Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren

Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren


Log-Analyse und Auswertung: Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.04.2012, 21:56   #1
MoeJoe86
 
Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren - Standard

Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren


Hallo alle miteinandern,

habe auch wie so mancher hier das Problem mit dem im Titel beschriebenen Trojaner/Virus.

Eigentlich bin ich ja nicht dumm in solchen Sachen, was heißen soll, wenn ich etwas in einem Forum lese und durchgehe kann ich die Fehler ja beheben. Nur in diesem Fall komme ich nicht weiter.

Also was ich bis jetzt gemacht habe:

1. Laptop neu gestartet und im "Abgesicherten Modus" gebootet.
2. Im "Abgesicherten Modus" einen neuen Benutzer erstellt
3. Mit dem neuen Benutzer im Internet gegoogelt und hier auf das "Trojaner-Board" gestoßen.
4. Hier im Forum umgeschaut und die Datei: "OTL.exe" heruntergeladen
5. "OTL.exe" gestartet und einen SCAN mit allen von euch vorgegebenen Einstellungen durchgeführt.
6. "Extra.txt" hochgeladen, beim Auswählen der "OTL.txt" sagte mir die Seite das die Datei zu groß sei.

Jetzt meine erste Frage: Was kann ich machen damit ich die "OTL.txt" hochladen kann
Die zweite Frage: wird sich denke wird sich hoffentlich dann nciht mehr ergeben müssen.


Vielen Dank im vorraus.

MoeJoe

Alt 13.04.2012, 06:59   #2
kira
/// Helfer-Team
 
Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren - Standard

Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren


Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • "Scanne alle Benutzer" bitte anhaken
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner - Installer herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles, die Du posten möchtest)[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira
__________________

__________________
Alt 13.04.2012, 19:33   #3
MoeJoe86
 
Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren - Standard

Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren


Code:
ATTFilter
Malwarebytes Anti-Malware Logfile
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mo :: TIMO2 [Administrator]

Schutz: Aktiviert

13.04.2012 20:06:26
mbam-log-2012-04-13 (20-06-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232200
Laufzeit: 1 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
 OTL-Logfile: OTL.txt


	
Code: 

 
ATTFilter


  

	
OTL logfile created on: 13.04.2012 20:21:08 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,78 Gb Total Physical Memory | 3,76 Gb Available Physical Memory | 65,02% Memory free
11,56 Gb Paging File | 9,00 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 429,49 Gb Total Space | 338,05 Gb Free Space | 78,71% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 16,73 Gb Free Space | 8,57% Space Free | Partition Type: NTFS
 
Computer Name: TIMO2 | User Name: Mo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.13 20:04:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mo\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.19 20:10:35 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2012.03.13 06:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.11.17 12:34:00 | 001,548,448 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011.11.03 18:04:04 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011.10.17 04:44:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.04 03:09:38 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011.10.04 00:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011.10.03 20:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2011.09.29 19:41:06 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
PRC - [2011.09.13 22:33:14 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011.07.22 00:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011.05.30 22:48:16 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.10.07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.08.20 18:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.07.09 23:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
PRC - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.11 11:52:29 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012.03.21 20:54:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012.03.21 20:15:39 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
MOD - [2012.03.21 20:15:39 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2012.03.21 20:15:14 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.03.21 20:15:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.03.21 20:14:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.03.21 20:14:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.03.21 20:14:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012.03.13 06:36:53 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.01.27 01:33:25 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011.11.17 12:33:58 | 000,209,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2011.11.03 18:04:02 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011.09.13 22:33:14 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2011.08.18 00:37:40 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
MOD - [2011.03.30 00:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011.02.19 06:23:39 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2011.02.19 06:23:39 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:53:24 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010.11.05 03:53:24 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2010.08.20 18:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.20 18:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2006.01.12 21:20:26 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.deu
MOD - [2006.01.12 21:13:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.01 03:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.07.28 06:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011.07.28 05:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.07.28 05:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011.06.03 21:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2011.03.04 01:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.04.11 22:40:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.17 04:44:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.29 19:41:06 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.31 09:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 09:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 04:56:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.10.19 04:56:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.10.17 04:44:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.10.04 03:48:40 | 000,394,728 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.10.04 03:48:38 | 000,129,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.09.19 09:54:46 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.08 16:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.08.08 16:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.08.04 02:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.26 10:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.21 13:01:14 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.14 00:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.09.07 18:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 12:43:25 | 000,000,000 | ---D | M]
 
