| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner und Probleme mit dem SystemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.06.2013, 11:03
| #1 |
| |  GVU-Trojaner und Probleme mit dem System Hallo! Ich habe mir vor ein vorgestern den GVU-Trojaner eingefangen gehabt und mein Bildschirm war gesperrt. Nachdem ich mich per Google schlau gelesen hab, hielt ich es zunächst für die beste Idee das System mit der Kaspersky Rescue-Disk zu scannen und zu reinigen, was auch geklappt hat. Anschließend ließ ich Malware-Bytes drüberlaufen, was auch nochmal etwas gefunden hat und dann waren eigentlich alle Probleme weg. Was jedoch nach den Scans und Löschen des Trojaners merkwürdig war: "Der Windows Sicherheitscenterdienst konnte nicht ausgeführt werden". Ich hab versucht das Problem mit dieser Hilfestellung von Microsoft anzugehen: hxxp://support.microsoft.com/kb/2519899/de was jedoch ebenfalls erfolglos blieb. Ich führte den unter 11. aufgelisteten Registry-Eintrag durch und musste feststellen, dass mir der PC sagt, dass ich eine falsche Datei importieren wolle, das kam mir schon etwas merkwürdig vor. Was mir aber noch viel merkwürdiger vorkam: ich konnte einfache Spiele wie FIFA oder Call of Duty usw. einfach nicht mehr starten, nach dem Doppelklick auf die .exe Dateien erschienen diese zwar im Task-Manager, öffneten sich jedoch nicht. Nun hab ich die Vermutung bzw die Angst, dass ich mein System irgendwie beschädigt habe und deshalb nichts mehr so richtig funktioniert. Meine Frage: Gibt es eine Möglichkeit das System zu retten oder sollte ich es lieber gleich formatieren? (was ja eigentlich immer als letzte Möglichkeit gilt) Mit freundlichen Grüßen, vile |
|
27.06.2013, 11:25
| #2 | |
| /// TB-Ausbilder   | GVU-Trojaner und Probleme mit dem System Hallo vile,
__________________Zitat:
Zusätzlich: Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
__________________ |
|
27.06.2013, 11:57
| #3 | ||
| | GVU-Trojaner und Probleme mit dem System Kaspersky:
__________________Zitat:
Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.06.2013 12:46:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alessandro\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,69% Memory free 6,50 Gb Paging File | 4,44 Gb Available in Paging File | 68,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1001,13 Gb Free Space | 72,75% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,64 Gb Free Space | 58,19% Space Free | Partition Type: NTFS Computer Name: VILE | User Name: Alessandro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.27 12:45:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe PRC - [2013.06.27 12:44:39 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.27 12:44:14 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.06.27 12:44:08 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.27 12:44:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.26 11:20:48 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.06.04 09:31:39 | 003,456,080 | ---- | M] (Electronic Arts) -- C:\Programme\Origin\Origin.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.24 13:03:28 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.04.26 00:50:28 | 029,986,136 | ---- | M] (Electronic Arts) -- C:\Programme\Origin Games\FIFA 13\Game\fifa13.exe PRC - [2013.04.25 00:10:38 | 005,534,488 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\LCore.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.01.08 09:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2010.06.10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\Brother\BrStMonW.exe PRC - [2010.02.24 12:41:16 | 000,088,576 | ---- | M] (ZTE) -- C:\Programme\T-Mobile\InternetManager_Z\Bin\mcserver.exe PRC - [2010.01.26 12:35:46 | 000,215,552 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe PRC - [2010.01.26 12:35:42 | 000,031,232 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\db_daemon.exe PRC - [2010.01.26 12:35:36 | 000,043,008 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\gconfd-2.exe PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\BrYNSvc.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.14 03:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013.06.26 11:20:48 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.06.04 09:31:40 | 000,062,976 | ---- | M] () -- C:\Programme\Origin\tufao.dll MOD - [2013.05.24 13:03:28 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.02.28 09:28:44 | 000,089,600 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\itapi.dll MOD - [2010.02.28 09:28:38 | 000,054,272 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\coder.dll MOD - [2010.02.28 09:28:36 | 000,043,008 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\audio.dll MOD - [2010.02.28 09:28:34 | 000,025,088 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\log.dll MOD - [2010.02.24 12:41:04 | 000,034,304 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libctlsvr.dll MOD - [2010.01.26 12:35:46 | 000,215,552 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe MOD - [2010.01.26 12:35:42 | 000,031,232 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\db_daemon.exe MOD - [2010.01.26 12:35:36 | 000,043,008 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\gconfd-2.exe MOD - [2010.01.26 12:35:34 | 000,055,808 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libgconfbackend-xml.dll MOD - [2010.01.26 12:35:20 | 000,157,696 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libgconf-2.dll MOD - [2010.01.26 12:35:06 | 000,594,432 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\dbus-1.dll MOD - [2010.01.26 12:34:04 | 000,341,504 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\sqlite3.dll MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.03.28 09:19:06 | 000,080,688 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\zlib1.