfg [2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2011.05.19 10:16:50 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2011.05.10 00:28:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.25 00:29:15 | 000,158,720 | ---- | C] () -- C:\Windows\System32\WS_VideoConverterContextMenu.dll [2010.10.25 18:58:25 | 000,004,096 | -H-- | C] () -- C:\Users\Didi\AppData\Local\keyfile3.drm [2010.04.16 08:41:12 | 000,000,156 | -H-- | C] () -- C:\Users\Didi\AppData\Roaming\eSReg.ini [2009.12.17 01:56:52 | 000,005,120 | ---- | C] () -- C:\Users\Didi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.01 12:57:34 | 000,000,600 | ---- | C] () -- C:\Users\Didi\AppData\Local\PUTTY.RND ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.11.09 16:51:37 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\.trackballs [2010.03.12 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Ancient Quest of Saqqarah__intenium [2011.12.05 10:13:42 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\BitTorrent [2010.01.30 14:17:42 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\BonkEnc [2011.12.14 09:50:39 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Buhl Data Service [2009.11.10 20:07:03 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Buhl Data Service GmbH [2011.12.17 12:30:07 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Canneverbe Limited [2012.08.14 14:45:17 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Canon [2009.10.01 20:43:17 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\CD-LabelPrint [2011.12.07 11:40:12 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\DAEMON Tools Lite [2009.11.10 20:09:01 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\DataDesign [2011.01.16 20:19:30 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\DataLayer [2011.09.23 01:42:48 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\DiskAid [2012.01.23 23:55:06 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\EAC [2011.12.07 11:27:24 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\elsterformular [2012.01.20 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Extensible XML Editor [2011.11.16 09:35:01 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\FileZilla [2009.10.05 11:02:07 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\FlashFXP [2012.10.18 06:37:06 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\foobar2000 [2009.08.30 09:05:00 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Foxit [2009.12.01 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Foxit Software [2012.07.14 09:10:38 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\GARMIN [2013.03.08 09:43:51 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\GoforFiles [2012.09.08 23:13:30 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\GrabIt [2009.12.14 11:36:27 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\ImgBurn [2012.08.12 11:40:39 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\IrfanView [2012.11.20 14:53:35 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de) [2012.05.26 09:00:56 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\JAM Software [2011.09.15 13:05:31 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Jason Robitaille [2009.11.30 16:33:43 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Leadertech [2010.11.03 16:14:13 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Lexware [2012.06.02 00:01:21 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\MAGIX [2010.01.27 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\mC2 [2012.09.08 11:05:40 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\MediaMonkey [2012.01.03 00:40:15 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\MotioninJoy [2012.10.15 21:51:54 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Motorola [2012.10.15 21:54:43 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Motorola Mobility [2012.10.24 09:30:33 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Mp3tag [2010.04.16 08:51:20 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\NAVI [2011.01.16 21:31:05 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Nokia [2011.11.16 09:41:50 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Notepad++ [2010.02.27 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\OpenOffice.org [2010.01.24 11:49:06 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Opera [2012.06.04 09:26:54 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Panda