| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TrojanDownloader Win32/Unruy.HWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2011, 15:23
| #1 |
| |  TrojanDownloader Win32/Unruy.H Bitte um Hilfe. Ich kiege ständig die Meldung TrojanDownloader Win32/Unruy.H und ich kriege sie nicht weg.  Dann kommt so ein Fenster wo steht Browserverlauf löchen die verschwindet aber wieder sofort.Wie kriege ich den TrojanDownloader Win32/Unruy.H weg?Braucht dringend Hilfe  .PS  anke im Vorraus |
|
22.01.2011, 15:38
| #2 |
| /// Malware-holic   |  TrojanDownloader Win32/Unruy.H 1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
__________________2. reiche alle evtl vorhandenen scan logs mit funden nach auch fundorte benennen. 3. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
22.01.2011, 18:07
| #3 |
| | TrojanDownloader Win32/Unruy.H OOOh mist die OTL.Txt war nicht vollständig hier nochmal:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 22.01.2011 17:04:15 - Run 2 OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Ray\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 735,73 Gb Total Space | 270,88 Gb Free Space | 36,82% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,00 Gb Free Space | 45,04% Space Free | Partition Type: FAT32 Drive E: | 175,78 Gb Total Space | 49,27 Gb Free Space | 28,03% Space Free | Partition Type: NTFS Computer Name: RAY-PC | User Name: Ray | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ray\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Ray\AppData\Local\Temp\hki121.exe () PRC - C:\ProgramData\78P8t3QI.exe () PRC - C:\Programme\iTunes\iTunesHelper .exe (Apple Inc.) PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\RegistryTool\RegistryTool.exe (PC Utility, Inc.) PRC - C:\Windows\System32\ieconfig_1und1_svc.exe () PRC - C:\Programme\Common Files\Java\Java Update\jusched .exe (Sun Microsystems, Inc.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdc .exe (Microsoft Corporation) PRC - C:\Programme\Tech\Wheel Mouse\5.0\MOUSE32A .exe () ========== Modules (SafeList) ========== MOD - C:\Users\Ray\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MyWebSearchService) -- File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe () SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (FPCIBASE) -- C:\Windows\System32\drivers\fpcibase.sys (AVM Berlin) DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/402 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/402 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home IE - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaultthis.engineName: "Radio Bar 2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/402" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {9bb815eb-3f9f-4e11-9150-cb70e29b40fc}:3.2.5.2 FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "foxsearch" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://de.search.yahoo.com/firefox/?fr=ffbr-sfp" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin [2010.10.02 19:01:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.02 17:53:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.02 17:53:36 | 000,000,000 | ---D | M] [2010.05.07 23:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray\AppData\Roaming\mozilla\Extensions [2011.01.22 15:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray\AppData\Roaming\mozilla\Firefox\Profiles\v6yh2x33.default\extensions [2010.05.11 18:22:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ray\AppData\Roaming\mozilla\Firefox\Profiles\v6yh2x33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.20 02:01:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ray\AppData\Roaming\mozilla\Firefox\Profiles\v6yh2x33.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.01.20 02:01:42 | 000,000,000 | ---D | M] (Radio Bar 2 Community Toolbar) -- C:\Users\Ray\AppData\Roaming\mozilla\Firefox\Profiles\v6yh2x33.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc} [2010.08.29 13:10:53 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Ray\AppData\Roaming\mozilla\Firefox\Profiles\v6yh2x33.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.20 08:29:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ray\AppData\Roaming\mozilla\Firefox\Profiles\v6yh2x33.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.06.27 20:30:12 | 000,000,000 | ---D | M] (www.dotu.ru) -- C:\Users\Ray\AppData\Roaming\mozilla\Firefox\Profiles\v6yh2x33.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385} [2011.01.20 02:01:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ray\AppData\Roaming\mozilla\Firefox\Profiles\v6yh2x33.default\extensions\engine@conduit.com [2010.05.09 14:14:24 | 000,001,819 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\v6yh2x33.default\searchplugins\bing.xml [2010.06.08 10:30:42 | 000,000,925 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\v6yh2x33.default\searchplugins\conduit.xml [2010.06.18 22:08:52 | 000,010,017 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\v6yh2x33.default\searchplugins\mywebsearch.xml [2010.05.17 16:04:52 | 000,003,915 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\v6yh2x33.default\searchplugins\sweetim.xml [2011.01.18 10:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.07 23:01:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.01.15 10:14:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.11.07 12:57:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.21 09:08:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.15 10:14:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.11.07 12:57:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.21 09:08:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.10.02 19:01:07 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN [2011.01.18 10:29:31 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.30 11:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Programme\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll [2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.05.07 23:21:43 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src [2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.17 17:39:43 | 000,001,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.8minutedating.com O1 - Hosts: 127.0.0.1 whysohardx.com O1 - Hosts: 127.0.0.1 protectyourpc-11.com O1 - Hosts: 127.0.0.1 checkserverstatux.com O1 - Hosts: 127.0.0.1 xinmin.cn O1 - Hosts: 127.0.0.1 xy95.cn O1 - Hosts: 127.0.0.1 koralda.com O1 - Hosts: 127.0.0.1 weirden.com O1 - Hosts: 127.0.0.1 nanocloudcontroller.com O1 - Hosts: 127.0.0.1 coo0lnet.net O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Programme\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll () O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Programme\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll () O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Error: Value error. File not found O3 - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD) O4 - HKLM..