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll MOD - [2008.05.06 13:50:00 | 000,971,776 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libxml2.dll MOD - [2007.09.09 17:07:00 | 000,151,552 | ---- | M] () -- C:\Programme\T-Mobile\InternetManager_Z\Bin\libexpat.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.06.27 12:44:39 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.27 12:44:08 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.26 11:20:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.24 13:03:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.01) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86) DRV - [2013.06.04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2013.06.04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2013.05.14 10:32:58 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.04.01 22:03:38 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.01 22:03:38 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.01 22:03:38 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.12.15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2010.11.25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.16 12:18:27 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2010.04.28 01:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010.04.28 01:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010.04.28 01:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010.04.27 23:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.12.15 04:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2009.11.24 03:49:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.11.24 03:49:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.11.24 03:49:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.11.24 03:49:44 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.11.24 02:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.24 02:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&k=0 IE - HKCU\..\SearchScopes\{20BF448D-74C0-4621-B7E2-2DD39AD139E8}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{275D361A-B4C3-4298-A34B-1FB8A2AB2D56}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{3647AB84-CFFD-44FE-9EA7-EF15DD26F594}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{8635E1C6-87A1-4588-B0E2-3FD9EA95A43C}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{A74AD699-1DB4-4A02-9861-F8DE0F949842}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{B5F6E15C-46E5-4844-A9A9-A7B0D49BEFB9}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{DF4FB3A0-F2DE-4D48-B757-9979117356D9}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4D45445444462670633D4D414D44267372633D49452D536561726368426F78&st={searchTerms}&clid=ad9903fb-a4bf-445e-816f-071329eb1dac&pid=murb&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\ALESSA~1\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.ftp: "212.119.105.65" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "212.119.105.65" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "212.119.105.65" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "212.119.105.65" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alessandro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alessandro\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2010.02.02 15:19:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 13:03:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.26 11:19:44 | 000,000,000 | ---D | M] [2010.07.29 16:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\mozilla\Extensions [2013.06.26 11:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\mozilla\Firefox\Profiles\hkcx0dob.default\extensions [2013.04.05 09:25:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alessandro\AppData\Roaming\mozilla\Firefox\Profiles\hkcx0dob.default\extensions\ich@maltegoetz.de [2013.02.09 22:37:15 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\extensions\stealthyextension@gmail.com.xpi [2012.12.11 18:43:41 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.02.07 10:24:24 | 000,002,419 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\englische-ergebnisse.xml [2012.02.07 10:24:24 | 000,010,525 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\gmx-suche.xml [2012.02.07 10:24:24 | 000,002,457 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\lastminute.xml [2012.02.07 10:24:24 | 000,005,508 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\webde-suche.xml [2011.07.28 17:23:19 | 000,002,182 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\{7F12DBA2-C662-4618-8998-64513EA51B23}.xml [2011.07.28 17:23:19 | 000,002,071 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\{7F2DB4BC-60A3-4410-8881-2EB7F86FAD5D}.xml [2011.07.28 17:23:19 | 000,001,864 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\mozilla\firefox\profiles\hkcx0dob.default\searchplugins\{E4C2741D-4974-4962-B5FE-0C0C62234130}.xml [2013.05.24 13:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.24 13:03:28 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - Reg Error: Value error. File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - Reg Error: Value error. File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{086FD720-5EA6-438D-8CB4-CB97B36AE2D0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C78A69F-91A0-4A65-B8D9-D5B6DD7424AF}: DhcpNameServer = 178.238.129.66 66.96.208.