Security [2011.01.16 20:16:59 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\PC Suite [2009.12.17 18:09:30 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Pegasys Inc [2013.03.07 11:40:59 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\QuickScan [2012.04.06 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\redsn0w [2010.01.27 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\rockbox.org [2010.10.18 12:11:59 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Samsung [2009.11.19 16:10:29 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\ScreeNet iSaver [2009.09.15 00:05:14 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\SharePod [2010.07.06 20:29:02 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Sony [2009.12.12 18:11:12 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\ThumbGen [2009.10.03 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\TuneUp Software [2012.12.07 13:02:38 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\UseNeXT [2012.07.18 11:38:11 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\uTorrent [2011.01.04 20:40:22 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Windows Home Server [2012.10.15 19:23:54 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\WindSolutions [2011.04.24 22:10:09 | 000,000,000 | ---D | M] -- C:\Users\Didi\AppData\Roaming\Xilisoft Corporation ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.12.14 13:39:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.04.10 11:03:45 | 000,000,000 | -H-D | M] -- C:\CanoScan [2013.03.08 09:18:37 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.08.02 17:26:20 | 000,000,000 | ---D | M] -- C:\games [2011.01.16 20:58:54 | 000,000,000 | ---D | M] -- C:\Garmin [2009.12.12 00:50:51 | 000,000,000 | ---D | M] -- C:\inetpub [2012.03.06 14:00:08 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.03.08 09:50:04 | 000,000,000 | R--D | M] -- C:\Program Files [2013.03.08 11:54:03 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.08.27 20:49:19 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.01.16 15:24:40 | 000,000,000 | ---D | M] -- C:\SWSetup [2013.03.08 14:07:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.22 23:19:51 | 000,000,000 | ---D | M] -- C:\temp [2011.06.04 11:22:04 | 000,000,000 | R--D | M] -- C:\Users [2013.03.08 09:18:53 | 000,000,000 | ---D | M] -- C:\Windows [2013.03.08 09:11:42 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2011.04.08 16:40:06 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.04.08 16:40:07 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.11.25 08:19:01 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392898032-1716291131-2285585058-1001Core.job [2011.11.25 08:19:01 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392898032-1716291131-2285585058-1001UA.job [2012.12.25 08:42:01 | 000,000,634 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.01.17 10:53:44 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.03.08 14:10:15 | 005,767,168 | -HS- | M] () -- C:\Users\Didi\NTUSER.DAT [2013.03.08 14:10:15 | 000,262,144 | -HS- | M] () -- C:\Users\Didi\ntuser.dat.LOG1 [2009.08.27 20:49:36 | 000,000,000 | -HS- | M] () -- C:\Users\Didi\ntuser.dat.LOG2 [2009.08.27 20:59:53 | 000,065,536 | -HS- | M] () -- C:\Users\Didi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2009.08.27 20:59:53 | 000,524,288 | -HS- | M] () -- C:\Users\Didi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2009.08.27 20:59:53 | 000,524,288 | -HS- | M] () -- C:\Users\Didi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2009.08.27 20:49:36 | 000,000,020 | -HS- | M] () -- C:\Users\Didi\ntuser.ini [2011.09.19 23:13:44 | 001,085,952 | -HS- | M] () -- C:\Users\Didi\Thumbs.db [2012.10.22 22:41:51 | 000,000,216 | ---- | M] () -- C:\Users\Didi\umbrella0.log < %USERPROFILE%\Local Settings\Temp\*.exe > [2013.03.08 09:43:06 | 006,220,936 | ---- | M] (hxxp://www.goforfiles.com/) -- C:\Users\Didi\Local Settings\Temp\uninstall1894912.exe [2013.03.08 09:43:45 | 000,901,712 | ---- | M] (hxxp://goforfiles.com/) -- C:\Users\Didi\Local Settings\Temp\uninstall1902400.exe [2013.03.08 09:43:44 | 000,947,200 | ---- | M] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\Users\Didi\Local Settings\Temp\uninstall1903633.exe [4 C:\Users\Didi\Local Settings\Temp\*.tmp files -> C:\Users\Didi\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.dll > [2013.03.08 09:49:58 | 000,947,200 | ---- | M] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\Users\Didi\Local Settings\Temp\htmlayout.dll [4 C:\Users\Didi\Local Settings\Temp\*.tmp files -> C:\Users\Didi\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 70 bytes -> C:\Users\Didi\Documents\TelephoneList1.xlsx:com.apple.quarantine @Alternate Data Stream - 64 bytes -> C:\Users\Didi\Documents\Anmeldung.pdf:AFP_AfpInfo @Alternate Data Stream - 60 bytes -> C:\Users\Didi\Documents\ynwa konto.ods:AFP_AfpInfo @Alternate Data Stream - 60 bytes -> C:\Users\Didi\Documents\Ausweis2.JPG:AFP_AfpInfo @Alternate Data Stream - 60 bytes -> C:\Users\Didi\Documents\Ausweis1.JPG:AFP_AfpInfo @Alternate Data Stream - 286 bytes -> C:\Users\Didi\Documents\YNWA Mailverteiler.doc:AFP_Resource @Alternate Data Stream - 199 bytes -> C:\Users\Didi\Documents\TelephoneList1.xlsx:com.apple.metadatakMDItemWhereFroms < End of report > |
|
08.03.2013, 14:45
| #4 |
| | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe Und der Extras-Log: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.03.2013 14:05:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Didi\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,72% Memory free
5,98 Gb Paging File | 4,96 Gb Available in Paging File | 82,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,14 Gb Total Space | 6,29 Gb Free Space | 10,46% Space Free | Partition Type: NTFS
Drive D: | 405,52 Gb Total Space | 97,77 Gb Free Space | 24,11% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: Didi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Users\Steph\Saturn Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Users\Steph\Saturn Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Moborobo\update.exe" = C:\Program Files\Moborobo\update.exe:*:Enabled:update.exe -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Moborobo\update.exe" = C:\Program Files\Moborobo\update.exe:*:Enabled:update.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03769FD5-4B3E-4DEC-A2C5-1D6549B37F8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{066C28AF-A39B-4128-9DB2-F18BB7228281}" = lport=139 | protocol=6 | dir=in | app=system |
"{06D26768-81C0-44D4-B6FB-DDFBF4320DC4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0E86BDF7-9047-4558-ACB1-F055C4D3948B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1254EE44-6555-40D2-ABE4-9C2BBC3E6E25}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1483F9A5-E554-4111-ADD1-BF50AAA483EB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16FB9152-AA5E-47B7-9AF5-3D22DC422D89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1896A745-3EBF-4B31-A0FE-75AC9676D02F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1B144508-7822-46B0-9B73-581E38743A0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1E7E1D56-B03A-4351-AC3A-D549E73854C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{26FE380D-61F2-4542-8DC3-8D88FE905792}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FDCE793-2ED2-49B8-91BB-FDB9B62BA501}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{3404B012-39D2-45C4-829C-970184698B50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{369F6E68-82A3-4CB6-B156-F6AF3BC57744}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{383367D9-3797-42F1-870C-C3F4B530A5CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{38CCD247-91E8-49BA-B94D-5F84DA07E73B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{425ED5FC-7ADE-4613-B769-BB0EFD33B3BF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{42ECFBDC-B337-4553-B6F2-9DDCB2AFB593}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{467BAF66-C143-47AE-A81A-69E2F82A3FA9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{493B1DA6-89A5-4954-9945-FA710C61C617}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4968BC18-0F58-4A96-8C16-855B74FD98DC}" = rport=445 | protocol=6 | dir=out | app=system |
"{4AED070D-F470-4BAC-AD1A-E4C4E2630F0B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4AF14A29-5BE4-4CE1-9D7B-AB693C65AF4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52DDA3E1-90AE-4A12-A97D-440836564F49}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{52E01B6B-6454-4BFB-BBA4-0A7890B2950D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5712E287-BB67-4941-A87C-A0F93C7E463D}" = lport=137 | protocol=17 | dir=in | app=system |