\Run: [LWBMOUSE] C:\Programme\Tech\Wheel Mouse\5.0\MOUSE32A.EXE () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe () O4 - HKU\.DEFAULT..\Run: [vnfuz] C:\Windows\System32\config\systemprofile\vnfuz.exe (ecBHA95) O4 - HKU\S-1-5-18..\Run: [vnfuz] C:\Windows\System32\config\systemprofile\vnfuz.exe (ecBHA95) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0 O7 - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0 O7 - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Ray\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ray\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3789118792-2475850360-2327212794-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Discordia, LTD) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ray\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Ray\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - File not found SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - File not found SafeBootNet: Messenger - File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll () CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.01.18 10:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Fun4IM [2011.01.18 10:29:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Searchqu Toolbar [2011.01.18 10:29:30 | 000,000,000 | ---D | C] -- C:\Programme\Fun4IM [2011.01.17 12:22:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.01.16 19:04:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.01.11 19:32:55 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.11 19:32:41 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.08 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Local\PictureConverter [2011.01.08 15:55:29 | 000,000,000 | ---D | C] -- C:\Users\Ray\Documents\Emails [2011.01.08 00:09:05 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Roaming\.minecraft [2011.01.07 23:49:34 | 000,000,000 | ---D | C] -- C:\Users\Ray\Desktop\minecraft [2011.01.07 20:58:27 | 000,000,000 | ---D | C] -- C:\Users\Ray\Documents\Cross Fire [2011.01.07 20:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games [2011.01.07 20:45:30 | 000,000,000 | ---D | C] -- C:\Programme\Z8Games [2011.01.07 20:24:59 | 506,802,211 | ---- | C] (Z8Games.com ) -- C:\Users\Ray\Desktop\CrossFire_Setup_v1056_xfire.exe [2011.01.06 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\Ray\Documents\EasyThai [2011.01.06 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Local\dictionary [2011.01.06 15:10:12 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Roaming\EasyThai [2011.01.06 15:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyThai 2.5.1 [2011.01.06 15:10:11 | 000,000,000 | ---D | C] -- C:\Programme\EasyThai [2011.01.02 17:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.01.02 17:54:51 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.01.02 17:54:49 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.01.02 17:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.01.02 17:52:54 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2011.01.02 17:49:29 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.01.02 17:47:00 | 000,000,000 | ---D | C] -- C:\Programme\Safari [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.22 17:00:09 | 000,156,121 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.01.22 17:00:09 | 000,156,065 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.01.22 16:49:04 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.22 16:49:04 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.22 16:18:01 | 000,000,230 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2011.01.22 16:16:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.22 14:50:25 | 000,000,112 | ---- | M] () -- C:\ProgramData\R2B46k2.dat [2011.01.22 14:50:24 | 000,082,434 | ---- | M] () -- C:\ProgramData\78P8t3QI.exe_ [2011.01.22 14:50:24 | 000,082,434 | ---- | M] () -- C:\ProgramData\78P8t3QI.exe [2011.01.22 14:49:22 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\RegistryTool Startup.job [2011.01.22 14:49:16 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.22 14:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.22 14:48:43 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys [2011.01.22 13:00:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.22 12:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\RegistryTool Scan.job [2011.01.22 11:49:41 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A786445-B446-4695-BE00-3ED017DF6210}.job [2011.01.21 12:33:54 | 000,009,216 | ---- | M] () -- C:\Users\Ray\Documents\Scherer 02-2011.wps [2011.01.21 12:33:54 | 000,002,930 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\wklnhst.dat [2011.01.21 08:41:20 | 138,604,284 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.19 17:48:46 | 000,009,728 | ---- | M] () -- C:\Users\Ray\Documents\Rech.Nr. 01-2011.wps [2011.01.18 15:44:15 | 000,010,240 | ---- | M] () -- C:\Users\Ray\Documents\Kristionat KSV.wps [2011.01.17 12:50:53 | 000,009,216 | ---- | M] () -- C:\Users\Ray\Documents\Hubert 03-2010.wps [2011.01.08 21:42:57 | 000,032,040 | ---- | M] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_5.png [2011.01.08 21:42:56 | 000,032,040 | ---- | M] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_4.png [2011.01.08 21:42:55 | 000,032,040 | ---- | M] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_3.png [2011.01.08 21:42:55 | 000,032,040 | ---- | M] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_2.png [2011.01.08 21:42:54 | 000,032,040 | ---- | M] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_1.png [2011.01.08 21:42:45 | 000,032,040 | ---- | M] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089.png [2011.01.07 20:47:57 | 000,000,933 | ---- | M] () -- C:\Users\Ray\Desktop\CrossFire.lnk [2011.01.07 20:39:53 | 506,802,211 | ---- | M] (Z8Games.com ) -- C:\Users\Ray\Desktop\CrossFire_Setup_v1056_xfire.exe [2011.01.06 15:10:11 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\EasyThai 2.5.1.lnk [2011.01.06 12:55:08 | 000,010,240 | ---- | M] () -- C:\Users\Ray\Documents\Rech. Nr. 04-2010 GL.wps [2011.01.06 12:52:52 | 000,009,728 | ---- | M] () -- C:\Users\Ray\Documents\Rech Nr. 03-2010 GL.wps [2011.01.02 17:55:29 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.01.02 17:53:15 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.01.02 17:47:03 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.01.02 17:26:43 | 000,001,207 | ---- | M] () -- C:\Users\Ray\Desktop\Free YouTube to iPod Converter.lnk [2011.01.01 16:36:43 | 000,168,267 | ---- | M] () -- C:\Users\Ray\Desktop\2010_10_19_INVedit.zip [2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.20 16:45:10 | 000,009,216 | ---- | C] () -- C:\Users\Ray\Documents\Scherer 02-2011.wps [2011.01.19 17:48:46 | 000,009,728 | ---- | C] () -- C:\Users\Ray\Documents\Rech.Nr. 01-2011.wps [2011.01.18 15:44:15 | 000,010,240 | ---- | C] () -- C:\Users\Ray\Documents\Kristionat KSV.wps [2011.01.17 12:22:32 | 138,604,284 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.01.17 09:50:52 | 000,082,434 | ---- | C] () -- C:\ProgramData\78P8t3QI.exe_ [2011.01.17 09:50:52 | 000,082,434 | ---- | C] () -- C:\ProgramData\78P8t3QI.exe [2011.01.17 09:50:41 | 000,000,112 | ---- | C] () -- C:\ProgramData\R2B46k2.dat [2011.01.08 21:42:57 | 000,032,040 | ---- | C] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_5.png [2011.01.08 21:42:56 | 000,032,040 | ---- | C] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_4.png [2011.01.08 21:42:55 | 000,032,040 | ---- | C] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_3.png [2011.01.08 21:42:55 | 000,032,040 | ---- | C] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_2.png [2011.01.08 21:42:54 | 000,032,040 | ---- | C] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089_1.png [2011.01.08 21:42:45 | 000,032,040 | ---- | C] () -- C:\Users\Ray\Desktop\safe-soda-monster_2_2089.png [2011.01.07 20:47:57 | 000,000,933 | ---- | C] () -- C:\Users\Ray\Desktop\CrossFire.lnk [2011.01.06 15:10:11 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\EasyThai 2.5.1.lnk [2011.01.02 17:55:29 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.01.02 17:53:15 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.01.02 17:47:03 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2011.01.02 17:26:43 | 000,001,207 | ---- | C] () -- C:\Users\Ray\Desktop\Free YouTube to iPod Converter.lnk [2011.01.01 16:37:31 | 000,168,267 | ---- | C] () -- C:\Users\Ray\Desktop\2010_10_19_INVedit.zip [2010.11.27 14:00:40 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.25 15:38:41 | 000,000,872 | ---- | C] () -- C:\Windows\disney.ini [2010.08.13 06:12:14 | 000,000,137 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.07.05 06:48:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.07.04 14:20:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.07.03 18:54:40 | 000,000,091 | ---- | C] () -- C:\Users\Ray\AppData\Local\fusioncache.dat [2010.07.03 18:25:22 | 000,137,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.03 18:25:20 | 000,022,328 | ---- | C] () -- C:\Users\Ray\AppData\Roaming\PnkBstrK.sys [2010.05.16 13:30:28 | 000,002,930 | ---- | C] () -- C:\Users\Ray\AppData\Roaming\wklnhst.dat [2010.05.14 16:33:20 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll [2010.05.09 17:30:05 | 000,017,920 | ---- | C] () -- C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.09 16:54:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.05.08 08:02:28 | 000,156,065 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.05.07 23:08:15 | 000,156,121 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.05.07 22:56:22 | 000,000,680 | ---- | C] () -- C:\Users\Ray\AppData\Local\d3d9caps.dat [2009.09.11 01:01:44 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2011.01.08 00:13:18 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\.minecraft [2010.05.17 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\1&1 [2010.06.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Armagetron [2010.11.07 12:10:15 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Bioshock [2010.06.19 19:52:55 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Blender Foundation [2010.10.29 16:42:33 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Dev-Cpp [2011.01.02 17:26:44 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.06 15:15:11 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\EasyThai [2010.07.19 15:18:21 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Gutscheinmieze [2010.06.26 16:40:55 | 000,000,000 | -H-D | M] -- C:\Users\Ray\AppData\Roaming\ijjigame [2010.10.30 21:40:56 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\RadiantSettings [2011.01.22 11:46:57 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\RegistryTool [2010.06.19 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Synthesia [2010.05.16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Template [2010.09.25 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Touchstone [2010.07.04 15:37:33 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Uniblue [2011.01.22 12:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\RegistryTool Scan.job [2011.01.22 14:49:22 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\RegistryTool Startup.job [2011.01.22 12:02:11 