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBCDE3F5-905F-4D68-8D8C-7F66A3DB625B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1e2bd3c0-b9b3-11e0-98c0-40618698c73e}\Shell - "" = AutoRun O33 - MountPoints2\{1e2bd3c0-b9b3-11e0-98c0-40618698c73e}\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.27 12:45:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe [2013.06.26 12:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs [2013.06.26 12:00:03 | 000,017,344 | ---- | C] (Dll-Files.com) -- C:\Windows\System32\roboot.exe [2013.06.26 12:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer [2013.06.26 11:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.06.26 11:19:44 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.26 11:19:44 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.26 11:19:35 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.26 10:43:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.26 10:42:06 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.26 10:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2013.06.26 10:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.26 09:56:07 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Malwarebytes [2013.06.26 09:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.26 09:55:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.26 09:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.26 09:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.26 09:19:34 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.06.12 14:04:05 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.06.12 14:04:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.12 14:01:04 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.06.12 14:01:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.06.12 14:01:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.06.12 14:01:03 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.06.12 14:01:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.06.12 14:01:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.06.12 14:01:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.06.12 14:01:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.06.12 12:17:56 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.06.12 12:17:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll [2013.06.12 12:17:49 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013.06.12 12:17:47 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013.06.12 12:17:43 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.06.12 12:17:43 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.06.04 09:15:02 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2013.06.04 09:15:02 | 000,084,248 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys ========== Files - Modified Within 30 Days ========== [2013.06.27 12:49:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.06.27 12:45:48 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.27 12:45:48 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.27 12:45:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alessandro\Desktop\OTL.exe [2013.06.27 12:44:43 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys [2013.06.27 12:38:36 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2013.06.27 12:38:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.27 12:38:29 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2013.06.26 16:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.26 16:08:00 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job [2013.06.26 12:26:19 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job [2013.06.26 12:26:19 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job [2013.06.26 11:49:08 | 000,657,698 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.26 11:49:08 | 000,618,974 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.26 11:49:08 | 000,131,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.26 11:49:08 | 000,107,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.26 11:20:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.26 11:20:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.26 11:19:29 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.26 11:19:29 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.06.26 11:19:29 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.26 11:19:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.26 11:19:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.26 11:19:29 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.26 09:55:59 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.26 09:20:31 | 000,003,552 | ---- | M] () -- C:\bootsqm.dat [2013.06.26 08:31:12 | 095,023,320 | ---- | M] () -- C:\ProgramData\rdol4.pad [2013.06.25 17:47:21 | 000,002,655 | ---- | M] () -- C:\ProgramData\rdol4.js [2013.06.24 09:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.06.04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2013.06.04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2013.05.31 12:51:45 | 000,001,054 | ---- | M] () -- C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.31 12:51:12 | 000,001,032 | ---- | M] () -- C:\Users\Alessandro\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.06.26 12:00:16 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job [2013.06.26 12:00:15 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job [2013.06.26 09:55:59 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.26 09:20:31 | 000,003,552 | ---- | C] () -- C:\bootsqm.dat [2013.06.25 17:47:21 | 000,002,655 | ---- | C] () -- C:\ProgramData\rdol4.js [2013.06.25 17:47:20 | 095,023,320 | ---- | C] () -- C:\ProgramData\rdol4.pad [2013.05.23 10:10:26 | 000,011,241 | ---- | C] () -- C:\Windows\wininit.ini [2012.03.08 10:40:32 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.02.12 19:44:36 | 000,017,408 | ---- | C] () -- C:\Users\Alessandro\AppData\Local\WebpageIcons.db [2012.02.11 11:46:56 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.12.20 11:12:27 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2011.12.17 00:10:56 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2011.12.17 00:10:26 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2011.11.16 22:18:42 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.11.16 22:18:41 | 000,138,056 | ---- | C] () -- C:\Users\Alessandro\AppData\Roaming\PnkBstrK.sys [2011.11.16 22:18:24 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.11.16 22:18:23 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011.11.16 22:18:23 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.08.31 19:45:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.08.31 19:36:54 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.06.2013 12:46:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alessandro\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 45,69% Memory free
6,50 Gb Paging File | 4,44 Gb Available in Paging File | 68,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1376,16 Gb Total Space | 1001,13 Gb Free Space | 72,75% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,64 Gb Free Space | 58,19% Space Free | Partition Type: NTFS
Computer Name: VILE | User Name: Alessandro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0473D69A-3520-4E7E-BEF4-E7003BEE9210}" = rport=445 | protocol=6 | dir=out | app=system |
"{0DFC9C64-31B6-4009-9E56-10C3FF5435CC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1143F6BE-5E5A-43E4-B44F-3A863B88BE26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19F404E7-DC44-422C-8DEC-0911936502E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22E2BD0D-CA9E-476D-9C88-A894F39D2DA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D9CE987-2A11-4A7C-AEE9-AC3B76800D82}" = lport=138 | protocol=17 | dir=in | app=system |
"{2DD462A3-5756-479A-9176-CD63B929D2CD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37F4ECD8-E322-4E3A-811D-2FBB4B523F91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A666525-1DF9-4BFB-B611-AE7097EB1147}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3BDF8A68-161B-4F5A-ABF6-EC884FFEBA94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{44D860FB-3B79-4013-BC6C-D5014CCE85FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47C041E1-832A-4A73-804B-F36A8B57EDDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51394565-6AF7-44E0-A9D8-199F7A9B5FA4}" = rport=137 | protocol=17 | dir=out | app=system |
"{56E5E902-E628-4353-97E9-5C918C1601A3}" = rport=139 | protocol=6 | dir=out | app=system |
"{57B6D303-F1F8-4C91-AF01-0A48075887BB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5AB3FA8D-F5AE-49CA-80C8-78C9FE5355CF}" = lport=137 | protocol=17 | dir=in | app=system |
"{5E7030A9-5A01-4F3E-8149-BF6DE67B616B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DD89834-7040-4DEC-9D50-647DDD5EAFB8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7465C75C-10A1-4F39-95E7-8347F7840BFC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{788042D4-471D-45E5-B2FA-FEDDF11A8176}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A145E7A-6938-456F-A8CA-0C1520D6C14A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8D8A5B5A-4891-485E-9C1B-2CDE6AF21483}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0139B67-03E4-4866-98D9-D171FFE884AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1095C7F-3205-4E39-9394-B30CA816FC6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A808ADDD-CC2F-4E72-806C-1A3948E2FC24}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A97EE164-C74D-4252-8712-6DD004E5CE0F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{A9A16BD8-B6DD-4CCC-B7C8-7D59E6F289DA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD373CF8-FBEC-429D-958C-F4F4C1198446}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BBB81D2C-73FD-4EB4-9C16-C521A9D7A4E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CAFD594B-7704-44C4-9A5A-B303C5B7665D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D85AF6B5-AC32-41FD-A10B-203F165D986E}" = lport=445 | protocol=6 | dir=in | app=system |