"{57E7AC41-C794-477C-8FA7-790029EFB4A4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6297BA6E-0EE2-466E-BF8C-2FDD0BFE7E50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FEE82E3-1BC9-46FC-9B2F-5BF2B746A2B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73BB27B1-A174-4126-BE56-54FEC9B07DB1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85C96875-28EA-44FA-887E-14B7BE71275C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{89E125EB-A3FB-49A4-83B4-5F3CB716E400}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{8E0B1166-CC5A-4140-BEF2-9EF1F21778DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F9D9679-22F6-4DD1-8FF8-1341FA6A8A38}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{96A38BF9-3C4A-4927-8984-79E4BBD95A57}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97F7D24E-28F5-436B-8193-CC4888F8F4EB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B627EB2-1CE4-433D-8C8B-509C7910397E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9C60F824-8ED7-40A2-97E2-1DC2BB0B474D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A84D4AAF-CCDF-429D-B678-0E60E901B38E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEEABC0A-C125-4853-B271-EB0F53EAA6C9}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{AFEC8D27-6003-405E-8C4A-9DF6FFEF6040}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C01EA318-694A-4066-AA95-C1CBBED79304}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C517BE4A-1EB5-4841-A93B-40593DCFE064}" = lport=445 | protocol=6 | dir=in | app=system |
"{C6EBA23F-4A74-4D87-9AFF-7F064B0033BE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C7CE1BEE-BE7C-4A69-81FE-3261EEE197FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC62513C-4EFB-4AC9-AD7E-31359099D703}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CDB23938-725F-4975-9151-006C02AAC6AA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D76409C9-B2C4-414C-B73E-052AA4730FB0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D83580BF-0EE1-4E1A-AEF2-450CCABBFC24}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB0E5D51-E0CC-422F-8183-A6152047DDE7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E5989789-F300-468E-BFFA-A335F83F85CF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F50C9464-E51D-473E-B233-D15A675B449F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB32E743-2557-424E-B3A5-CFFF6287FA34}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C97483-9BAC-4E8D-A1B9-0FD1E7EE51F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0562CFC6-016B-4545-90BF-8F353B991315}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0936196B-8C2A-4DDB-B79E-B1CEF4E1DE1D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D27F5CB-AD7F-47B7-AE2E-7B56521289C2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{102FE6A3-88FE-4C2E-808A-F271CD4A54CF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{17E8E674-1E09-482B-AAEB-AB17BB10276A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{18458573-BF32-461F-9424-F65133310B67}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{202FC892-E70A-48AD-96BE-3E16CDF9A805}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2327AE9B-6DB1-4473-8F87-3088CCC4D39B}" = protocol=6 | dir=in | app=c:\users\didi\documents\clarke-tech\dcc_e2.exe |
"{264A3BE8-9865-4500-97C0-73523D5745FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B9062C9-6CAB-4D00-9D56-4871F2C64E42}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3170BC83-4A6B-4034-9D29-C0720C5766E5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{325580C1-7FDA-4682-ADC9-159DDCC1422E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32762D06-69BB-4B87-B2E1-E27EB1B513C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{48F9E887-A014-44E0-B25D-4E77E1935157}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4AD8EB5D-4CDB-4394-A377-C3AA4B661018}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4CEEA611-A9B0-4730-BEEC-497F63D82396}" = protocol=6 | dir=in | app=c:\program files\pumpkin tftp\pumpkin.exe |
"{5167DD1D-9952-40BB-88FC-E8D4CCBE6E93}" = protocol=6 | dir=in | app=c:\program files\tftpd32\tftpd32.exe |
"{517949B8-F95B-4D93-ACB9-BCB4C37B20C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{53CC2391-4A2B-434D-8562-9434C438543C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55DB3CEF-0187-4075-AE12-AB51B118CA2D}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{580AED85-52AC-4229-9C41-9DAC2526C499}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5BFF38AB-EC48-409F-A3F6-B26BDFA33BBF}" = protocol=17 | dir=in | app=c:\users\didi\documents\clarke-tech\dcc_e2.exe |