[2012.04.11 22:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mo\AppData\Roaming\mozilla\Extensions
[2012.03.23 01:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.21 21:44:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.23 01:15:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27103675-283A-4D2A-9D5E-4DA54B64B850}: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61C4A035-25B6-48FE-99E9-EB799951AD92}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.13 20:04:30 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Mo\Desktop\OTL.exe
[2012.04.13 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Malwarebytes
[2012.04.13 20:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.13 20:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.13 20:04:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.13 20:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.13 19:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.04.13 19:56:35 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.04.13 19:44:42 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\Windows Live
[2012.04.13 19:44:25 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\{DB1CF834-C303-4707-8B4F-B02ED6A50A96}
[2012.04.12 23:18:53 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.12 23:18:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.12 23:18:52 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.12 23:18:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.12 23:18:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.12 23:18:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.12 23:18:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.12 23:18:51 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.12 23:18:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.12 23:18:51 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.12 23:18:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.12 23:18:24 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.12 23:18:24 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.12 23:18:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.12 23:17:01 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.12 23:17:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.12 23:16:59 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.12 22:44:47 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\{DB91B5F4-DD6D-4D35-9BC7-AE6A3196C222}
[2012.04.12 00:11:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.04.11 23:37:44 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\TuneUp Software
[2012.04.11 23:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.04.11 23:37:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.04.11 23:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2012.04.11 23:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner
[2012.04.11 23:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.04.11 23:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.04.11 23:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.04.11 23:28:43 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\AVS4YOU
[2012.04.11 23:28:22 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.04.11 23:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.04.11 23:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.04.11 23:14:47 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\Apple Computer
[2012.04.11 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\ASUS WebStorage
[2012.04.11 22:42:27 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Mozilla
[2012.04.11 22:42:27 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\Mozilla
[2012.04.11 22:40:14 | 008,767,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.11 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Avira
[2012.04.11 22:36:56 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\{BB0900B6-909A-49A9-890B-7533615967BA}
[2012.04.11 22:36:43 | 000,000,000 | ---D | C] -- C:\Users\Mo\Tracing
[2012.04.11 22:33:14 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Skype
[2012.04.11 22:32:38 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\ArcSoft
[2012.04.11 22:32:20 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\Adobe
[2012.04.11 22:32:13 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Adobe
[2012.04.11 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Apple Computer
[2012.04.11 22:32:02 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\ArcSoft
[2012.04.11 22:31:40 | 000,000,000 | R--D | C] -- C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.04.11 22:31:40 | 000,000,000 | R--D | C] -- C:\Users\Mo\Searches
[2012.04.11 22:31:40 | 000,000,000 | R--D | C] -- C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.04.11 22:31:30 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Identities
[2012.04.11 22:31:22 | 000,000,000 | R--D | C] -- C:\Users\Mo\Contacts
[2012.04.11 22:31:15 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\Power2Go
[2012.04.11 22:31:13 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\VirtualStore
[2012.04.11 22:31:06 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\ASUS
[2012.04.11 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Intel
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Vorlagen
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\AppData\Local\Verlauf
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\AppData\Local\Temporary Internet Files
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Startmenü
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\SendTo
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Recent
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Netzwerkumgebung
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Lokale Einstellungen
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Documents\Eigene Videos
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Documents\Eigene Musik
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Eigene Dateien
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Documents\Eigene Bilder
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Druckumgebung
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Cookies
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\AppData\Local\Anwendungsdaten
[2012.04.11 22:30:42 | 000,000,000 | -HSD | C] -- C:\Users\Mo\Anwendungsdaten
[2012.04.11 22:30:41 | 000,000,000 | --SD | C] -- C:\Users\Mo\AppData\Roaming\Microsoft
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\Videos
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\Saved Games
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\Pictures
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\Music
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\Links
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\Favorites
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\Downloads
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\Documents
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\Desktop
[2012.04.11 22:30:41 | 000,000,000 | R--D | C] -- C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.04.11 22:30:41 | 000,000,000 | -H-D | C] -- C:\Users\Mo\AppData
[2012.04.11 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\Temp
[2012.04.11 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mo\Roaming
[2012.04.11 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\Microsoft Help
[2012.04.11 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Local\Microsoft