"{E496787E-300F-4CF4-B5B3-113C49A35929}" = lport=139 | protocol=6 | dir=in | app=system |
"{EE93148E-B870-46C4-80E8-A3FF2A07B179}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEA2D732-4767-4DD7-83E8-AB761C3BCD15}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4E63509-ECEC-4A11-9452-BB6787BB1C5D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01154F24-DFAB-4D2B-8F6F-D48AEAA623BA}" = protocol=6 | dir=in | app=c:\users\alessandro\appdata\roaming\dropbox\bin\dropbox.exe |
"{0590E01C-9493-4E52-AE35-31F2BEA47C1C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{05A7AB25-7C38-458A-ABD1-A77E581C595A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{07F18438-ADFC-45CA-A6A9-A8E3BA34B51F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1D2FF8D5-808D-4490-95B8-1846E3238961}" = protocol=6 | dir=out | app=system |
"{25201B46-02D6-4F8F-8CCC-0BB9CF364CEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35FBCA4A-EC26-4393-A137-5C4F43DAA143}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{386CD64E-F6B5-496D-8038-7D5FA55203D3}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe |
"{3C7836B2-238F-45C4-89FD-6A2ED22FC2D3}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{3F0E5E17-9858-49AE-8C0B-5EC0B2DD4741}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44BDCDD8-D48A-4C87-A288-504B4C2740F3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A87C16E-97B6-4A4A-9967-56958D9E6FB2}" = dir=in | app=c:\users\alessandro\appdata\local\microsoft\skydrive\skydrive.exe |
"{4F3CBE1E-9927-4FCA-87B8-F6E2B0C5E8BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C622688-31F6-4372-888C-9D9E9A29C0FD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{611B8AE3-3E98-4F5F-9528-DF1AB034A7E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64938165-2FCF-4B90-8FA1-10D3BA0F464C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{66AB87BA-8C5E-4A78-9B7A-0DB73D5DD5ED}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 13\game\fifa13.exe |
"{687637AB-9D42-42E4-9114-CE3182311076}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DE184F2-1DA1-4D71-A3E9-C2829328E38E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{73B4F0A5-B744-4A0C-AC21-88388D56F1FE}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{73E7D63F-4E15-4A53-B5DE-64EA30A9DE92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77273DB1-6AE2-4A63-ACB8-D0EB3DE64F53}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{77DB5798-A9CF-46BB-851A-CD52385353AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{87BF2EFB-C4F7-496A-A7AD-2055B92134D9}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{8BFC2C54-FD4F-47D1-860A-87D632AC3AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99D168F6-7F7F-413A-922C-68CECA8B5FEA}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{9C4952A8-E321-4E00-9DB3-5A1A307CF05E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9FE65A61-CB53-4C06-9DA3-2AD1B6B9F6DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A04E7E58-984A-4880-AD05-86F7C00C40A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A235D383-B5B8-43E3-B444-2F7ACDC0605C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A6536D2F-0762-40D0-AC5D-988F8DC7BCF2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AE3657F8-384A-405E-9753-932BB3E6718B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE6A3543-7B67-413C-A7A9-CFB4DD22652B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AFD22247-DB64-469D-98E9-2D86AF0E2AC1}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{B3371478-B690-42B9-8054-1514875974B4}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe |
"{B6540AAD-0BB9-4A2B-B9E6-018610D84CE3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E4F97E8D-5BDA-479F-B155-8349E07704F2}" = protocol=17 | dir=in | app=c:\users\alessandro\appdata\roaming\dropbox\bin\dropbox.exe |
"{E5CC0B59-6F70-45EB-A84A-8393F0964903}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8C2AFCD-504D-4ED2-A396-2A9564C496AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EED3F8C4-9096-4E4E-81D7-AC6F61447514}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F53BEF43-729F-40DC-81FE-9114CBCE4D36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7CE7140-D894-493E-BCE1-6F34B9BB76AA}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 13\game\fifa13.exe |
"{F8DE19A5-CF78-4907-BD5C-E5AC7AEBB708}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFBF01E7-181B-4797-BC27-60FE1403A98F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{162A0331-9FD3-4AEA-9E15-76A33E617104}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"TCP Query User{31220FA3-C911-4745-81CA-BAA180FB107B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{34D4F757-2A43-4588-8E89-B59397535A67}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{55D12CFB-805F-4883-BEAC-A0D3CE32BA53}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{85CAE748-37EC-497D-829C-9C4C507B2304}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{9064003F-8810-4C52-8A58-F6130DADBEDF}C:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe |
"TCP Query User{99E5EE95-3799-421F-86E7-E4F33CA61D01}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{DD9D7567-EE4D-4378-B7A9-3A32EEBE52BA}C:\users\alessandro\downloads\rune gold edition\system\rune.exe" = protocol=6 | dir=in | app=c:\users\alessandro\downloads\rune gold edition\system\rune.exe |