"{5C27A0B9-A91F-49F8-B570-BF02C582E7A5}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5D38BBCE-83E0-496B-BA01-E43983BDAC74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6570931E-CD9F-495F-82D7-1D748D05944D}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{6AB52CDA-4209-4DCF-9096-49DF5D90949D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6BCFA078-F19B-409A-AD2E-FD6A00721ABB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6DBBC2EE-231C-4A59-9882-D04B86B79540}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{6EDD0971-FB9D-4D6E-9E8F-0E12CABD0A1C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{700098C1-7C04-4CD0-A13C-CA1973F98810}" = dir=in | app=c:\program files\moborobo\update.exe |
"{706AF2EE-5657-4B94-91E2-3AFD4ECD9B23}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{71F8E159-A4D6-4736-869D-22BCF24AB96B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76942A69-3864-4F1A-881E-4913EC5A94D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{78115A68-4FA7-4BB6-8661-8C4D49EF75A5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CA674D9-EAFB-4EFE-ADCB-DB45F130B1E2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{81E6628B-641C-4B32-88FF-109C2177F1D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{81EB8DF8-4A74-4FA8-8494-B57F2ACF8BEE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{882715EA-FF55-4CB9-B006-1FB0B632248A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{88E4B5C6-E562-4F7B-8C36-32B2AE632B53}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{8C543AD4-929F-49E1-BE0D-B1D362B72090}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8CA45B1B-0726-4E28-826E-44B8F6856EC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{926ECFEC-81A2-44C0-9224-6720E239D5E7}" = protocol=17 | dir=in | app=c:\users\didi\documents\clarke-tech\dreamset\dreamset.exe |
"{92C3704F-2014-4D48-91DE-1590F12B45D6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9EA277BF-2E94-4025-A2AB-8A6CC4DD956F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F1412E5-6E3A-410C-A87E-007207AF95A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FA29617-6625-4D46-A3D1-AB296D1D4C9F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A05A9CB4-1CA6-4766-BF9B-ECDA76AB6467}" = protocol=17 | dir=in | app=c:\program files\pumpkin tftp\pumpkin.exe |
"{A0D08F2F-9AAB-42C5-AA2B-B23079069CA5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A283D1EF-8638-470B-A010-FA61581D7FC0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A2B5A634-F699-471C-AB5F-54716397BD64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A46A9759-1711-44B1-BBE9-63E22AEAF1D5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A66607FB-07F9-4100-BD41-8DFD979B1D0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6CCB998-C29C-45D2-8747-B66CBC37F1BC}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{A77DED43-3B1E-4B8D-86D7-AAF9B62521FE}" = protocol=6 | dir=in | app=c:\users\didi\documents\clarke-tech\dreamset\dreamset.exe |
"{A7CA60B4-ADD5-43D2-ADA9-0667FC5DC309}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AADCD750-82CC-4E09-BA23-C478E1F74973}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AB41A10A-719B-4EDB-A4A8-A0FF6A64F5E5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AC73C9F2-B1AE-40E8-8020-8CABDAE89F76}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{AC983AC3-870C-4B0B-A142-BCECD5A97E74}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B078C05F-9349-494A-A761-A416F25313A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B2A4FB31-BF6C-4544-8963-FFE6C51BD268}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2AF1107-9930-4641-A0DB-4764552ED7F8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B45EE5E5-712D-4C96-AF6F-FFCD06380BD2}" = protocol=6 | dir=out | app=system |
"{B5843151-E328-48C7-9106-CB4DABD8F3AC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B90B5425-6579-4A65-8288-BBD4B0933921}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BAFE8DD0-BDC5-4797-A9A5-2AD1D0F82C67}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BB2DEFC1-B811-46E0-A6DF-C5B43B022241}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BD5039A8-6657-411D-9E8C-36EEB37B7467}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{CC91E72B-BDFF-4E42-9BEA-BAC558F2DA89}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{D8285D44-FE32-4509-9416-9C5BA63625DB}" = protocol=17 | dir=in | app=c:\program files\tftpd32\tftpd32.exe |
