Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: nerviger virus/trojaner, downadup?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.12.2009, 15:46   #1
sloopjohnb
 
nerviger virus/trojaner, downadup? - Standard

nerviger virus/trojaner, downadup?



hallo zusammen!
seit etwa einer woche bekomm ich pop-ups von avg wenn ich einen wechseldatenträger an mein notebook anstecke. manchmal kommt davor noch ein windows-popup (fehler in .\recycler\S-5-3-42-821....65\jwgkvsq.vmx folgernder eintrag fehlt:ahaezedrn). das avg-popup sag mir, dass in 2 svchost-prozessen, die sich beide in win32 befinden, der worm downadup ausgeführt wird. den genauen text weiß ich jetzt leider nicht.
die scan-results von hijack-this zeigen zwei O9-einträge, die als äußerst schädlich eingestuft werden. wenn ich versuche, sie zu löschen gelingt das nur bei einem der zwei einträge, und beim nächsten neustart sinds dann wieder 2. ich habe schon probiert, die systemwiederherstellungspunkte zu löschen, ccleaner laufen lassen, bringt alles nichts.
sollte ich den pc neu aufsetzen? sind die dateien auf der festplatte noch clean, kann ich nach dem Neuaufsetzen alle daten behalten?
bitte um hilfreiche posts. danke.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:26, on 29.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\D-Link DWA-643\D-Link DWA-643 Wireless N ExpressCard Notebook Adapter\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Creative\Shared Files\CTDevSrv.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\oodag.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\Creative\Software Update 3\SoftAuto.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Programme\HotKey_Driver\HotKeyDriver.exe
C:\Programme\D-Link DWA-643\D-Link DWA-643 Wireless N ExpressCard Notebook Adapter\wirelesscm.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\HijackThis\HijackThis.exe
C:\Programme\bob\bob internet\Dashboard.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Programme\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BtTray] "C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Programme\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Programme\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoStart IR.lnk.disabled
O4 - Global Startup: HotKeyDriver.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Programme\D-Link DWA-643\D-Link DWA-643 Wireless N ExpressCard Notebook Adapter\wirelesscm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - h**p://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - h**p://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Programme\D-Link DWA-643\D-Link DWA-643 Wireless N ExpressCard Notebook Adapter\acs.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1ca7ca3119a3434) (gupdate1ca7ca3119a3434) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11661 bytes
Angehängte Dateien
Dateityp: txt hijackthis.txt (11,4 KB, 293x aufgerufen)

Alt 29.12.2009, 15:54   #2
sloopjohnb
 
nerviger virus/trojaner, downadup? - Standard

nerviger virus/trojaner, downadup?



hier mein RunAlyzer log, ich hab es aufgeteilt auf 2 txt-files, 1 wäre zu groß zum uploaden gewesen.
__________________


Alt 29.12.2009, 15:57   #3
sloopjohnb
 
nerviger virus/trojaner, downadup? - Standard

nerviger virus/trojaner, downadup?



hab den log umgestaltet, jetzt geht er zum posten.


Service (registry key): s1018unic
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
Image path: system32\DRIVERS\s1018unic.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): S24EventMonitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Service
Description: Wireless Management Service for Intel(R) PROSet/Wireless
Object name: LocalSystem
Image path: C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
Image size: 983040
Image MD5: 131D50F081D2E29EBD1365B21F6B9736
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: s24trans

Service (registry key): sdbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\sdbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sfiqwh
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): smserial
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\smserial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Software Shadow Copy Provider
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte Schattenkopien können nicht verwaltet werden, wenn dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{FB380388-033A-43C4-B32A-E7DB56A2D961}
Image size: 5120
Image MD5: BED2C7627AB78CA721EFB8B49EFB13EE
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): tdrpman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Acronis Try&Decide and Restore Points filter
Image path: system32\DRIVERS\tdrpman.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): tifsfilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Acronis True Image FS Filter
Image path: system32\DRIVERS\tifsfilt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1