"UDP Query User{1C36F4C3-6178-4E6F-A3F2-C2E416EFAE64}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{21022AE6-1799-4D82-9757-7D674E70D11D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{3020D96C-39AC-4C88-86E9-2F99E833ADAD}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"UDP Query User{4BDF6ECC-B33A-42AE-BFCB-AE2B68ABF9A9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{4D54D1D3-6032-45C2-91D9-B55EEB765963}C:\users\alessandro\downloads\rune gold edition\system\rune.exe" = protocol=17 | dir=in | app=c:\users\alessandro\downloads\rune gold edition\system\rune.exe |
"UDP Query User{53B43998-7A9F-45A3-94BD-0C107F329E56}C:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe |
"UDP Query User{A7EE207D-EF95-4100-A559-411303280736}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D932C469-D2DE-405C-80C4-487E1C14F8FD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0FD60254-35B7-4915-862B-26847C9FE8DE}" = Tunebite
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{14383960-3D8E-139D-646A-F22C7DE00DB1}" = Napster 5 Beta
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = T-Mobile Internet Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.Rhapsody.Napster5" = Napster 5 Beta
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Studio_is1" = Free Studio version 5.1.5
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.2.2
"Opera 11.64.1403" = Opera 11.64
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"Postal Fudge Pack" = Postal Fudge Pack
"PunkBusterSvc" = PunkBuster Services
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.06.2013 05:14:22 | Computer Name = Vile | Source = Windows Search Service | ID = 7042
Description =
Error - 26.06.2013 05:14:22 | Computer Name = Vile | Source = Windows Search Service | ID = 9002
Description =
Error - 26.06.2013 05:14:22 | Computer Name = Vile | Source = Windows Search Service | ID = 3029
Description =
Error - 26.06.2013 05:14:23 | Computer Name = Vile | Source = Windows Search Service | ID = 3029
Description =
Error - 26.06.2013 05:14:23 | Computer Name = Vile | Source = Windows Search Service | ID = 3028
Description =
Error - 26.06.2013 05:14:23 | Computer Name = Vile | Source = Windows Search Service | ID = 3058
Description =
Error - 26.06.2013 05:14:23 | Computer Name = Vile | Source = Windows Search Service | ID = 7010
Description =
Error - 26.06.2013 05:46:30 | Computer Name = Vile | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
Sicherheitscenter since QueryServiceConfig API failed System Error: Das System kann
die angegebene Datei nicht finden. .
Error - 26.06.2013 06:05:01 | Computer Name = Vile | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
Sicherheitscenter since QueryServiceConfig API failed System Error: Das System kann
die angegebene Datei nicht finden. .
Error - 26.06.2013 06:07:07 | Computer Name = Vile | Source = Application Hang | ID = 1002
Description = Programm _iu14D2N.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 142c Startzeit:
01ce7254d4b8f5e6 Endzeit: 0 Anwendungspfad: C:\Users\ALESSA~1\AppData\Local\Temp\_iu14D2N.tmp
Berichts-ID:
[ Spybot - Search and Destroy Events ]
Error - 23.05.2013 04:10:40 | Computer Name = Vile | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 27.06.2013 06:49:59 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
Error - 27.06.2013 06:50:29 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
Error - 27.06.2013 06:51:00 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
Error - 27.06.2013 06:51:30 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
Error - 27.06.2013 06:52:00 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
Error - 27.06.2013 06:52:30 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
Error - 27.06.2013 06:53:00 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
Error - 27.06.2013 06:53:30 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
Error - 27.06.2013 06:54:00 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
Error - 27.06.2013 06:54:30 | Computer Name = Vile | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
Fehler beendet: %%2
< End of report >
PS: Mir ist auch gerade aufgefallen, dass Windows-Updates nicht mehr installiert werden können, werden als fehlerhaft angezeigt. Hoffe das passt so, Gruß, Vile |
|
27.06.2013, 12:16
| #4 |
| /// TB-Ausbilder | GVU-Trojaner und Probleme mit dem System Voraussetzung für ein normal laufendes System ist sicher mal saubere Software.. Sonst muss man sich über gar nichts wundern.. Wir suchen nicht gezielt nach solchen Hinweisen, aber wenn wir sie sehen, dann können wir nicht mehr beide Augen zudrücken. Deshalb:  Cracks und KeygensDie Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden. Diese Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen. Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows.
__________________ cheers, Leo |
|
27.06.2013, 14:01
| #5 |
| | GVU-Trojaner und Probleme mit dem System Okay, dann werde ich das tun. Trotzdem vielen Dank für die Hilfe! |
|
| Themen zu GVU-Trojaner und Probleme mit dem System |
| beschädigt, bildschirm, datei, dateien, falsche, fifa, formatieren, formatieren?, frage, gen, google, gvutrojaner, kaspersky, löschen, merkwürdig, microsoft, nicht mehr, nichts, probleme, scan, scannen, spiele, starten, system, system kaputt, task-manager, windows |
Linear-Darstellung