"{DCE70B69-8196-4A0E-AF3D-A25CBE304CB5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DDEBF5B2-4E59-40E4-B166-1EF831615E76}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DF1682E0-C052-429C-86B8-E142C2660906}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E1D79507-99FB-481A-877F-0B52DCDAC778}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EABC9899-0BD0-4DC7-B743-3949DAA48552}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC65F0CD-E6A0-4999-BA3D-7619CF79A0E6}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{EFCF98DF-A117-460B-8EAC-EED06A057F87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F74609D1-B71A-4582-8065-271536A2A2DE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FDB29D04-37ED-4521-9CFE-24421CE1920C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{01B7EDB7-366C-41AF-A6D1-702C577AA651}C:\program files\moborobo\update.exe" = protocol=6 | dir=in | app=c:\program files\moborobo\update.exe |
"TCP Query User{24D24318-AA56-48B4-956B-752B4A7817E1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{267D6237-66F4-417E-9E81-6BDAE0F43810}C:\users\didi\documents\clarke-tech\dreamset\dreamset.exe" = protocol=6 | dir=in | app=c:\users\didi\documents\clarke-tech\dreamset\dreamset.exe |
"TCP Query User{43151598-859A-4EF7-A819-68457F9C5790}C:\users\didi\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\didi\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{50D45FDB-0F54-4B67-AFB4-E3506C8B475C}C:\program files\dreamstream-e2\dreamstream.exe" = protocol=6 | dir=in | app=c:\program files\dreamstream-e2\dreamstream.exe |
"TCP Query User{539C7AB5-6A70-488A-A532-48A13AAF57F0}C:\users\didi\documents\clarke-tech\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\didi\documents\clarke-tech\dcc_e2.exe |
"TCP Query User{84835865-34C6-4CE3-AA88-17981EA2D10E}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\finder\finder.exe |
"TCP Query User{9DE1284C-F2CA-4EFD-B9C8-4F2E1B2C55E8}C:\program files\pumpkin tftp\pumpkin.exe" = protocol=6 | dir=in | app=c:\program files\pumpkin tftp\pumpkin.exe |
"TCP Query User{ED3B22FD-BC9B-4615-B41D-6279CF8D7E72}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2CEAC04E-D573-423B-A8A1-105F471C025E}C:\program files\dreamstream-e2\dreamstream.exe" = protocol=17 | dir=in | app=c:\program files\dreamstream-e2\dreamstream.exe |
"UDP Query User{411CCB7E-07DC-4EEA-9D99-94A3E067A931}C:\users\didi\documents\clarke-tech\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\didi\documents\clarke-tech\dcc_e2.exe |
"UDP Query User{6905F158-5E75-4B2C-9B16-46ECBD8C971D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{AD1FC839-DFDE-4555-B919-C00FF0AF1F8A}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\finder\finder.exe |
"UDP Query User{B10BFBD7-32C3-463D-9CDB-470BC16E500D}C:\program files\moborobo\update.exe" = protocol=17 | dir=in | app=c:\program files\moborobo\update.exe |
"UDP Query User{C3288841-5990-4987-9E0B-12B4263FAC71}C:\users\didi\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\didi\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{CAA44CF9-48E4-458D-AE9C-C2E4DD0417D2}C:\users\didi\documents\clarke-tech\dreamset\dreamset.exe" = protocol=17 | dir=in | app=c:\users\didi\documents\clarke-tech\dreamset\dreamset.exe |
"UDP Query User{CDFFBDC4-3A0D-4643-A7CC-80D70706A958}C:\program files\pumpkin tftp\pumpkin.exe" = protocol=17 | dir=in | app=c:\program files\pumpkin tftp\pumpkin.exe |
"UDP Query User{EB5DA929-2EF9-44D8-927D-B3D01B7D5C61}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B934E4-C574-4605-842B-01CD16295185}_is1" = Moborobo 2.0.7.501
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{423A9ABA-E167-42F4-9715-485F17843750}" = Panda Cloud Antivirus
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{55B4F525-9768-40A8-85B7-78229144B883}" = O&O SafeErase
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Essential XML Editor
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8033CB5-A8DF-47B3-BDE9-1796626994C6}" = Lexware faktura+auftrag 2012
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBD7A67D-D700-4043-B54F-DD106D00F308}" = LameXP
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"845CCCCA-B77C-43EA-9A43-62DACEA4F902" = DreamStream E2
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alt.Binz" = Alt.Binz 0.39.4
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"CCS64 V3.6" = CCS64 V3.6
"CloneCD" = CloneCD
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v0.9.6.3
"Fotosizer" = Fotosizer 1.35