Service (registry key): timounter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Acronis True Image Backup Archive Explorer
Image path: system32\DRIVERS\timntr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): TryAndDecideService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Acronis Try And Decide Service
Description: Acronis Try And Decide Service
Object name: LocalSystem
Image path: "C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe"
Image size: 492896
Image MD5: BC236BBB0B16049392E020E53F17D04C
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): ts_lb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ts_lb
Image path: system32\drivers\ts_lb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): TuneUp.Defrag
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TuneUp Drive Defrag-Dienst
Description: Ermöglicht TuneUp Drive Defrag das Defragmentieren von Datenträgern, damit der Computer schneller und effizienter wird.
Object name: LocalSystem
Image path: C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
Image size: 435016
Image MD5: FAF93BB76E9334A2901D7657C193BE08
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): TuneUp.UtilitiesSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TuneUp Utilities Service
Description: Dieser Dienst analysiert im Hintergrund die Nutzung Ihres Computers und ermöglicht die automatische Durchführung von situationsabhängigen Optimierungen. Alle Funktionen können in TuneUp Utilities eingestellt werden. Wenn Sie diesen Dienst stoppen oder deaktivieren, funktionieren Teile von TuneUp Utilities nicht mehr.
Object name: LocalSystem
Image path: "C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe"
Image size: 1021256
Image MD5: 0351843ED98271993C83A5E4407F17FF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): TuneUpUtilitiesDrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TuneUpUtilitiesDrv
Image path: \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): VNUSB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VN Series Device
Image path: system32\DRIVERS\VNUSB.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): vsmon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TrueVector Internet Monitor
Description: Monitors internet traffic and generates alerts for disallowed access.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
Image size: 75304
Image MD5: 4ABE946715D5E17C013D70FABB9E9780
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: Afd,RpcSs,CryptSvc,vsdatant

Service (registry key): WpdUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WpdUsb
Image path: System32\Drivers\wpdusb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WSIMD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: wsimd Service
Image path: system32\DRIVERS\wsimd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): zmolznj
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {067C3C4C-9CA0-42F9-BED5-D9727C772289}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {31E2FEAB-6627-4B2C-BC68-772C38122BAB}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {47BCA449-B1DF-4A95-A022-574A5C21A87E}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {56B569A1-75A5-44FA-A770-3939BBECFF1A}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {8973EB65-5268-4F8E-9DC6-ACA06DDF65D9}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {9FECC5BC-A17F-4F13-8820-1456AFCA3EA8}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {D0B8FED6-E733-46CD-96BE-13FBBE33FA01}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {E2FA01C2-4D28-4AE0-BCA7-71EA7B6F1335}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ado2vh5p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0


--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 16
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 0: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 16
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 0: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 16
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 0: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 16
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 0: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 16
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 0: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 16
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll


--- Scheduled Tasks list ---

Scheduled Task: C:\WINDOWS\Tasks\Automatische Problemsuche.job
schedules in: C:\WINDOWS\Tasks\
Exec dir:
Filename: C:\Programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
Filesize: 316232
File MD5: F0B93A6F16B048CFF9DD4344CD593D50
Parameters:
Creator: banana joe
Comment: Startet die Automatische Problemsuche zu festgelegten Zeiten

Scheduled Task: C:\WINDOWS\Tasks\Google Software Updater.job
schedules in: C:\WINDOWS\Tasks\
Exec dir:
Filename: C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
Filesize: 183280
File MD5: 5467F1FF0AF264566740F67E8B810735
Parameters: scheduled_start
Creator: SYSTEM
Comment: Mit Google Updater bleibt Ihre Google-Software stets auf dem neuesten Stand. Wird der Google Updater-Service deaktiviert oder angehalten, so wird Ihre Google-Software nicht mehr aktualisiert, was dazu führen kann, dass etwaige Sicherheitslücken nicht geschlossen werden und bestimmte Funktionen möglicherweise nicht mehr verfügbar sind.

Scheduled Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
schedules in: C:\WINDOWS\Tasks\
Exec dir:
Filename: C:\Programme\Google\Update\GoogleUpdate.exe
Filesize: 133104
File MD5: 626A24ED1228580B9518C01930936DF9
Parameters: /c
Creator: SYSTEM
Comment: Hält Ihre Google-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.

