| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.05.2013, 00:09
| #1 |
| |  GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber? Hallo, vor einer Weile habe ich mir den GVU Trojaner eingefangen, nach dem ich das System zurückgesetzt habe, hatte ich wieder Zugriff. Nach einer Bereinigung (ich glaube) mit Malewarebytes Anti Maleware konnte zwei Infekte beseitigt werden.... Eigentlich scheint mein Notebook ein Dell XPS mit Win 7 keine Probleme zu haben, ich kann online zocken usw., aber ich traue dem Braten nicht und hoffe daß mir hier jemand weiterhelfen kann.. Da ich schon ein bisschen, wie in den Regeln beschrieben, gesucht habe, habe ich mit OTL das System gescannt und poste anbei gleich die beiden Logfiles.... Vielen Dank im Voraus!!! Code:
ATTFilter OTL logfile created on: 11.05.2013 16:22:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxxxx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 78,39% Memory free 15,79 Gb Paging File | 13,93 Gb Available in Paging File | 88,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 353,23 Gb Free Space | 79,18% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 465,65 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: xxxxxx | User Name: xxxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Wildgrube\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll () MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe () SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Prosieben) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.) DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (tap0801) -- C:\Windows\SysNative\drivers\tap0801.sys (The OpenVPN Project) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{37B58161-64D6-4839-84F7-5F181475CE33}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{37B58161-64D6-4839-84F7-5F181475CE33}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE470 IE - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\..\SearchScopes\{CC0950D5-B94F-4A99-969D-4BE36E48151E}: "URL" = IE - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon [2012.10.02 21:55:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Foxit Reader Plugin for Mozilla (Disabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00C2\u2122 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: WOT = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\ CHR - Extension: Adblock Plus = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: ProxMate - Improve your Internet! = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3_0\ CHR - Extension: WOT = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\ CHR - Extension: Adblock Plus = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: ProxMate - Improve your Internet! = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [(default)] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKU\S-1-5-21-3424876503-2399555914-3060977652-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3424876503-2399555914-3060977652-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\..Trusted Domains: xxxxxx-xxxxxx.local ([ctxfarm] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\..Trusted Domains: xxxxxx-xxxxxx.local ([ctxfarm] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3424876503-2399555914-3060977652-1001\..Trusted Domains: dell.com ([]* in Vertrauenswürdige Sites) O16:64bit: - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_64.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Behavior Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2C35459-C31F-4041-8C93-536892D5A8BC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA70B7FD-1783-450E-B994-1DB64E7C4A1A}: NameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D727A7D5-F3DE-453A-A80F-591CA39A1C21}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB8BA85A-D463-419C-87C1-F321F355CA71}: DhcpNameServer = 192.168.100.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF9218D-1E66-47A9-85FB-FAA13B91DA13}: NameServer = 192.168.100.2,192.168.100.10 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1c6447e3-276e-11e2-9861-ac7289934562}\Shell - "" = AutoRun O33 - MountPoints2\{1c6447e3-276e-11e2-9861-ac7289934562}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{1c6447e8-276e-11e2-9861-ac7289934562}\Shell - "" = AutoRun O33 - MountPoints2\{1c6447e8-276e-11e2-9861-ac7289934562}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9cd8fd7a-5667-11e1-9b8f-ac7289934562}\Shell - "" = AutoRun O33 - MountPoints2\{9cd8fd7a-5667-11e1-9b8f-ac7289934562}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.08 20:29:00 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 17:30:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2013.05.05 17:30:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2013.05.05 17:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.05.05 17:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.05.05 17:27:57 | 006,398,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.05.05 17:27:57 | 003,477,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.05.05 17:27:57 | 002,555,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.05.05 17:27:57 | 001,016,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll [2013.05.05 17:27:57 | 000,237,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.05.05 17:27:57 | 000,076,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll [2013.05.05 17:27:57 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.05.05 17:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.05.05 17:21:41 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.05.05 17:21:41 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.05.05 17:21:41 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.05.05 17:21:41 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.05.05 17:21:41 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.05.05 17:21:41 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.05.05 17:21:41 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.05.05 17:21:41 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.05.05 17:21:41 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.05.05 17:21:41 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.05.05 17:21:41 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.05.05 