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FreePDF_XP" = FreePDF (Remove only)
"Freeware Faktura" = Freeware Faktura 2012.04.20
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"Mystery P.I. Stolen in San Francisco 1.00" = Mystery P.I. Stolen in San Francisco 1.00
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Online Games Manager" = Online Games Manager v1.10
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"QNAP_FINDER" = QNAP Finder
"QuickPar" = QuickPar 0.9
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SABnzbd" = SABnzbd 0.7.4
"Saturn Fotoservice" = Saturn Fotoservice
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.7
"TuneUp Utilities" = TuneUp Utilities
"UseNeXT_is1" = UseNeXT
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"d734575cd6cff35b" = Stegano.Net
"Essential XML Editor" = Essential XML Editor
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.03.2012 10:44:35 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.03.2012 10:44:35 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.03.2012 10:44:36 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.03.2012 10:44:36 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.03.2012 10:44:39 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.03.2012 10:44:45 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.03.2012 10:44:50 | Computer Name = Notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.03.2012 13:27:03 | Computer Name = Notebook | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cc8 Startzeit:
01ccfbbe0d49d982 Endzeit: 47 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
94fcb659-67b1-11e1-bc34-001e3368ec5e
Error - 08.03.2012 01:18:47 | Computer Name = Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 09.03.2012 11:39:24 | Computer Name = Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 07.03.2013 06:36:46 | Computer Name = Notebook | Source = Service Control Manager | ID = 7034
Description = Dienst "Moborobo Device Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 07.03.2013 08:11:24 | Computer Name = Notebook | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 07.03.2013 08:19:27 | Computer Name = Notebook | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 07.03.2013 08:40:33 | Computer Name = Notebook | Source = Service Control Manager | ID = 7034
Description = Dienst "Moborobo Device Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 08.03.2013 01:32:02 | Computer Name = Notebook | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 08.03.2013 04:11:43 | Computer Name = Notebook | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 08.03.2013 04:19:18 | Computer Name = Notebook | Source = Service Control Manager | ID = 7034
Description = Dienst "Moborobo Device Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 08.03.2013 04:29:23 | Computer Name = Notebook | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 08.03.2013 06:46:41 | Computer Name = Notebook | Source = Service Control Manager | ID = 7034
Description = Dienst "Moborobo Device Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 08.03.2013 06:56:02 | Computer Name = Notebook | Source = Service Control Manager | ID = 7034
Description = Dienst "Moborobo Device Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
< End of report >
|
|
08.03.2013, 18:55
| #5 |
| /// Malware-holic | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe warum fragt man nach Hilfe und macht dann doch was ganz anderes vorher? Malwarebytes log fehlt. http://www.trojaner-board.de/125889-...en-posten.html lässt sich sonst schlecht auswerten :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.03.2013, 01:04
| #6 | ||
| | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exeZitat:
Hier also der Log: Zitat:
|
|
11.03.2013, 18:28
| #7 |
| /// Malware-holic | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.03.2013, 19:29
| #8 | |
| | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe Ok, hier das Logfile: Zitat:
|
|
12.03.2013, 20:04
| #9 |
| /// Malware-holic | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.03.2013, 00:00
| #10 |
| | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exeCode:
ATTFilter ComboFix 13-03-12.01 - Didi 12.03.2013 23:46:03.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3062.1578 [GMT 1:00]
ausgeführt von:: c:\users\Didi\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-12 bis 2013-03-12 ))))))))))))))))))))))))))))))
.
.