Scheduled Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
schedules in: C:\WINDOWS\Tasks\
Exec dir:
Filename: C:\Programme\Google\Update\GoogleUpdate.exe
Filesize: 133104
File MD5: 626A24ED1228580B9518C01930936DF9
Parameters: /ua /installsource scheduler
Creator: SYSTEM
Comment: Hält Ihre Google-Software auf dem neuesten Stand. Wenn diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.


--- Browser helper object list ---

{000123B4-9B42-4900-B3F7-F4B073EFC214} (btorbit.com)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: btorbit.com
CLSID name: Octh Class
Path: C:\Programme\Orbitdownloader\
Long name: orbitcth.dll
Short name:
Date (created): 30.04.2009 21:09:42
Date (last access): 29.12.2009 15:11:38
Date (last write): 26.11.2009 11:03:00
Filesize: 240912
Attributes: archive
MD5: 0A15D81452C07B1E8E62D3113433C4C2
CRC32: 018DAFF4
Version: 2.4.0.8

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 27.02.2009 13:07:26
Date (last access): 27.12.2009 12:34:06
Date (last write): 27.02.2009 13:07:26
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (Winamp Toolbar Loader)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Winamp Toolbar Loader
CLSID name: Winamp Toolbar Loader
Path: C:\Programme\Winamp Toolbar\
Long name: winamptb.dll
Short name:
Date (created): 06.05.2009 15:22:22
Date (last access): 29.12.2009 15:11:38
Date (last write): 06.05.2009 15:22:22
Filesize: 1262888
Attributes: archive
MD5: 2A876E86DEF8E955F1D567D4FBC400E1
CRC32: 13FBE9CD
Version: 5.1.56.1

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Programme\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 17.02.2009 13:02:14
Date (last access): 29.12.2009 15:11:38
Date (last write): 17.02.2009 13:02:14
Filesize: 370296
Attributes: archive
MD5: 4D630E9EF94CF8814DFD0E5938230822
CRC32: 02C3DBBF
Version: 1.0.0.522

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Programme\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 26.09.2008 21:55:16
Date (last access): 29.12.2009 15:11:38
Date (last write): 20.12.2009 10:38:22
Filesize: 1111320
Attributes: archive
MD5: 4343834DFB40CEAB85B0B4D77AFF1718
CRC32: 8CF0A8BE
Version: 8.5.0.427

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\
Long name: swg.dll
Short name:
Date (created): 02.05.2009 02:03:58
Date (last access): 29.12.2009 15:11:38
Date (last write): 02.05.2009 02:03:58
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Programme\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 23.08.2009 22:47:44
Date (last access): 24.11.2009 21:03:08
Date (last write): 11.10.2009 04:17:30
Filesize: 41760
Attributes: archive
MD5: C9EDE29F223A27873E187D9FB6045EA6
CRC32: 5951C3E0
Version: 6.0.170.4

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Programme\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 23.08.2009 22:47:46
Date (last access): 24.11.2009 21:03:08
Date (last write): 11.10.2009 04:17:12
Filesize: 73728
Attributes: archive
MD5: DEE8F03D1EACE0C8F914A2C76568EA32
CRC32: 53F8F67C
Version: 6.0.170.4

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} (File Search Explorer Band)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name:
CLSID name: File Search Explorer Band
Path: %SystemRoot%\system32\
Long name: SHELL32.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} (Explorer-Band)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name:
CLSID name: Explorer-Band
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{3af36230-a269-11d1-b5bf-0000f8051515} (Offlinebrowsingpaket)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Offlinebrowsingpaket
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{5A8D6EE0-3E18-11D0-821E-444553540000} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 28.12.2009 22:23:00
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 15:12:06
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 14:51:38
Date (last write): 29.10.2007 13:00:00
Filesize: 4874240
Attributes: archive
MD5: 40F0D16791405FDC23EF09E3E5009385
CRC32: F3054639
Version: 9.0.0.3250

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 15:12:06
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 15:12:06
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 14:51:38
Date (last write): 29.10.2007 13:00:00
Filesize: 4874240
Attributes: archive
MD5: 40F0D16791405FDC23EF09E3E5009385
CRC32: F3054639
Version: 9.0.0.3250