[2012.04.11 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Media Center Programs
[2012.04.11 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mo\AppData\Roaming\Macromedia
[2012.04.11 12:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.11 12:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.04.11 12:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.04.11 11:52:29 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.04 21:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.04 21:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.03.29 16:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012.03.29 16:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations
[2012.03.29 16:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012.03.29 16:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.03.29 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012.03.29 16:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2012.03.29 16:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012.03.29 16:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012.03.29 16:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.03.29 15:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2012.03.29 15:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2012.03.29 15:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deutsche Telekom
[2012.03.23 19:52:02 | 002,552,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012.03.23 19:51:59 | 002,361,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012.03.23 19:51:59 | 001,924,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012.03.23 19:51:57 | 002,007,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2012.03.23 19:51:57 | 000,099,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012.03.23 01:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.03.23 01:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.23 01:15:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.23 01:15:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.23 01:15:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.23 01:15:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.23 01:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.21 21:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.21 21:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.21 21:44:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.03.21 21:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.03.21 14:24:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.03.21 14:24:37 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.03.21 14:24:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.03.21 14:24:36 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.03.21 14:24:21 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.03.21 14:24:17 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.03.21 14:24:16 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.03.21 14:24:16 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.03.21 14:24:16 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.03.21 14:24:16 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.03.21 14:24:16 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.03.21 14:24:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012.03.21 14:24:09 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.03.21 14:24:08 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.03.21 14:24:04 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.21 14:23:56 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.03.21 14:23:56 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.03.21 14:23:54 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012.03.21 14:23:53 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012.03.21 14:23:53 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012.03.21 14:23:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012.03.21 14:23:02 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.03.21 14:23:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.03.21 14:23:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.03.21 14:22:59 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012.03.21 14:22:59 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012.03.21 14:22:57 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.03.21 14:22:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012.03.21 14:22:56 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.03.21 14:17:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.21 14:17:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.21 14:17:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.21 14:17:06 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.21 14:17:06 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.19 20:53:59 | 000,000,000 | ---D | C] -- C:\eSupport
[2012.03.19 20:52:33 | 000,000,000 | ---D | C] -- C:\WIMAPPLY
[2012.03.19 20:13:44 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[2012.03.19 20:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012.03.19 20:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.03.19 20:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.03.19 20:10:36 | 000,080,512 | ---- | C] (ASUS) -- C:\Windows\AsusScr_K3 Series_ENG Uninstaller.exe
[2012.03.19 20:10:35 | 097,613,562 | ---- | C] (Axialis Software) -- C:\Windows\SysNative\AsusScr_K3 Series_ENG.scr
[2012.03.19 20:10:34 | 003,058,304 | ---- | C] (ASUS) -- C:\Windows\AsScrPro.exe
[2012.03.19 20:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstantOn
[2012.03.19 20:10:07 | 000,379,520 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\FBAgent.exe
[2012.03.19 20:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2012.03.19 20:09:43 | 000,155,648 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe
[2012.03.19 20:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G
[2012.03.19 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\P4G
[2012.03.19 20:08:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012.03.19 20:08:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012.03.19 20:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2012.03.19 20:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012.03.19 20:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.03.19 20:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.03.19 20:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.03.19 20:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2012.03.19 20:05:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.03.19 20:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.03.19 20:05:31 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.03.19 20:05:31 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.03.19 20:05:31 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.03.19 20:05:31 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.03.19 20:05:31 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.03.19 20:05:30 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012.03.19 20:05:30 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012.03.19 20:05:30 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.03.19 20:05:30 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012.03.19 20:05:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.03.19 20:05:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.03.19 20:05:30 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.03.19 20:05:30 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.03.19 20:05:30 | 000,180,048 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