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.22 11:49:41 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6A786445-B446-4695-BE00-3ED017DF6210}.job [2011.01.22 16:18:01 | 000,000,230 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== ========== Custom Scans ========== < > < > < TrojanDownloader Win32/Unruy.H - Standard > Invalid Switch: Unruy.H - Standard < AW: TrojanDownloader Win32/Unruy.H > Invalid Switch: Unruy.H < > < > < 1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend. > < 2. reiche alle evtl vorhandenen scan logs mit funden nach > < auch fundorte benennen. > < 3. > < Systemscan mit OTL > < download otl: > < hxxp://oldtimer.geekstogo.com/OTL.exe > Invalid Switch: OTL.exe < > < Doppelklick auf die OTL.exe > < (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) > < 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output > < 2. Hake an "scan all users" > < 3. Unter "Extra Registry wähle: > < "Use Safelist" "LOP Check" "Purity Check" > < 4. Kopiere in die Textbox: > < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.08 00:13:18 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\.minecraft [2010.05.17 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\1&1 [2010.09.09 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Adobe [2010.10.09 23:24:14 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Apple Computer [2010.06.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Armagetron [2010.11.07 12:10:15 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Bioshock [2010.06.19 19:52:55 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Blender Foundation [2010.10.29 16:42:33 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Dev-Cpp [2011.01.02 17:26:44 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.06 15:15:11 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\EasyThai [2010.11.03 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Google [2010.07.19 15:18:21 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Gutscheinmieze [2010.05.07 22:56:27 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Identities [2010.06.26 16:40:55 | 000,000,000 | -H-D | M] -- C:\Users\Ray\AppData\Roaming\ijjigame [2010.09.25 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\InstallShield [2010.05.08 19:42:11 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Macromedia [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Media Center Programs [2011.01.14 12:42:45 | 000,000,000 | --SD | M] -- C:\Users\Ray\AppData\Roaming\Microsoft [2010.05.07 23:01:51 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Mozilla [2010.10.30 21:40:56 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\RadiantSettings [2011.01.22 11:46:57 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\RegistryTool [2010.07.03 18:56:56 | 000,000,000 | RH-D | M] -- C:\Users\Ray\AppData\Roaming\SecuROM [2011.01.22 16:53:03 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Skype [2011.01.22 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\skypePM [2010.06.19 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Synthesia [2010.05.16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Template [2010.09.25 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Touchstone [2010.07.04 15:37:33 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Uniblue [2010.06.19 22:25:12 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\WinRAR [2010.05.14 17:56:47 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Xfire < %APPDATA%\*.exe /s > [1999.08.17 00:22:00 | 000,019,083 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\EasyThai\read\interface\Deltree.exe [2004.06.02 04:17:46 | 000,459,264 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\EasyThai\read\interface\exitsalika.exe [2004.06.11 02:16:26 | 000,502,784 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\EasyThai\read\interface\process.exe [2004.07.08 15:50:52 | 003,395,072 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\EasyThai\read\interface\salika.exe [2003.08.01 05:17:32 | 000,819,200 | ---- | M] (Microsoft Corp.) -- C:\Users\Ray\AppData\Roaming\EasyThai\read\interface\ttsapp.exe [2010.04.12 13:33:56 | 000,825,344 | ---- | M] (Synatix GmbH) -- C:\Users\Ray\AppData\Roaming\Gutscheinmieze\uninstall.exe [2010.06.26 20:58:48 | 2208,265,233 | ---- | M] (Acresso Software Inc.) -- C:\Users\Ray\AppData\Roaming\ijjigame\U_AVA_Setup.exe [2010.08.28 19:40:23 | 000,010,134 | R--- | M] () -- C:\Users\Ray\AppData\Roaming\Microsoft\Installer\{7E4B7FD9-4ECE-4298-A910-3160B7918059}\ARPPRODUCTICON.exe [2011.01.21 16:32:31 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\Users\Ray\AppData\Roaming\RegistryTool\wuasetup.exe < %SYSTEMDRIVE%\*.exe > [2009.06.05 22:07:46 | 113,060,248 | ---- | M] (Macromedia ) -- C:\Flash8-en.exe [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old.001\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old.001\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old.001\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 13:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\machine.inf_c41411ff\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old.000\Windows\System32\drivers\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\machine.inf_986ce78a\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old.000\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys < MD5 for: ATAPI.SYS > [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old.000\Windows\System32\drivers\atapi.sys [2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys [2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old.000\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old.001\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old.001\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old.001\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys [2006.11.02 13:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old.000\Windows\System32\cngaudit.dll [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old.000\Windows\SysWOW64\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old.001\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Windows.old\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old.001\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows.old.000\Windows\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old.000\Windows\SysWOW64\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.10.08 23:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.10.08 23:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows.old\Windows\System32\drivers\iaStor.sys [2007.10.08 23:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys [2007.10.08 23:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old.000\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\iastorv.inf_fbe95c71\iaStorV.sys [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old.000\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old.001\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old.001\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 12:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\iastorv.inf_69d79584\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows.old.000\Windows\System32\netlogon.dll [2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old.001\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old.000\Windows\SysWOW64\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 13:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\nvraid.inf_a5403adf\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old.001\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old.001\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old.000\Windows\System32\drivers\nvstor.sys [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\nvraid.inf_63cdbcfd\nvstor.sys [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old.000\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old.000\Windows\SysWOW64\scecli.dll [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows.old.000\Windows\System32\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old.001\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows.old.000\Windows\System32\user32.dll [2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows.old.000\Windows\SysWOW64\user32.dll [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old.001\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old.000\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows.old.000\Windows\System32\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows.old.000\Windows\System32\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old.001\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old.000\Windows\SysWOW64\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows.old.000\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old.001\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2010.11.02 06:57:10 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Files - Unicode (All) ========== [2010.06.27 09:33:46 | 000,000,000 | ---D | M](C:\Users\Ray\Documents\?? ???) -- C:\Users\Ray\Documents\넥슨 플러그 [2010.06.27 09:33:46 | 000,000,000 | ---D | C](C:\Users\Ray\Documents\?? ???) -- C:\Users\Ray\Documents\넥슨 플러그 ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Ray\Desktop\10 Minuten.avi:TOC.WMV < End of report > |
|
22.01.2011, 18:12
| #4 |
| | TrojanDownloader Win32/Unruy.H Und auch die Extars:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.01.2011 17:04:15 - Run 2
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Ray\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 735,73 Gb Total Space | 270,88 Gb Free Space | 36,82% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,00 Gb Free Space | 45,04% Space Free | Partition Type: FAT32
Drive E: | 175,78 Gb Total Space | 49,27 Gb Free Space | 28,03% Space Free | Partition Type: NTFS
Computer Name: RAY-PC | User Name: Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3789118792-2475850360-2327212794-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27072062-1120-4F8F-84B5-A3D24A59034E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2DCC2BD3-3E57-46BA-92B2-2CB536880B03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{329947C1-67A7-4C9F-B6AD-47A3CB214FDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B337069-70E1-4A6A-997C-00F1769F6BD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4311DE44-0229-4EF6-9420-FF24B06DC4A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{453F645E-CF3C-44F3-992F-0F9F186B81F2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{5E0DE1B8-16F5-4214-9E77-304ECFF1177F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6CB2D97F-EC0E-42B4-900B-252AF8CD9D9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{758E5590-830B-499F-A845-16EC780ADAA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79903FEE-6E55-4C6C-A3BE-424E1ED06566}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8B9B1C72-EA94-409F-9503-EB4E408E869A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A7ADBE2C-3726-4627-8BC5-F3071D6F33AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD07FBD8-798E-4C80-BE0F-A03A8936D2DD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D48A1F92-EB89-4F13-A4A5-6EC8E549C393}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E119F794-1522-43B8-9E05-81067545E681}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EEE60F7C-84DE-4C44-AE80-2D9F6A4CEBFE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F9095AFA-FB59-4D6C-BDCA-5F45AF4EAC1E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FADA8FF0-61C1-41DE-9991-60C16A4840B5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04594DCB-09BC-4F79-ADA5-B9472C2B2180}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0563F463-BA69-47DC-8A48-4E1234D6B5A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{063926E1-D627-4C13-BE48-B81CC2C1926A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{07D7DA54-D9A3-4393-BBDE-FF63EAFA0B04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{08CF009A-52A0-4DB5-867F-5A9C5E011020}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{0E2E253C-C537-49D1-AEAF-B596D8E16996}