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 15:12:06
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 15:12:06
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 14:51:38
Date (last write): 29.10.2007 13:00:00
Filesize: 4874240
Attributes: archive
MD5: 40F0D16791405FDC23EF09E3E5009385
CRC32: F3054639
Version: 9.0.0.3250

>{26923b43-4d38-484f-9b9e-de460746276c} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 15:12:06
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 15:12:06
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{2C7339CF-2B09-4501-B3F3-F3508C9228ED} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{5945c046-1e7d-11d1-bc44-00c04fd912be} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 14:51:38
Date (last write): 29.10.2007 13:00:00
Filesize: 4874240
Attributes: archive
MD5: 40F0D16791405FDC23EF09E3E5009385
CRC32: F3054639
Version: 9.0.0.3250

{73FA19D0-2D75-11D2-995D-00C04F98BBC9} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{7790769C-0471-11d2-AF11-00C04FA35D02} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{89820200-ECBD-11cf-8B85-00AA005B4340} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{89820200-ECBD-11cf-8B85-00AA005B4383} ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 15:12:06
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 15:12:06
Date (last write): 29.10.2007 13:00:00
Filesize: 233472
Attributes: archive
MD5: 7E682A6D623DB1E70996D06A2214E1E4
CRC32: 2794EFCD
Version: 9.0.0.3250

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINDOWS\system32\
Long name: wmp.dll
Short name:
Date (created): 29.10.2007 13:00:00
Date (last access): 29.12.2009 14:51:38
Date (last write): 29.10.2007 13:00:00
Filesize: 4874240
Attributes: archive
MD5: 40F0D16791405FDC23EF09E3E5009385
CRC32: F3054639
Version: 9.0.0.3250

CmdMapping ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

CmdMapping ()
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

CmdMapping ()
location: HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} (WPDShServiceObj)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
BHO name: WPDShServiceObj
CLSID name: WPDShServiceObj Class
Path: C:\WINDOWS\system32\
Long name: WPDShServiceObj.dll
Short name: WPDSHS~1.DLL
Date (created): 18.10.2006 21:47:22
Date (last access): 29.12.2009 14:50:48
Date (last write): 18.10.2006 21:47:22
Filesize: 133632
Attributes:
MD5: 045E228F71C31901084B64BE59093499
CRC32: A448DC9A
Version: 5.2.5721.5145

{00BB2763-6A77-11D0-A535-00C04FD7D062} (Shell Microsoft AutoComplete)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Shell Microsoft AutoComplete
CLSID name: Shell Microsoft AutoComplete
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{30D02401-6A81-11d0-8274-00C04FD5AE38} (IE Search Band)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: IE Search Band
CLSID name: IE Search Band
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{3028902F-6374-48b2-8DC6-9725E775B926} (IE Microsoft AutoComplete)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: IE Microsoft AutoComplete
CLSID name: IE Microsoft AutoComplete
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{EFA24E62-B078-11d0-89E4-00C04FC9E26E} (History Band)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: History Band
CLSID name: History Band
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{2F603045-309F-11CF-9774-0020AFD0CFF6} (Synaptics Control Panel)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Synaptics Control Panel
CLSID name:
Path: C:\Programme\Synaptics\SynTP\
Long name: SynTPCpl.dll
Short name:
Date (created): 23.06.2008 22:52:52
Date (last access): 26.12.2009 21:52:36
Date (last write): 12.10.2006 11:38:40
Filesize: 872448
Attributes: readonly archive
MD5: 2E8F36118056BFFE2517FB15EA4DFDE6
CRC32: DDC4BF1E
Version: 9.0.2.0

{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} (XnView Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: XnView Shell Extension
CLSID name: XnViewShell Class
Path: C:\Programme\XnView\
Long name: XnViewShellExt.dll
Short name: XNVIEW~1.DLL
Date (created): 07.02.2007 10:26:24
Date (last access): 29.12.2009 02:28:56
Date (last write): 07.02.2007 10:26:24
Filesize: 1003520
Attributes: archive
MD5: 4AC86F15E60F6036214B4F55E921924F
CRC32: 72EB75C9
Version: 1.5.0.0