[2012.03.19 20:05:30 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012.03.19 20:05:30 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.03.19 20:05:30 | 000,086,352 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
[2012.03.19 20:05:30 | 000,083,792 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
[2012.03.19 20:05:30 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
[2012.03.19 20:05:30 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFDAPO64.dll
[2012.03.19 20:05:30 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.03.19 20:05:30 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.03.19 20:05:30 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.03.19 20:05:30 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.03.19 20:05:29 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.03.19 20:05:29 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.03.19 20:05:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.03.19 20:05:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.03.19 20:05:29 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.03.19 20:05:29 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.03.19 20:05:29 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.03.19 20:05:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.03.19 20:05:29 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.03.19 20:05:29 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.03.19 20:05:29 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.03.19 20:05:29 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.03.19 20:05:29 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.03.19 20:05:28 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.03.19 20:05:28 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012.03.19 20:05:28 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012.03.19 20:05:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.03.19 20:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.03.19 20:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.03.19 20:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2012.03.19 20:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun
[2012.03.19 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.03.19 20:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.03.19 20:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2012.03.19 20:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.03.19 20:02:41 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2012.03.19 20:02:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.03.19 20:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.03.19 20:02:19 | 010,407,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.03.19 20:02:19 | 005,068,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.03.19 20:02:19 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.03.19 20:02:19 | 001,350,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2012.03.19 20:02:19 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2012.03.19 20:02:19 | 000,540,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhotkey.dll
[2012.03.19 20:02:19 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.03.19 20:02:19 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.03.19 20:02:19 | 000,055,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2012.03.19 20:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.03.19 20:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.03.19 20:01:53 | 008,796,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.03.19 20:01:53 | 007,047,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.03.19 20:01:53 | 000,862,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.03.19 20:01:53 | 000,718,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.03.19 20:01:53 | 000,371,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoptimusmft.dll
[2012.03.19 20:01:53 | 000,330,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoptimusmft.dll
[2012.03.19 20:01:53 | 000,028,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2012.03.19 20:01:52 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.03.19 20:01:52 | 024,747,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.03.19 20:01:52 | 018,874,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.03.19 20:01:52 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.03.19 20:01:52 | 015,695,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.03.19 20:01:52 | 013,206,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.03.19 20:01:52 | 007,585,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.03.19 20:01:52 | 005,581,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.03.19 20:01:52 | 002,822,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.03.19 20:01:52 | 002,544,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.03.19 20:01:52 | 002,472,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.03.19 20:01:52 | 002,403,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.03.19 20:01:52 | 002,233,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.03.19 20:01:52 | 002,100,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.03.19 20:01:52 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.03.19 20:01:52 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.03.19 20:01:52 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.03.19 20:01:52 | 000,301,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.03.19 20:01:52 | 000,241,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.03.19 20:01:52 | 000,203,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.03.19 20:01:52 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.19 20:01:52 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.03.19 20:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.03.19 20:01:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.03.19 20:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012.03.19 20:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012.03.19 20:00:40 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.03.19 20:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.03.19 20:00:36 | 000,000,000 | ---D | C] -- C:\Intel
[2012.03.19 19:59:18 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifsutil.dll
[2012.03.19 19:59:18 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifsutil.dll
[2012.03.19 19:58:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.03.19 19:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