17:21:41 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.05.05 17:21:41 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.05.05 17:21:41 | 002,864,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.05.05 17:21:41 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.05.05 17:21:41 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.05.05 17:21:41 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.05.05 17:21:41 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.05.05 17:21:41 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll [2013.05.05 17:21:41 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll [2013.05.05 17:21:41 | 001,118,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2013.05.05 17:21:41 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.05.05 17:21:41 | 000,284,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvkflt.sys [2013.05.05 17:21:41 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.05.05 17:21:41 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.05.05 17:21:41 | 000,030,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys [2013.05.05 17:11:55 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.05.05 17:11:55 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.05.05 15:51:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe [2013.05.02 17:12:25 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\TeamViewer [2013.04.29 20:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.28 17:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.28 17:31:00 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.28 17:30:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.28 17:30:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.28 17:30:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.28 10:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.28 10:33:17 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013.04.28 10:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.28 10:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.04.28 10:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.28 10:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.27 19:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T-Mobile [2013.04.27 19:16:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Local\PackageAware [2013.04.27 16:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moo0 [2013.04.27 12:40:25 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\NetSpeedMonitor [2013.04.27 12:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor [2013.04.26 18:52:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.23 20:55:24 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Meine Traffic [2013.04.23 20:37:46 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\Traffic messen ========== Files - Modified Within 30 Days ========== [2013.05.11 16:18:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.11 16:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.11 15:14:10 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.11 15:14:10 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.11 15:11:36 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.11 15:11:36 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.11 15:11:36 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.11 15:11:36 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.11 15:11:36 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.11 15:06:46 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.11 15:06:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.11 15:06:25 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys [2013.05.08 20:28:48 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 20:40:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2013.05.05 15:51:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wildgrube\Desktop\OTL.exe [2013.05.03 22:16:48 | 019,939,656 | ---- | M] () -- C:\Users\Wildgrube\Documents\GT-I8190_UM_DTM_Jellybean_Ger_Rev.1.0_121204.pdf [2013.05.03 22:14:55 | 019,471,694 | ---- | M] () -- C:\Users\Wildgrube\Documents\GT-I8190_UM_Open_Jellybean_Ger_Rev.1.0_121113_Screen.pdf [2013.04.28 17:30:52 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.28 17:30:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.04.28 17:30:52 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.28 17:30:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.28 17:30:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.28 17:30:52 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.28 16:49:13 | 000,001,269 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Internet Explorer (64-bit).lnk [2013.04.28 16:45:13 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.04.28 16:45:13 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.04.28 10:33:24 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.27 00:30:12 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.26 19:29:19 | 000,001,398 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Google Chrome.lnk [2013.04.26 18:12:43 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 21:18:08 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.04.22 07:31:03 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.22 07:31:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.21 09:32:15 | 000,412,111 | ---- | M] () -- C:\Users\xxxxxx\Documents\reise xxxxxx.jpg [2013.04.21 09:31:58 | 000,434,948 | ---- | M] () -- C:\Users\Wildgrube\Documents\reise xxxxxx.png [2013.04.14 01:46:56 | 000,018,594 | ---- | M] () -- C:\Windows\SysNative\results.xml ========== Files Created - No Company Name ========== [2013.05.05 20:40:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2013.05.05 17:27:57 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.05.05 17:21:41 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.05.03 22:16:48 | 019,939,656 | ---- | C] () -- C:\Users\xxxxxx\Documents\GT-I8190_UM_xxxxxx_xxxxxx_Ger_Rev.1.0_121204.pdf [2013.05.03 22:14:55 | 019,471,694 | ---- | C] () -- C:\Users\xxxxxx\Documents\GT-I8190_UM_xxxxxx_xxxxxx_Ger_Rev.1.0_121113_Screen.pdf [2013.04.28 10:33:24 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.27 00:30:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.27 