2013-03-12 22:55 . 2013-03-12 22:55 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-03-12 22:55 . 2013-03-12 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-09 14:21 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A713F1C-9CF3-4381-BE6F-8A175E8E9167}\mpengine.dll
2013-03-08 08:49 . 2013-03-08 08:49 -------- d-----w- c:\users\Didi\AppData\Roaming\Malwarebytes
2013-03-08 08:48 . 2013-03-08 08:48 -------- d-----w- c:\programdata\Malwarebytes
2013-03-08 08:48 . 2013-03-08 08:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-08 08:48 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:43 . 2013-03-08 08:43 -------- d-----w- c:\users\Didi\AppData\Roaming\GoforFiles
2013-03-08 08:11 . 2013-03-08 08:11 -------- d-----w- C:\_OTL
2013-03-07 13:45 . 2013-03-07 14:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-07 13:44 . 2013-03-08 10:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-07 13:44 . 2013-03-07 13:44 -------- d-----w- c:\users\Didi\AppData\Local\Programs
2013-03-07 13:09 . 2013-03-07 13:09 -------- d-----w- c:\program files\Enigma Software Group
2013-03-07 13:08 . 2013-03-07 13:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-03-07 10:45 . 2013-03-07 10:45 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-07 10:40 . 2013-03-07 10:40 -------- d-----w- c:\users\Didi\AppData\Roaming\QuickScan
2013-02-19 12:53 . 2013-02-19 12:53 -------- d-----w- c:\users\Didi\.gstreamer-0.10
2013-02-19 12:45 . 2013-02-19 13:17 -------- d-----w- c:\users\Didi\.dreamstream
2013-02-19 12:45 . 2013-02-19 12:45 -------- d-----w- c:\program files\DreamStream-E2
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 05:35 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 05:33 . 2012-12-26 04:49 760320 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 18:48 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-07 10:44 . 2012-07-12 09:04 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-07 10:44 . 2010-05-11 18:37 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2009-10-03 07:49 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 20:45 . 2013-01-09 20:45 95584 ----a-w- c:\windows\system32\drivers\NNSHttps.sys
2012-12-16 14:13 . 2012-12-25 07:24 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-25 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-09 14:17 . 2013-03-09 14:17 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-08-06 381440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-01-27 32480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Google Update"="c:\users\Didi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="c:\program files\CloneCD\CloneCDTray.exe" /s
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
R2 MoboroboDeviceService;Moborobo Device Service;c:\program files\Moborobo\MoboroboDeviceService.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [x]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 SIoctl;SIoctl;c:\windows\system32\drivers\sioctl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [x]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 67035283
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - 67035283
*Deregistered* - PSKMAD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 15:39]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 15:39]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392898032-1716291131-2285585058-1001Core.job
- c:\users\Didi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 07:19]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1392898032-1716291131-2285585058-1001UA.job
- c:\users\Didi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 07:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local;*.local;192.168.*.*
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Didi\AppData\Roaming\Mozilla\Firefox\Profiles\tcyumvmt.default\
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
MSConfigStartUp-PDVD9LanguageShortcut - c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(1520)
c:\windows\system32\relog_ap.DLL
.
Zeit der Fertigstellung: 2013-03-12 23:58:10
ComboFix-quarantined-files.txt 2013-03-12 22:58
.
Vor Suchlauf: 9.335.279.616 Bytes frei
Nach Suchlauf: 9.109.065.728 Bytes frei
.
- - End Of File - - 322E02209AD8C851808B4DB1BEA0E54B
|
|
13.03.2013, 18:42
| #11 |
| /// Malware-holic | Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe |
| automatisch, befinden, cloud, datei, dokumente, funktionieren, melde, meldet, minute, minuten, neu, nicht mehr, nichts, ordner, panda, problem, rechner, schlägt, spy, start, start von windows, starte, stream, tools, trojaner, windows, würde |
WARNUNG an die MITLESER: 
Linear-Darstellung