[2012.03.19 19:54:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.03.19 18:43:07 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.03.19 18:43:07 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.03.19 18:43:07 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.03.19 18:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.19 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.03.19 13:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.03.19 13:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.03.19 13:43:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.03.19 13:43:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2012.03.19 13:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.03.19 13:38:59 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.03.19 13:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.03.19 13:38:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.03.19 13:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.03.19 13:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.03.19 13:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012.03.19 13:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.03.19 13:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.03.19 13:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.03.19 13:16:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.03.19 12:52:50 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.03.19 12:52:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.03.19 12:52:50 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.03.19 12:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.03.19 12:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.03.19 12:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.03.19 12:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.03.19 12:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.03.19 12:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.03.19 12:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.03.19 12:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.03.19 12:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.03.19 12:43:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.03.19 12:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.13 20:04:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mo\Desktop\OTL.exe
[2012.04.13 20:04:05 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.13 19:47:27 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.13 19:47:27 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.13 19:46:29 | 001,643,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.13 19:46:29 | 000,708,282 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.13 19:46:29 | 000,663,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.13 19:46:29 | 000,151,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.13 19:46:29 | 000,124,832 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.13 19:43:39 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012.04.13 19:40:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.13 19:39:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.13 19:39:11 | 360,751,103 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.11 23:45:52 | 000,352,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.11 23:43:32 | 000,001,364 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.04.11 22:40:34 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.11 22:40:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.11 22:40:14 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.11 12:14:17 | 000,002,252 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.02 13:51:46 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2012.03.24 16:02:48 | 002,509,202 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.23 01:15:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.23 01:15:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.23 01:15:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.23 01:15:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.21 20:00:13 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012.03.19 20:33:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012.03.19 20:33:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.19 20:27:01 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.03.19 20:27:01 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.03.19 20:12:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTEK_K43SD_K53SD_V30_WIN7.MRK
[2012.03.19 20:10:36 | 000,080,512 | ---- | M] (ASUS) -- C:\Windows\AsusScr_K3 Series_ENG Uninstaller.exe
[2012.03.19 20:10:35 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
[2012.03.19 20:09:01 | 000,018,264 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012.03.19 20:06:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012.03.19 20:03:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.03.19 12:29:13 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.13 20:04:05 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.11 22:31:52 | 000,001,411 | ---- | C] () -- C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.04.11 22:31:46 | 000,001,445 | ---- | C] () -- C:\Users\Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.04.11 11:52:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.29 16:04:17 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.03.23 19:51:58 | 000,180,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.03.21 20:00:13 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012.03.19 20:33:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012.03.19 20:33:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.19 20:12:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTEK_K43SD_K53SD_V30_WIN7.MRK
[2012.03.19 20:10:07 | 000,002,252 | ---- | C] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.03.19 20:10:07 | 000,001,364 | ---- | C] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.03.19 20:10:07 | 000,000,105 | ---- | C] () -- C:\Windows\SysNative\FastBoot.ini
[2012.03.19 20:10:07 | 000,000,080 | ---- | C] () -- C:\Windows\SysNative\Defrag.ini
[2012.03.19 20:10:07 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\RemoveFont.ini
[2012.03.19 20:10:07 | 000,000,015 | ---- | C] () -- C:\Windows\SysNative\BootTime.ini
[2012.03.19 20:09:38 | 000,003,116 | ---- | C] () -- C:\Windows\SysNative\wimfltr.inf
[2012.03.19 20:09:01 | 000,018,264 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012.03.19 20:06:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012.03.19 20:03:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.03.19 20:02:50 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012.03.19 20:02:19 | 001,985,841 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.03.19 20:01:52 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.03.19 19:54:50 | 360,751,103 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.19 13:44:51 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2012.03.19 13:44:51 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk
[2012.03.19 13:44:51 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2012.03.19 13:44:51 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2012.03.19 12:50:14 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.19 12:43:26 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.19 12:30:08 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011.11.07 11:47:37 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.11.07 11:45:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.07 11:45:40 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.07 11:45:38 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.07 11:45:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.07 11:45:34 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.10.19 06:26:32 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.10.19 06:11:04 | 002,509,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.04.11 22:47:29 | 000,000,000 | ---D | M] -- C:\Users\Mo\AppData\Roaming\ASUS WebStorage
[2012.04.11 23:37:44 | 000,000,000 | ---D | M] -- C:\Users\Mo\AppData\Roaming\TuneUp Software
[2009.07.14 07:08:49 | 000,015,498 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
__________________
Geändert von MoeJoe86 (13.04.2012 um 19:39 Uhr)