00:30:12 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.23 20:37:20 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.04.21 09:32:15 | 000,412,111 | ---- | C] () -- C:\Users\xxxxxx\Documents\reise xxxxxx.jpg [2013.04.21 09:31:14 | 000,434,948 | ---- | C] () -- C:\Users\xxxxxx\Documents\reise xxxxxx.png [2013.03.10 17:31:44 | 000,000,420 | ---- | C] () -- C:\Windows\wininit.ini [2013.03.03 13:15:31 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat [2012.04.21 09:38:17 | 000,001,116 | ---- | C] () -- C:\Users\xxxxxx\Dokumente - Verknüpfung (2).lnk [2012.04.12 19:40:54 | 000,000,017 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\resmon.resmoncfg [2012.04.02 21:03:41 | 000,001,116 | ---- | C] () -- C:\Users\xxxxxx\Dokumente - Verknüpfung.lnk [2012.02.19 18:15:45 | 000,008,192 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.15 12:59:53 | 000,038,258 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011.09.15 07:52:15 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.15 07:52:10 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.09.15 07:52:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.28 22:24:53 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Fingertapps [2012.02.15 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Foxit Software [2013.03.29 20:19:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ICAClient [2012.01.28 22:24:42 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Leadertech [2013.04.23 20:55:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Meine Traffic [2013.04.07 11:11:27 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\mp3DirectCut [2013.05.11 16:26:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\NetSpeedMonitor [2013.04.05 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PC Suite [2012.02.19 13:02:40 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PCDr [2012.11.05 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\T-Mobile [2013.05.02 17:12:25 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TeamViewer [2012.09.14 12:18:20 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\wargaming.net [2012.07.14 22:48:38 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.05.2013 16:22:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 78,39% Memory free
15,79 Gb Paging File | 13,93 Gb Available in Paging File | 88,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 353,23 Gb Free Space | 79,18% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 465,65 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Computer Name: xxxxxx| User Name:xxxxxxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3424876503-2399555914-3060977652-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011DD236-E6ED-41AB-8DF2-1A567B6862B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04AE5B5E-32CE-40C2-BCE8-3F8ECF4421E7}" = rport=139 | protocol=6 | dir=out | app=system |
"{061A9257-8D88-4CFB-ABB0-E0573D709A4E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{096B1768-ED40-42BA-B4C1-EE2B8351F93D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E58ABFA-E0DD-4EC9-AAA9-FBBA2AC6335B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FB9586D-3253-4856-ABFE-B190EF085F12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{119A7ED1-4750-4055-A88E-8EEA8491C23B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1B142BB6-8CC6-4DC1-9140-3DF0808C7D2B}" = rport=137 | protocol=17 | dir=out | app=system |
"{2D5D3FF6-5DD1-40C6-8E47-41CA92054BE2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2DA2DFC0-40DA-43E0-91E5-75FBBB3EADC9}" = lport=137 | protocol=17 | dir=in | app=system |
"{2F39F0CF-578A-4BEA-8D25-B3ED4B1B8782}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F59B4AB-24BB-403B-AE6F-38FF237E8659}" = rport=445 | protocol=6 | dir=out | app=system |
"{305570AA-F1D2-461F-A4C5-183542066E53}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3222EB97-00E7-4E04-8A2D-AF65473E701C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{352F55D1-1A5D-4304-8270-26D3790F5145}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C9E7AEC-B623-4E00-A49F-1CB45992B937}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5D456573-90A0-46B1-B6DD-54EC06CAAA9B}" = rport=138 | protocol=17 | dir=out | app=system |
"{608CD82A-6564-4E92-8CBD-B9DAF18F618C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{626862D2-2645-4202-B855-94E0393BC593}" = lport=138 | protocol=17 | dir=in | app=system |
"{65DA1B2C-D2F3-4C0B-881E-6FD798109F73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{663CBDFE-F086-477D-B03C-556D376E64C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{67F12BA6-5AFB-4D9C-9C59-45BCCEF32A5C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{76389A65-67F6-46F4-B21E-0A6203A67EAE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7F3DCD0D-749A-4D1D-8EAE-9D00BCFDC7DA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7FBE6E2A-67CA-4C22-A7A6-3C4E586609E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FEB4DB3-4389-4774-BF8A-B7D049C5C6CF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8496E7E9-73FB-4619-BE39-34C01B7CCF55}" = lport=445 | protocol=6 | dir=in | app=system |
"{91C67B15-48EB-445C-9D4C-1D8E7CD31F28}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9B6F4AD0-F684-4816-98CC-C95DECE8F80B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B1FB0147-FECF-44D6-8D48-91A0DFE0E8BB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B85D1329-537C-4B2A-9882-9EAF61D2D2BC}" = lport=49176 | protocol=6 | dir=in | name=akamai netsession interface |