{B41DB860-8EE4-11D2-9906-E49FADC173CA} (WinRAR shell extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: WinRAR shell extension
CLSID name: WinRAR
Path: C:\Programme\WinRAR\
Long name: RarExt.dll
Short name:
Date (created): 08.08.2008 22:33:24
Date (last access): 29.12.2009 14:57:18
Date (last write): 16.09.2008 19:18:06
Filesize: 132608
Attributes: archive
MD5: F11FE030158F8EF14A56A3EA9E9BD47D
CRC32: C9FD55A1
Version: 3.80.0.0

{C539A15A-3AF9-4c92-B771-50CB78F5C751} (Acronis True Image Shell Context Menu Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Acronis True Image Shell Context Menu Extension
CLSID name: Acronis True Image Shell Context Menu Extension
Path: C:\Programme\Acronis\TrueImageHome\
Long name: tishell.dll
Short name:
Date (created): 09.04.2008 19:21:58
Date (last access): 29.12.2009 14:49:04
Date (last write): 09.04.2008 19:21:58
Filesize: 514328
Attributes: archive
MD5: 7307E1F13DF10094CD2CBEEB1463F205
CRC32: CE255AF6
Version: 11.0.0.8101

{C539A15B-3AF9-4c92-B771-50CB78F5C751} (Acronis True Image Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Acronis True Image Shell Extension
CLSID name: Acronis True Image Shell Extension
Path: C:\Programme\Acronis\TrueImageHome\
Long name: tishell.dll
Short name:
Date (created): 09.04.2008 19:21:58
Date (last access): 29.12.2009 14:49:04
Date (last write): 09.04.2008 19:21:58
Filesize: 514328
Attributes: archive
MD5: 7307E1F13DF10094CD2CBEEB1463F205
CRC32: CE255AF6
Version: 11.0.0.8101

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} (AVG8 Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: AVG8 Shell Extension
CLSID name: AVG8 Shell Extension Class
Path: C:\Programme\AVG\AVG8\
Long name: avgse.dll
Short name:
Date (created): 26.09.2008 21:55:14
Date (last access): 29.12.2009 14:57:20
Date (last write): 18.09.2009 10:55:38
Filesize: 114968
Attributes: archive
MD5: EB12E0DC83F6744F4E20F7559C88B89A
CRC32: D47CECBD
Version: 8.5.0.401

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} (AVG8 Find Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: AVG8 Find Extension
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} (Shell Extensions for RealOne Player)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Shell Extensions for RealOne Player
CLSID name: RealOne Player Context Menu Class
Path: C:\Programme\RealPlayer\
Long name: rpshell.dll
Short name:
Date (created): 17.02.2009 13:01:52
Date (last access): 14.08.2009 17:32:06
Date (last write): 17.02.2009 13:01:52
Filesize: 63040
Attributes: archive
MD5: F8C799BB63C6020BE54E4132E1866BE0
CRC32: 193D49A0
Version: 1.0.1.3001

{D9872D13-7651-4471-9EEE-F0A00218BEBB} (Multiscan)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Multiscan
CLSID name: ZLAVShExt Class
Path: C:\Programme\Zone Labs\ZoneAlarm\
Long name: zlavscan.dll
Short name:
Date (created): 23.06.2008 23:43:08
Date (last access): 29.12.2009 14:57:16
Date (last write): 09.07.2008 08:05:12
Filesize: 50664
Attributes: archive
MD5: F84503799F785E838D87AE8F08EAE350
CRC32: 0A542523
Version: 7.0.483.0

{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} (OODefrag)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: OODefrag
CLSID name: OODShellExtObj Class
Path: C:\PROGRA~1\OODEFR~1\
Long name: oodsh.dll
Short name:
Date (created): 11.05.2005 02:30:40
Date (last access): 29.12.2009 14:57:18
Date (last write): 11.05.2005 02:30:40
Filesize: 376832
Attributes: archive
MD5: C24F4537CBFC763AD2D482340B5876F8
CRC32: 1FACEDDA
Version: 1.0.1.2596