Alt 13.04.2012, 19:42   #4
MoeJoe86
 
Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren - Standard

Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.04.2012 20:21:08 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,78 Gb Total Physical Memory | 3,76 Gb Available Physical Memory | 65,02% Memory free
11,56 Gb Paging File | 9,00 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 429,49 Gb Total Space | 338,05 Gb Free Space | 78,71% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 16,73 Gb Free Space | 8,57% Space Free | Partition Type: NTFS
 
Computer Name: TIMO2 | User Name: Mo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K3 Series_ENG" = AsusScr_K3 Series_ENG
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2012 12:12:31 | Computer Name = timo2 | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
 nicht lesbar.  .
 
Error - 21.03.2012 13:07:02 | Computer Name = timo2 | Source = MsiInstaller | ID = 11935
Description = 
 
Error - 21.03.2012 13:10:23 | Computer Name = timo2 | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 21.03.2012 14:02:14 | Computer Name = timo2 | Source = ESENT | ID = 412
Description = Catalog Database (1312)Catalog Database: Die Kopfzeile der Protokolldatei
 C:\Windows\system32\CatRoot2\edb.log konnte nicht gelesen werden. Fehler -501.
 
Error - 21.03.2012 14:02:14 | Computer Name = timo2 | Source = ESENT | ID = 412
Description = Catalog Database (1312)Catalog Database: Die Kopfzeile der Protokolldatei
 C:\Windows\system32\CatRoot2\edb.log konnte nicht gelesen werden. Fehler -501.
 
Error - 21.03.2012 14:02:14 | Computer Name = timo2 | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -501.
 
Error - 21.03.2012 14:58:59 | Computer Name = timo2 | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 2f0    Startzeit: 01cd0793fb868583    Endzeit: 187    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID:   
 
Error - 21.03.2012 15:23:50 | Computer Name = timo2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454,
 Zeitstempel: 0x4f5ecbd4  Name des fehlerhaften Moduls: NPSWF32.dll, Version: 11.1.102.63,
 Zeitstempel: 0x4f4c3694  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00198a3e  ID des fehlerhaften
 Prozesses: 0xb74  Startzeit der fehlerhaften Anwendung: 0x01cd079632cd6a39  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll  Berichtskennung:
 62c93020-738b-11e1-a95c-5404a6362c3a
 
Error - 23.03.2012 13:50:05 | Computer Name = timo2 | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(60:c5:47:78:72:34@fe80::62c5:47ff:fe78:7234._apple-mobdev._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 28.03.2012 05:30:21 | Computer Name = timo2 | Source = MsiInstaller | ID = 11706
Description = 
 
[ System Events ]
Error - 22.03.2012 07:41:03 | Computer Name = timo2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 22.03.2012 07:52:46 | Computer Name = timo2 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 22.03.2012 07:52:46 | Computer Name = timo2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 26.03.2012 12:51:00 | Computer Name = timo2 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 26.03.2012 12:51:53 | Computer Name = timo2 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 26.03.2012 12:51:53 | Computer Name = timo2 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 26.03.2012 12:52:57 | Computer Name = timo2 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 26.03.2012 12:54:01 | Computer Name = timo2 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 26.03.2012 12:55:06 | Computer Name = timo2 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 26.03.2012 12:56:11 | Computer Name = timo2 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
 