"{D803A9E4-A4D9-4B94-A444-47EB6DF10CAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{ECC4656E-9758-41C1-8A06-C2799E6B6311}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F32539C8-19EE-46E7-9144-0478F44400E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0837B1E3-8A47-47A2-BDB5-8F66F724CC8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{164F4D1C-4A6E-4BA9-B302-341E3B564248}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{210DE2E9-F87E-41E9-89E0-9CE6234D7B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{250F624A-525F-4593-8400-86D077C3B557}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{256C06F5-DEC0-40AF-9C43-EE7A6AF0DC00}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2C35DD49-C7F7-48AF-BA80-8332FB41B9E0}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{35A12974-8DDD-45D1-A351-946C4051B9E2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3A4F498E-A196-42C5-92B0-03647B356E7F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B9FE93B-DEAF-4580-A1AC-8585E2C95D55}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4C7DB0DC-B878-4304-B0B4-86BB4C980338}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4DD10FD7-105A-4987-8D5C-529EF2A35B9D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{52ADAE30-E5EE-4FDA-A6E5-9C00CD42BEEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{60D78FB8-51AC-47CA-8B39-A18BDFFA5B07}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6C2F9E3E-617E-42B3-9A0F-2A2DA54341EA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7721EE2E-42EE-40CE-AA34-0BED3E6161D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8029249E-2086-4C59-8CFE-532049142453}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9BD54F8F-D69A-4076-A416-F9D0B21D3552}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E7A57E0-9E04-4243-A3AE-E17D7155DA2B}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A1AAB5C7-FC16-432F-A706-2C0C8D1A594E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A45D0AD1-7623-486E-8B2D-31E46415D2EB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AF37E7F4-656F-4A8D-9677-1CEB5561AF35}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B2214D2D-B551-4DA1-AA38-FFCD93BF0C7A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3F2E92F-FB6A-4F6C-A980-DB3F7F401B3A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C0721C4F-6162-4544-94E8-862CE0D55461}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{C4AD5BDD-24AE-4092-822D-EAF173D223BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7F42FBD-E7DB-45B0-BDE2-54C067C10C63}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CCB972AA-F67C-4335-8698-372F21975E5B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D459A0C7-FC71-4053-9572-A2D762F6DED6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D8BD3888-8285-4EAF-A022-7E5F566240FA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D96C7F35-6092-4C24-839C-F000468B27E6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF2D0F07-30E7-4DFD-8898-F8E75C9232C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E35045E8-DE53-4F8A-B0C9-13BC1D3B0D08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E3653889-A0D8-479D-8E5C-5198F2365993}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E47EAB70-818C-4314-900E-85969632A7A5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E6731F9B-8062-4C4A-9976-EB28752BB146}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E7EB37C1-9181-4869-B821-866D49A1B1DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA2B5CD4-8B75-4BAE-91FF-867F7ECBAA97}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{EDC88E0B-18EA-47BC-9CBC-981D1A3EE9F9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF3B7449-350D-4054-97CC-76C4AFB71C40}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{EFC407E3-C9CC-410C-8FFB-D6D8AF7184F7}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{F0E978BE-2140-45FA-91DB-C7B08C1C4D9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F0FE5F7F-2125-4CFE-9C50-8A0EA6706605}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F1681635-5FF0-4EC4-B472-5808BE799BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{FC78491A-6EAE-470E-902F-E8E07BF25853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FFF47569-3E5F-4E8A-9614-A6DFFEB91246}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{97F46610-C4F0-49FC-8311-5ECFFD151E96}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9A73DD7F-5B13-41D2-BC53-B16A5EDF25B5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{D073B591-E132-4DD2-B330-9E2794FBB408}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{D566A305-C44C-4695-B76C-602CEEE9E1DD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FCFE1184-0F1B-40C5-81E6-DA8072914D27}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{02E6B2E8-27C0-45F4-84BB-0DC08039211C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{211852E3-6EE3-43F5-BE48-D65A4095BBC6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{28570EC8-5DF6-44CB-92CC-C4DD2521E746}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{BA23975B-8788-4447-BB62-DC471EF39EFA}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{F601FB6E-38C0-4A40-B71E-C0F98BEFF41A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"maxdome - Online Videothek" = maxdome - Online Videothek
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"Foxit Reader_is1" = Foxit Reader 5.1
"Google Chrome" = Google Chrome
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"NetSetMan_is1" = NetSetMan 3.3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenVPN" = OpenVPN 2.1.4
"ProInst" = Intel PROSet Wireless
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3424876503-2399555914-3060977652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Amazon Kindle" = Amazon Kindle
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.05.2013 02:58:00 | Computer Name = xxxxxx| Source = Windows Search Service | ID = 9000
Description =
Error - 05.05.2013 02:58:00 | Computer Name = Xxxxxxx| Source = Windows Search Service | ID = 7040
Description =
Error - 05.05.2013 02:58:01 | Computer Name = xxxxxxxxx| Source = Windows Search Service | ID = 7042
Description =
Error - 05.05.2013 02:58:01 | Computer Name = xxxxxxxxxx| Source = Windows Search Service | ID = 9002
Description =
Error - 05.05.2013 02:58:01 | Computer Name = Xxxxxxxxx| Source = Windows Search Service | ID = 3029
Description =
Error - 05.05.2013 02:58:04 | Computer Name = Xxxxxxxxx | Source = Windows Search Service | ID = 3029
Description =
Error - 05.05.2013 02:58:04 | Computer Name = Xxxxxxxxx | Source = Windows Search Service | ID = 3028
Description =
Error - 05.05.2013 02:58:04 | Computer Name = Xxxxxxxxx | Source = Windows Search Service | ID = 3058
Description =
Error - 05.05.2013 02:58:04 | Computer Name = Xxxxxxxxx | Source = Windows Search Service | ID = 7010
Description =
Error - 05.05.2013 14:49:38 | Computer Name = Xxxxxxxxx | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
Geräts. (Die Daten enthalten den Fehlercode.).