{44440D00-FF19-4AFC-B765-9A0970567D97} (TuneUp Theme Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: TuneUp Theme Extension
CLSID name: TuneUp Theme Extension
Path: %SystemRoot%\System32\
Long name: uxtuneup.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} (TuneUp Shredder Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: TuneUp Shredder Shell Extension
CLSID name: TuneUp Shredder Shell Extension
Path: C:\Programme\TuneUp Utilities 2010\
Long name: SDShelEx-win32.dll
Short name: SDSHEL~1.DLL
Date (created): 13.11.2009 09:25:24
Date (last access): 29.12.2009 12:39:46
Date (last write): 13.11.2009 09:25:24
Filesize: 30536
Attributes: archive
MD5: 0AC7ACB0FCDAC258ECE3FEC74B53AE96
CRC32: 4C57101A
Version: 9.0.2010.9

{4838CD50-7E5D-4811-9B17-C47A85539F28} (TuneUp Disk Space Explorer Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: TuneUp Disk Space Explorer Shell Extension
CLSID name: TuneUp Disk Space Explorer Shell Extension
Path: C:\Programme\TuneUp Utilities 2010\
Long name: DseShExt-x86.dll
Short name: DSESHE~1.DLL
Date (created): 13.11.2009 09:25:08
Date (last access): 28.12.2009 13:08:54
Date (last write): 13.11.2009 09:25:08
Filesize: 26440
Attributes: archive
MD5: F63BF5F3FDF08C57FA39B01DC1FB87A8
CRC32: 9DB8D7FC
Version: 9.0.2010.9

{35786D3C-B075-49b9-88DD-029876E11C01} (Portable Devices)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Portable Devices
CLSID name: Portable Devices
Path: %SystemRoot%\system32\
Long name: wpdshext.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} (Portable Devices Menu)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: Portable Devices Menu
CLSID name: Portable Devices Menu
Path: %SystemRoot%\system32\
Long name: wpdshext.dll
MD5: D41D8CD98F00B204E9800998ECF8427E


--- Browser helper object list ---

{CFBFAE00-17A6-11D0-99CB-00C04FD64497} (Microsoft Url Sucheingriff)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
BHO name:
CLSID name: Microsoft Url Sucheingriff
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{01E04581-4EEE-11D0-BFE9-00AA005B4383} (&Adresse)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
BHO name:
CLSID name: &Adresse
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (Grab Pro)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
BHO name:
CLSID name: Grab Pro
Path: C:\Programme\Orbitdownloader\
Long name: GrabPro.dll
Short name:
Date (created): 30.04.2009 21:09:42
Date (last access): 02.12.2009 13:20:52
Date (last write): 26.11.2009 11:03:00
Filesize: 662720
Attributes: archive
MD5: 604ACE62FF8139CED938792D9AD88D4F
CRC32: 739F8BB8
Version: 1.0.0.17

{0E5CBF21-D15F-11D0-8301-00AA005B4383} (&Links)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
BHO name:
CLSID name: &Links
Path: %SystemRoot%\system32\
Long name: SHELL32.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{01E04581-4EEE-11D0-BFE9-00AA005B4383} (&Adresse)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\
BHO name:
CLSID name: &Adresse
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{0E5CBF21-D15F-11D0-8301-00AA005B4383} (&Links)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\
BHO name:
CLSID name: &Links
Path: %SystemRoot%\system32\
Long name: SHELL32.dll
MD5: D41D8CD98F00B204E9800998ECF8427E

{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (Grab Pro)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\
BHO name:
CLSID name: Grab Pro
Path: C:\Programme\Orbitdownloader\
Long name: GrabPro.dll
Short name:
Date (created): 30.04.2009 21:09:42
Date (last access): 29.12.2009 15:12:08
Date (last write): 26.11.2009 11:03:00
Filesize: 662720
Attributes: archive
MD5: 604ACE62FF8139CED938792D9AD88D4F
CRC32: 739F8BB8
Version: 1.0.0.17