< End of report >
--- --- ---


Code:
ATTFilter
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch	Adobe Systems	11.04.2012		7.1.0
Adobe AIR	Adobe Systems Incorporated	11.04.2012		3.2.0.2070
Adobe Download Assistant	Adobe Systems Incorporated	11.04.2012		1.0.6
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	10.04.2012	6,00MB	11.2.202.228
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	10.04.2012	6,00MB	11.2.202.228
Alcor Micro USB Card Reader	Alcor Micro Corp.	18.03.2012	2,96MB	1.2.0117.08443
Apple Application Support	Apple Inc.	18.03.2012	61,0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	18.03.2012	24,9MB	5.1.1.4
Apple Software Update	Apple Inc.	18.03.2012	2,38MB	2.1.3.127
ArcSoft Print Creations	ArcSoft	11.04.2012		2.8.255.384
ArcSoft Print Creations - Album Page	ArcSoft	11.04.2012		
ArcSoft Print Creations - Funhouse	ArcSoft	11.04.2012		
ArcSoft Print Creations - Greeting Card	ArcSoft	11.04.2012		
ArcSoft Print Creations - Photo Book	ArcSoft	11.04.2012		
ArcSoft Print Creations - Photo Calendar	ArcSoft	11.04.2012		
ArcSoft Print Creations - Scrapbook	ArcSoft	11.04.2012		
ArcSoft Print Creations - Slimline Card	ArcSoft	11.04.2012		
Asmedia ASM104x USB 3.0 Host Controller Driver	Asmedia Technology	18.03.2012	2,27MB	1.14.2.0
ASUS AI Recovery	ASUS	22.03.2012	9,10MB	1.0.24
ASUS FaceLogon	ASUS	18.03.2012	11,7MB	1.0.0012
ASUS LifeFrame3	ASUS	18.03.2012	32,3MB	3.0.25
ASUS Live Update	ASUS	22.03.2012	3,99MB	3.0.8
ASUS Power4Gear Hybrid	ASUS	18.03.2012	13,2MB	1.1.48
ASUS Sonic Focus	Synopsys 	22.03.2012	3,41MB	1.0.0.5
ASUS Splendid Video Enhancement Technology	ASUS	22.03.2012	19,6MB	1.02.0035
ASUS Virtual Camera	asus	18.03.2012	3,14MB	1.0.23
ASUS WebStorage	eCareme Technologies, Inc.	11.04.2012		3.0.108.222
AsusScr_K3 Series_ENG	ASUS	11.04.2012	93,2MB	1.0.0001
AsusVibe2.0	ASUSTEK	11.04.2012		2.0.7.142
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	18.03.2012		2.0.8.8
ATK Package	ASUS	18.03.2012	12,0MB	1.0.0014
Avira Free Antivirus	Avira	11.04.2012	109,5MB	12.0.0.898
Bing Bar	Microsoft Corporation	17.10.2011	24,4MB	7.0.610.0
Bonjour	Apple Inc.	18.03.2012	2,00MB	3.0.0.10
CCleaner	Piriform	12.04.2012		3.17
Control ActiveX de Windows Live Mesh para conexiones remotas	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
Controlo ActiveX do Windows Live Mesh para Ligações Remotas	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
Contrôle ActiveX Windows Live Mesh pour connexions à distance	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
CyberLink LabelPrint	CyberLink Corp.	18.03.2012	49,9MB	2.5.3624
CyberLink Media Suite	CyberLink Corp.	18.03.2012	40,5MB	8.0.2926
CyberLink Power2Go	CyberLink Corp.	18.03.2012	223MB	7.0.0.1126
Fast Boot	ASUS	18.03.2012	1,47MB	1.0.10
HiJackThis	Trend Micro	12.04.2012	0,36MB	1.0.0
InstantOn for NB	ASUS	18.03.2012	6,47MB	2.1.6
Intel(R) Control Center	Intel Corporation	19.03.2012		1.2.1.1007
Intel(R) Management Engine Components	Intel Corporation	19.03.2012		7.0.0.1144
Intel(R) Processor Graphics	Intel Corporation	19.03.2012		8.15.10.2462
Intel(R) PROSet/Wireless WiFi Software	Intel Corporation	18.03.2012	137,3MB	14.2.0000
Intel(R) Turbo Boost Technology Monitor 2.0	Intel	18.03.2012	13,3MB	2.1.23.0
iTunes	Apple Inc.	10.04.2012	157,3MB	10.6.1.7
Java(TM) 6 Update 29	Oracle	22.03.2012	95,0MB	6.0.290
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	12.04.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	18.10.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	18.10.2011	52,0MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation	17.10.2011	6,31MB	14.0.4763.1000
Microsoft Office Enterprise 2007	Microsoft Corporation	11.04.2012		12.0.6612.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	23.03.2012	7,95MB	14.0.5130.5003
Microsoft Silverlight	Microsoft Corporation	20.03.2012	40,4MB	4.1.10111.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	17.10.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	20.03.2012	0,29MB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	17.10.2011	0,61MB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	28.03.2012	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	18.03.2012	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	20.03.2012	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	20.03.2012	12,3MB	10.0.40219
Mozilla Firefox 11.0 (x86 de)	Mozilla	11.04.2012	35,8MB	11.0
NVIDIA Graphics Driver 285.64	NVIDIA Corporation	18.03.2012		285.64
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	22.03.2012		6.0.1.6499
Skype Click to Call	Skype Technologies S.A.	20.03.2012	13,8MB	5.10.9560
Skype™ 5.8	Skype Technologies S.A.	20.03.2012	19,0MB	5.8.158
Synaptics Pointing Device Driver	Synaptics Incorporated	18.03.2012	46,4MB	15.3.17.0
Windows Live Essentials	Microsoft Corporation	18.10.2011		15.4.3538.0513
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
WinFlash	ASUS	18.03.2012	0,84MB	2.32.0
WinRAR 4.11 (64-Bit)	win.rar GmbH	03.04.2012		4.11.0
Wireless Console 3	ASUS	18.03.2012	9,11MB	3.0.24
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
Элемент управления Windows Live Mesh ActiveX для удаленных подключений	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة	Microsoft Corporation	17.10.2011	5,38MB	15.4.5722.2
適用遠端連線的 Windows Live Mesh ActiveX 控制項	Microsoft Corporation	17.10.2011	5,57MB	15.4.5722.2

Alt 13.04.2012, 21:20   #5
kira
/// Helfer-Team
 
Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren - Standard

Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren


** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Alt 15.04.2012, 17:54   #6
MoeJoe86
 
Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren - Standard

Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren


Bevor wir hier noch zwanzig mal diverse Dinge probieren, frage ich lieber nochmal, ob es egal ist wenn ich einen neune Benutzer erstellt habe und nicht im "Abgesicherten Modus" die Scans laufen lasse?