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{145A6AD7-6A0B-4107-885C-B902BDC5A81C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1996E635-5316-453A-93A7-EE7CB9AAC2E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19E1526C-A8BE-4732-ABC1-4A911AB445ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{241BDBBF-4589-4357-8315-12BF9E3479E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{246BBC8D-2FA9-4B4D-B5BA-F2E3167F883D}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{259420A5-7AEE-4BFC-A59E-A0160E309A58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27879DF9-7986-47F1-A9EB-602E69BB72AA}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{2DF43529-858D-42B2-B94A-3A226E90D338}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{339EA74E-778C-4008-9F34-404EB6DCEC14}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34CB6326-9BBD-4E2A-90F4-565D32EB2EDA}" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe |
"{3ADF1B1C-1434-4D59-86E5-6812A00AB448}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v4.0\bin\xnaliveproxy.exe |
"{410E20F4-BC0E-4D5D-9C4C-8E846CC2F133}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{445A4641-23C1-4A5F-B7CD-E5E0D8C60108}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{45B0984B-BBE1-4D58-B013-CC84FEC85D36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{464A2DFB-0466-423B-8822-B39761719CAC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{47328EFE-5FE9-4DA6-B8CC-1715C16BA50F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{4F38DB0D-EF2F-4E49-8710-D044C76ED9D1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4F5CC37A-4E1A-48F0-8228-B068E72C1A4B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50EB06A9-B0FD-4167-B580-773D4E0B6D91}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5A753E8B-FF06-46E6-BAB6-3C4226FD3B22}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5E3F5969-7A32-456D-B4EA-FB1351B42920}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5EBD752E-5DE6-4FEE-B378-6B047C087710}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6125F1AA-5F75-4272-9FAA-FC59C083D1D6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{61CB5CAA-BB0E-4E79-923E-E89335C05B2F}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{65062896-6AAC-438E-B61D-43EFD8CE4D33}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{672F9908-41E1-409A-B99C-45667C60970B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E6EA364-4B2A-47C8-983D-F597C7F7EE16}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{726DB1C5-540D-41EB-9D4C-DB51C5C8432A}" = protocol=17 | dir=in | app=c:\users\ray\appdata\local\microsoft\windows\temporary internet files\content.ie5\zj41hers\sweetimsetup[1].exe |
"{7305ECFB-A880-47BD-9D24-B6A39E48FA9E}" = protocol=6 | dir=out | app=system |
"{73B1743C-D08C-4ACC-82EA-692E3E710ABD}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{7447E607-1A54-4ABE-A38A-D92E09C741C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7667D555-6002-4391-A945-B84A5AAFB600}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{776F0230-9E02-440A-B534-1359DD7A3837}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77F50501-B792-4586-B184-57B1C84E152B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7A19E61E-18D5-44E6-99B1-3F8269B1BD60}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9CD2C5BD-8BF0-4A2A-BCA9-9933F1B659AA}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{9CE1FCF9-E7E1-43C1-9278-8740BE11CA0A}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{9DCB664D-6DC6-4639-B789-0A0095ACAD25}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A11A5EE2-2EE4-4BDC-A58E-BB09B467C05A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{A640EE55-6205-426F-8BEA-7B04460F4845}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{A9D7519F-C3DA-49B0-962D-4708686DDCF8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A9DA8732-181B-4EF3-A9C9-215FD4B52E78}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{AE01A4CE-9C8E-422C-9810-F6CAB57F26BB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AE5F43C8-B3DC-4825-9E3C-BA7D6663BCDD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B21EEB47-B6EE-414A-BD3D-C42364266B0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4C535B7-DDB6-49F1-9385-D69E1A7E0F54}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{B5A64D94-51AC-441F-8824-937924275543}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B9C84C1B-C2EF-4437-A672-E4DEC481E72F}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{BAF0A47B-F529-4790-AFFA-96802D863FA9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8458A25-3925-4303-8CDA-B3A444A8FFC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF581A5D-1C30-4E79-BD32-3C93F5E869CF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D9A61B8E-7308-4A18-BCB4-6E0BDB021871}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{D9FBF2B9-7A31-4906-9250-95D09F2F3299}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E797580D-9B4E-4A72-A209-7100FFA7CF20}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC69E909-89FC-4787-A56D-C951BB755A3B}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{ED7A57E9-923B-4FC0-87AE-7B9E3B10C3AE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EF67440F-D9F3-4888-8327-210E7C3CE5A3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F02A7A3E-D2E1-485E-9515-F96144EA27F5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F1A8144F-035C-439D-84CB-4087E538F9A6}" = dir=in | app=c:\program files\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe |
"{F3A77236-EFA2-46E5-A653-0B3055364EBA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F4BEA718-E10F-4490-ACAE-9F9A501FF3D6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F60DF088-5594-4CCD-ADE2-E2432A32240B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{FE03DB76-7B08-4E4D-811F-D8053F9B2C2C}" = protocol=6 | dir=in | app=c:\users\ray\appdata\local\microsoft\windows\temporary internet files\content.ie5\zj41hers\sweetimsetup[1].exe |
"{FED1FFB7-418C-429E-9E46-BB5A2E4837D6}" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe |
"TCP Query User{1553C98B-7049-4582-90FF-F66CAA4D501A}C:\program files\activision\call of duty 2\cod2mp_.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_.exe |
"TCP Query User{39B3D400-960B-4DFB-9D33-99598CC5FFCF}C:\users\ray\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\ray\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"TCP Query User{3A415A10-2597-4FDC-AC49-6847EBB232C1}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{424B8A3A-1E9D-4331-8ECB-8C5B93B2A34B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{4789D098-8953-45B1-88C6-BEF4F34632F5}C:\program files\armagetron advanced\armagetronad.exe" = protocol=6 | dir=in | app=c:\program files\armagetron advanced\armagetronad.exe |
"TCP Query User{68228789-D29A-4853-A410-6B1483EF3141}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6EEDD2EA-51D6-43D6-838F-EBFCF8B5A428}C:\udk\udk-2010-12\binaries\win32\udkmobile.exe" = protocol=6 | dir=in | app=c:\udk\udk-2010-12\binaries\win32\udkmobile.exe |
"TCP Query User{7AF53E2C-DC2C-4C06-AF99-A30383D54A9D}C:\program files\touchstone\turok\binaries\turokgame.exe" = protocol=6 | dir=in | app=c:\program files\touchstone\turok\binaries\turokgame.exe |
"TCP Query User{818C77A3-B52A-4B10-B8DC-9013B342040D}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"TCP Query User{9C6B4E6F-6071-4163-9E37-07B9C90B0511}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B857CE72-35D3-4633-817F-136D015A0C88}C:\udk\udk-2010-12\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2010-12\binaries\win32\udk.exe |
"TCP Query User{E379F9E8-9C67-40D8-BE40-FC21BC1A3FEB}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{EE8BCAD5-9F6A-4FEB-8DA9-A223BCED0EF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{F18ECFC9-2457-407A-AC43-B229DB052F4F}C:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe |
"UDP Query User{28879A7D-4D4C-46E8-A6BD-035E3207AA25}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{2A6ED574-AC17-4D1E-90A2-D7405A403A96}C:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe |
"UDP Query User{39BD390E-BC8B-4B00-A6F0-9F9ACA081C8C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4BD00618-64D5-4843-987E-3C77E09E7C68}C:\users\ray\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\ray\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"UDP Query User{699A0C27-9780-444E-A04D-98AE28D10BB1}C:\program files\touchstone\turok\binaries\turokgame.exe" = protocol=17 | dir=in | app=c:\program files\touchstone\turok\binaries\turokgame.exe |
"UDP Query User{71DBD5CF-C179-4321-8B69-22483589DDB1}C:\udk\udk-2010-12\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2010-12\binaries\win32\udk.exe |
"UDP Query User{97B9679D-78D7-4AE2-9B08-9DFA1BB90346}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{B31BFB06-5281-460E-B5C5-0DA60EBCB459}C:\program files\armagetron advanced\armagetronad.exe" = protocol=17 | dir=in | app=c:\program files\armagetron advanced\armagetronad.exe |
"UDP Query User{B43BB74D-EFF8-4FE4-88E4-880C0BEE38E1}C:\udk\udk-2010-12\binaries\win32\udkmobile.exe" = protocol=17 | dir=in | app=c:\udk\udk-2010-12\binaries\win32\udkmobile.exe |
"UDP Query User{B8C4A533-A458-4CE9-A40E-40F7F3B1DB4E}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{BBC802DB-6E26-4EC9-BAD3-B8314478A338}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"UDP Query User{CA00D996-FDB0-4409-B5C8-1F8E19DAE050}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{EC46FF7C-6042-417C-9CC0-E55566F65124}C:\program files\activision\call of duty 2\cod2mp_.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_.exe |
"UDP Query User{F4BBBFD8-0176-4C27-9A31-7CCD454075A8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BC3AF44-D80E-4744-A8E1-9BC540424AC9}" = Turok
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EC98A9A-2D2B-4208-9F2C-9F8B58757EF5}" = EasyThai
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773421E8-AD7B-4DC8-AED1-9300D69E1659}" = Touchstone Installer
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{911A0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5B5A16D-277A-476B-8F62-1029A2F23072}" = AGEIA PhysX v8.01.18
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C60A9FDB-05B8-4C58-89A5-4CE200992198}" = RegistryTool
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EB34F9DA-CBF7-4BA0-90DD-8CE006977394}" = GenesisAD
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE4A45C9-85DC-4506-8702-305B180E2BA1}" = ThaiVocLearn
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7D0A1C2-9CBA-4207-8138-DE9DDBFCFAA3}" = Star Wars Battlefront II Mod Tools
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Armagetron Advanced" = Armagetron Advanced 0.2.8.3.1.gcc
"AVMFBox" = AVM FRITZ!Box Dokumentation
"Bandoo" = Fun4IM
"Blender" = Blender (remove only)
"CamStudio" = CamStudio
"Click MusicalKEYS_is1" = Click MusicalKEYS 3.0.214
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cross Fire_is1" = Cross Fire En
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EA Download Manager" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.29
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Jetfighter 5_is1" = Jetfighter 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyWebSearch bar Uninstall" = My Web Search
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Plants vs. Zombies" = Plants vs. Zombies
"PunkBusterSvc" = PunkBuster Services
"Sauerbraten" = Sauerbraten
"Searchqu MediaBar" = Windows Searchqu Toolbar
"Tech Wheel Mouse" = Tech Wheel Mouse 5.0
"ThaiRoman_is1" = Thai Romanization version 1.4
"UDK-e8a0ffc0-d2f5-41ee-b404-8700ef8df6d6" = Unreal Development Kit: 2010-12
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.01.2011 06:48:31 | Computer Name = Ray-PC | Source = VSS | ID = 8194
Description =
Error - 22.01.2011 06:48:53 | Computer Name = Ray-PC | Source = SPP | ID = 16387
Description =
Error - 22.01.2011 06:48:53 | Computer Name = Ray-PC | Source = System Restore | ID = 8193
Description =
Error - 22.01.2011 07:02:06 | Computer Name = Ray-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc000071b, Fehleroffset 0x000888f5, Prozess-ID 0x444, Anwendungsstartzeit
01cbba21954b1bcd.