{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} (Winamp Toolbar)
location: HKEY_USERS\S-1-5-21-606747145-1303643608-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\
BHO name:
CLSID name: Winamp Toolbar
Path: C:\Programme\Winamp Toolbar\
Long name: winamptb.dll
Short name:
Date (created): 06.05.2009 15:22:22
Date (last access): 29.12.2009 15:11:38
Date (last write): 06.05.2009 15:22:22
Filesize: 1262888
Attributes: archive
MD5: 2A876E86DEF8E955F1D567D4FBC400E1
CRC32: 13FBE9CD
Version: 5.1.56.1


--- ActiveX list ---

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 11.10.2009 02:14:36
Date (last access): 11.10.2073 04:18:30
Date (last write): 11.10.2009 04:17:30
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:
MD5: D41D8CD98F00B204E9800998ECF8427E

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 11.10.2009 02:14:36
Date (last access): 29.12.2009 15:12:08
Date (last write): 11.10.2009 04:17:30
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 11.10.2009 02:14:36
Date (last access): 29.12.2009 15:12:08
Date (last write): 11.10.2009 04:17:30
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4


--- ActiveX list ---
__________________

Antwort

Themen zu nerviger virus/trojaner, downadup?
adobe, antiwpa, avg, avg free, bho, computer, downadup, einstellungen, excel, explorer, fehler, festplatte, free download, google, gupdate, hijack-this, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, jwgkvsq.vmx, löschen, microsoft, monitor, nerviger virus/trojaner, neu aufsetzen, neustart, notebook, pop-ups, programme, registry, server, software, studio, virus/trojaner, windows xp



Ähnliche Themen: nerviger virus/trojaner, downadup?


  1. nerviger Rechner-Verlangsamungs-Virus
    Plagegeister aller Art und deren Bekämpfung - 18.08.2015 (21)
  2. Nerviger Virus, der im Internet nach öffnen einer Seite eine Werbeseite öffnet. (adfoc.us)
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (15)
  3. Nerviger Werbung Virus
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (6)
  4. BKA Virus nerviger denn je :(
    Log-Analyse und Auswertung - 11.09.2011 (8)
  5. W32.Downadup
    Plagegeister aller Art und deren Bekämpfung - 04.08.2011 (3)
  6. Conficker-Virus ohne Admin-Rechte entfernen? (Conficker, Downadup, Kido,...)
    Plagegeister aller Art und deren Bekämpfung - 11.03.2011 (9)
  7. Nerviger Virus/Trojaner!
    Log-Analyse und Auswertung - 29.12.2009 (3)
  8. Keine Netzwerkverbindung nach Downadup Removal
    Log-Analyse und Auswertung - 27.09.2009 (1)
  9. Nerviger virus der die CPU hochtreibt
    Plagegeister aller Art und deren Bekämpfung - 07.09.2009 (1)
  10. Nerviger kleiner Virus aus dem Chat.. bitte um hilfe
    Plagegeister aller Art und deren Bekämpfung - 28.03.2009 (1)
  11. Nerviger Trojaner TR/Iceroe.128000A
    Log-Analyse und Auswertung - 23.03.2009 (9)
  12. Log - nerviger virus
    Mülltonne - 31.01.2009 (0)
  13. Nerviger Trojaner o. Virus
    Log-Analyse und Auswertung - 23.05.2007 (7)
  14. Nerviger Trojaner Dldr.iBill.A
    Log-Analyse und Auswertung - 08.01.2007 (1)
  15. Nerviger Trojaner JS/Click.Tagem.A
    Mülltonne - 10.06.2006 (1)
  16. Nerviger Trojaner, Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 12.03.2006 (3)
  17. hilfe!nerviger virus?!
    Plagegeister aller Art und deren Bekämpfung - 09.01.2006 (2)

Zum Thema nerviger virus/trojaner, downadup? - hallo zusammen! seit etwa einer woche bekomm ich pop-ups von avg wenn ich einen wechseldatenträger an mein notebook anstecke. manchmal kommt davor noch ein windows-popup (fehler in .\recycler\S-5-3-42-821....65\jwgkvsq.vmx folgernder eintrag - nerviger virus/trojaner, downadup?...
Archiv
Du betrachtest: nerviger virus/trojaner, downadup? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.