Hier nochmal das Scanergebnis nach Vollständigem Scan:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mo :: TIMO2 [Administrator]

Schutz: Aktiviert

15.04.2012 18:44:05
mbam-log-2012-04-15 (18-44-05).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 362965
Laufzeit: 1 Stunde(n), 1 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 16.04.2012, 06:38   #7
kira
/// Helfer-Team
 
Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren - Standard

Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren


im betroffenen Benutzerkonto und im normalen Modus ausführen:

1.
Wenn nicht bewusst installiert hast bzw nicht benötigst, kannst deinstallieren (unter Software):
Code:
ATTFilter
Bing Bar 
-> Bing Bar aus Firefox und Internet Explorer entfernen
Immer mehr Programme bringen eine Toolbar mit.(wie z.B. Google, Yaho,Messenger, Winamp, ICQ usw). Manche Zustimmung der User installiert, manche wieder ohne Wissen des Benutzers Viele davon sehr fehleranfällig und fressen eine Menge an Systemressourcen. Zur funktionstüchtigen Installation der jeweiligen Software ist Toolbar aber nicht notwendig, zudem die meisten modernen Browser mit vielen zusätzlichen Funktionen ausgestattet sind. Ausserdem die dazugehörigen Programme, funktionieren auch ohne...
- meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

:Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
C:\Program Files (x86)\Eusing Free Registry Cleaner
C:\Program Files (x86)\Kodak
C:\ProgramData\Kodak
C:\ProgramData\McAfee
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

3.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • "Scanne alle Benutzer" bitte anhaken
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Antwort

Themen zu Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren
abgesicherten, benutzer, center, datei, einstellungen, euro, fehler, forum, frage, internet, laptop, modus, neu, neue, neuen, problem, sache, sachen, scan, security, seite, sperren, trojaner, trojaner-board, windows, windows security center


« Windows Live Messanger [Virus] Logfiles | Weißer bildschirm "bitte warte..." OTL erstellt »


Ähnliche Themen: Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren


  1. Computer gesperrt durch windows security center, 100euro bezahlen
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (5)
  2. Computer geblockt durch fullscreen modus windows security center, 100euro bezahlen
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (3)
  3. Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (9)
  4. Windows Security Center Trojaner eingefangen
    Log-Analyse und Auswertung - 06.04.2012 (32)
  5. Windows Security Center 100Euro Zahlung?
    Mülltonne - 14.03.2012 (9)
  6. Windows Security Center Trojaner sperrt PC
    Log-Analyse und Auswertung - 14.03.2012 (24)
  7. BKA Virus, soll 100Euro bezahlen um Pc zu entsperren..
    Plagegeister aller Art und deren Bekämpfung - 23.02.2012 (1)
  8. 100Euro Trojaner - Windows Security Center
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (20)
  9. Trojaner Windows Security Center 100€ bezahlen
    Log-Analyse und Auswertung - 15.02.2012 (1)
  10. Windows Security Center - 100€ Strafe, falsche Windowslizenz, Ucash
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (12)
  11. Security center sperrt PC - 100€ Strafe
    Log-Analyse und Auswertung - 07.02.2012 (10)
  12. Security Center - nicht lizensierte windows version 100 euro strafe
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (1)
  13. Windows Security Center - 100€ Strafe, falsche Windowslizenz, Ucash
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (12)
  14. Trojaner: 100Euro Windows Fake Security Drohung
    Log-Analyse und Auswertung - 05.02.2012 (15)
  15. windows security center 100 € strafe Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (2)
  16. Windows security center 100 Euro strafe computer gesperrt u kash Hilfe bitte
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (15)
  17. Staatspolizei Trojaner 100euro Strafe Nichts Funktioniert mehr ....
    Log-Analyse und Auswertung - 27.01.2012 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren - Hallo alle miteinandern, habe auch wie so mancher hier das Problem mit dem im Titel beschriebenen Trojaner/Virus. Eigentlich bin ich ja nicht dumm in solchen Sachen, was heißen soll, wenn - Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren...
Archiv
Du betrachtest: Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55