Error - 22.01.2011 09:50:24 | Computer Name = Ray-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.01.2011 09:51:41 | Computer Name = Ray-PC | Source = VSS | ID = 8194
Description =
Error - 22.01.2011 09:51:52 | Computer Name = Ray-PC | Source = SPP | ID = 16387
Description =
Error - 22.01.2011 09:51:52 | Computer Name = Ray-PC | Source = System Restore | ID = 8193
Description =
Error - 22.01.2011 12:04:57 | Computer Name = Ray-PC | Source = SPP | ID = 16387
Description =
Error - 22.01.2011 12:04:57 | Computer Name = Ray-PC | Source = System Restore | ID = 8193
Description =
[ Media Center Events ]
Error - 03.07.2010 17:40:32 | Computer Name = Ray-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 18.10.2010 11:14:42 | Computer Name = Ray-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 18.12.2010 09:24:33 | Computer Name = Ray-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 22.01.2011 06:44:00 | Computer Name = Ray-PC | Source = DCOM | ID = 10005
Description =
Error - 22.01.2011 06:45:47 | Computer Name = Ray-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 22.01.2011 06:45:47 | Computer Name = Ray-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 22.01.2011 06:47:43 | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 22.01.2011 06:50:18 | Computer Name = Ray-PC | Source = DCOM | ID = 10010
Description =
Error - 22.01.2011 09:48:26 | Computer Name = Ray-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 22.01.2011 09:48:26 | Computer Name = Ray-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 22.01.2011 09:50:25 | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 22.01.2011 09:52:47 | Computer Name = Ray-PC | Source = DCOM | ID = 10010
Description =
Error - 22.01.2011 12:24:45 | Computer Name = Ray-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
22.01.2011, 18:23
| #5 |
| /// Malware-holic | TrojanDownloader Win32/Unruy.H • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Ray\AppData\Local\Temp\hki121.exe () PRC - C:\ProgramData\78P8t3QI.exe () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKU\.DEFAULT..\Run: [vnfuz] C:\Windows\System32\config\systemprofile\vnfuz.exe (ecBHA95) O4 - HKU\S-1-5-18..\Run: [vnfuz] C:\Windows\System32\config\systemprofile\vnfuz.exe (ecBHA95) [2011.01.22 16:18:01 | 000,000,230 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2011.01.22 14:50:25 | 000,000,112 | ---- | M] () -- C:\ProgramData\R2B46k2.dat [2011.01.22 14:50:24 | 000,082,434 | ---- | M] () -- C:\ProgramData\78P8t3QI.exe_ [2011.01.22 14:50:24 | 000,082,434 | ---- | M] () -- C:\ProgramData\78P8t3QI.exe :Files C:\ProgramData\78P8t3QI.exe C:\Users\Ray\AppData\Local\Temp\hki121.exe :Commands [purity] [EMPTYFLASH] [resethosts] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer,, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2011, 18:49
| #6 |
| | TrojanDownloader Win32/Unruy.H Hier das aus dem Textdokumet: All processes killed ========== OTL ========== No active process named hki121.exe was found! No active process named 78P8t3QI.exe was found! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\vnfuz deleted successfully. C:\Windows\System32\config\systemprofile\vnfuz.exe moved successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\vnfuz not found. File C:\Windows\System32\config\systemprofile\vnfuz.exe not found. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully. C:\ProgramData\R2B46k2.dat moved successfully. C:\ProgramData\78P8t3QI.exe_ moved successfully. C:\ProgramData\78P8t3QI.exe moved successfully. ========== FILES ========== File\Folder C:\ProgramData\78P8t3QI.exe not found. C:\Users\Ray\AppData\Local\Temp\hki121.exe moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Ray ->Flash cache emptied: 1460 bytes Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Ray ->Temp folder emptied: 350898667 bytes ->Temporary Internet Files folder emptied: 6842243 bytes ->Java cache emptied: 1357037 bytes ->FireFox cache emptied: 37100969 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32443125 bytes RecycleBin emptied: 470367645 bytes Total Files Cleaned = 857,00 mb OTL by OldTimer - Version 3.2.20.3 log created on 01222011_184231 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
22.01.2011, 18:57
| #7 |
| | TrojanDownloader Win32/Unruy.H Habe es so hochgeladen wie in der Anleitung. |
|
22.01.2011, 19:03
| #8 |
| /// Malware-holic | TrojanDownloader Win32/Unruy.H download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2011, 23:19
| #9 |
| |  TrojanDownloader Win32/Unruy.H So hatte etwas gedauert hier die Log Datei: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5571 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 22.01.2011 23:18:05 mbam-log-2011-01-22 (23-18-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 792793 Laufzeit: 3 Stunde(n), 54 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 128 Infizierte Registrierungswerte: 7 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 17 Infizierte Dateien: 45 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\UBC5AB1IDP (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Users\Ray\downloads\adobe_flash_player.exe (Fake.Flash) -> Quarantined and deleted successfully. c:\Users\Ray\downloads\setup.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\Windows.old\program files\homecinema\mediashow4\subsys\BigBang\Runtime\muitransfer\muitransfer.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully. c:\Windows.old\program files\strangelite\starship troopers demo\Bin\mint-sst.exe (Malware.NSPack) -> Quarantined and deleted successfully. c:\Windows.old\program files\Sukoku\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\Windows.old\Users\ray\AppData\Local\Temp\is-V60U1.tmp\dealio.exe (PUP.Dealio) -> Not selected for removal. c:\Windows.old\Users\ray\Desktop\lennart\spiele\termite_tool_box.exe (Joke.Stressreducer) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. |
|
22.01.2011, 23:33
| #10 |
| | TrojanDownloader Win32/Unruy.H Aber die Meldung von dem TrojanDownloader Win32/Unruy.H kommt immer noch. |
|
23.01.2011, 11:44
| #11 |
| /// Malware-holic | TrojanDownloader Win32/Unruy.H du hast mir frage 1 aus dem eingangspost nicht beantwortet, ich möchte die fund meldung, mit pfad angabe. danach weiter: bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu TrojanDownloader Win32/Unruy.H |
| downloader, dringend, fenster, kriege, loader, meldung, troja, trojan downloader, trojandownloader, verschwindet, win, win32 |
Linear-Darstellung