[ System Events ]
Error - 11.05.2013 07:44:50 | Computer Name = Xxxxxxxxx | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 11.05.2013 07:44:51 | Computer Name = Xxxxxxxxx | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 11.05.2013 07:44:52 | Computer Name = Xxxxxxxxx | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 11.05.2013 07:50:07 | Computer Name = Xxxxxxxxx | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Audio" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 11.05.2013 07:50:07 | Computer Name = Xxxxxxxxx | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DHCP-Client" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 11.05.2013 07:50:07 | Computer Name = Xxxxxxxxx | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Ereignisprotokoll" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.05.2013 07:50:07 | Computer Name = Xxxxxxxxx | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Heimnetzgruppen-Anbieter" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.05.2013 07:50:07 | Computer Name = Xxxxxxxxx | Source = Service Control Manager | ID = 7031
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.05.2013 07:50:07 | Computer Name = Xxxxxxxxx | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sicherheitscenter" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.05.2013 09:06:43 | Computer Name = Xxxxxxxxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
[verify-U]_System
< End of report >
|
|
12.05.2013, 11:52
| #2 |
| /// Helfer-Team  | GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber? Downloade Dir bitte  Malwarebytes Anti-Malware
dann: Downloade Dir bitte  SecurityCheck und:
__________________ |
|
12.05.2013, 14:31
| #3 |
| | GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber? Hi t'john,
__________________vorab danke für deine Hilfe.... Anbei nun die Logfiles von MB AM und SecurityCheck...... Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.12.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Wildgrube :: xxxxxxxxxx [Administrator] Schutz: Aktiviert 12.05.2013 14:22:25 mbam-log-2013-05-12 (14-22-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366517 Laufzeit: 53 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.6.602.180 Adobe Reader XI Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Gruß Chillhelm |
|
12.05.2013, 20:05
| #4 |
| /// Helfer-Team | GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber? Ja, alles Prima! Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
18.05.2013, 16:56
| #5 |
| | GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber? Hallo t'john, danke für deine Hilfe und Entschuldigung für die späte Rückmeldung. Ich bin die ganze Woche auf Montage und mußte Sonntagabend los.... Als ich meinen ersten Rechner bekommen hatte, einen Highscreen 486 SX 25 mit 4 MB Ram und 80 MB HDD Speicher waren die Zeiten noch einfacher, Dos und Norton ach war das schön... Heute ist es natürlicher auch schön (bunt) und man hat die mediale Welt zu Hause. Das einzige was mich stört ist, daß man den User immer dümmer macht und er keine Ahnung mehr von seinem System haben muss und soll und so jeder immer leichter Opfer von ausgeklügten Schadprogrammen usw. wird. So genug Unmut als Freitzeit-User gepostet.... Der Rechner wird auch von meinen Eltern, insbesondere von meinem Vater genutzt. Er greift über Citrix auf das Intranet seiner Firma zu, laut dem hauseigenen Admin müssen dabei im IE von windows verschiedene Sicherheitskomponeten ausgestellt sein und vor allem Java aktiviert sein, ist dies so oder fehlt an der Stelle Fachwissen.... Achso, warum muss eigentlich nie die Windows Firewall zurückgesetzt werden, wenn ein System kompromittiert war? Danke für den Lesestoff und auch danke im Voraus falls ich eine Antwort bekomme. Wünsche schöne Pfingsten... Chillhelm |
|
20.05.2013, 06:32
| #6 | |||
| /// Helfer-Team | GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber?Zitat:
 Zitat:
Zitat:
Kannst du machen, idR. ist es aber nicht so wichtig, da die Namen der Malware random (zufaellig) sind und somit die eigefuegten Regeln praktisch nicht mehr gelten. wuensche eine virenfreie Zeit 
__________________ --> GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber? |
|
| Themen zu GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber? |
| adblock, akamai, antivir, application/pdf:, autorun, avira, bho, bonjour, browser, error, excel, firefox, flash player, google, gvu trojaner - internetsperrung bereits behoben - weitere hilfe benötigt, home, homepage, iexplore.exe, install.exe, msiexec.exe, nvpciflt.sys, object, plug-in, realtek, registry, rundll, software, svchost.exe, system, trojaner, usb, windows, wscript.exe |
Linear-Darstellung
