| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner....leider :-(Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.07.2012, 13:52
| #1 | ||
| |  GVU Trojaner....leider :-( Hab mir ebenfalls den neusten GVU Trojaner eingefangen. Es wäre ein Traum wenn ich eine Neuinstallation von Windows vermeiden könnte. Hier meine OTL Logfiles: Zitat:
Zitat:
 |
|
06.07.2012, 06:49
| #2 | |||||
| /// Helfer-Team    | GVU Trojaner....leider :-( Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert: Code:
ATTFilter Bing Bar
DVDVideoSoftTB Toolbar
Conduit Engine/com
SweetIM
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http://www.astroburn-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.06.29 16:58:44 | 000,000,853 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\11-suche.xml
[2011.08.23 13:38:42 | 000,002,071 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\absearch-search.xml
[2012.06.29 16:58:44 | 000,002,209 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 16:58:44 | 000,010,506 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\gmx-suche.xml
[2012.06.29 16:58:44 | 000,002,368 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\lastminute.xml
[2012.06.29 16:58:44 | 000,005,489 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\webde-suche.xml
[2012.06.22 10:48:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.22 10:48:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.22 10:48:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 10:48:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 10:48:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
[2012.07.05 12:42:52 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.05 12:42:44 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.04 23:55:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.04 22:57:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4273410957-3945204945-2333244739-1001UA.job
[2012.07.04 22:25:27 | 000,001,881 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 15:14:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4273410957-3945204945-2333244739-1001Core.job
[2012.07.04 22:25:27 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.04 22:25:27 | 000,001,881 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 15:14:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4273410957-3945204945-2333244739-1001Core.job
[2012.07.04 22:57:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4273410957-3945204945-2333244739-1001UA.job
:Files
C:\ProgramData\l_u0_0.pad
C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. kann deinstalliert werden: Code:
ATTFilter Norton Security Scan
4. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
5. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
6. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
06.07.2012, 09:53
| #3 |
| | GVU Trojaner....leider :-(Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\11-suche.xml moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\absearch-search.xml moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\lastminute.xml moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\xochirt8.default\searchplugins\webde-suche.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
C:\ProgramData\l_u0_0.pad moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4273410957-3945204945-2333244739-1001UA.job moved successfully.
C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4273410957-3945204945-2333244739-1001Core.job moved successfully.
File C:\ProgramData\l_u0_0.pad not found.
File C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4273410957-3945204945-2333244739-1001Core.job not found.
File C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4273410957-3945204945-2333244739-1001UA.job not found.
========== FILES ==========
File\Folder C:\ProgramData\l_u0_0.pad not found.
File\Folder C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Asus\Desktop\cmd.bat deleted successfully.
C:\Users\Asus\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Asus
->Temp folder emptied: 1575321459 bytes
->Temporary Internet Files folder emptied: 92072485 bytes
->Java cache emptied: 68538 bytes
->FireFox cache emptied: 163800808 bytes
->Google Chrome cache emptied: 22897288 bytes
->Flash cache emptied: 8116852 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 250533618 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.015,00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07062012_104002
Files\Folders moved on Reboot...
C:\Users\Asus\AppData\Local\Temp\0_0u_l.exe moved successfully.
C:\Users\Asus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Asus\AppData\Local\Temp\0_0u_l.exe not found!
File C:\Users\Asus\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Asus :: SEV-PC [Administrator] Schutz: Aktiviert 06.07.2012 11:12:11 mbam-log-2012-07-06 (11-12-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 485720 Laufzeit: 1 Stunde(n), 26 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\_OTL\MovedFiles\07062012_104002\C_Users\Asus\AppData\Local\Temp\0_0u_l.exe (Trojan.Agent) -> Keine Aktion durchgeführt. D:\Programme\Photoshop\www.torrent.to...Adobe.Photoshop.Lightroom.v4.1.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Programme\Photoshop\www.torrent.to...Adobe.Photoshop.Lightroom.v4.1.Multilingual.Incl.Keymaker-CORE\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Spiele\Anno 2070\Anno.2070-RELOADED\Spiel-Installiert\solidcore32.dll (Trojan.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Spiele\BF BC 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 22.08.2011 4,53MB 9.20.00.0 Adobe AIR Adobe Systems Inc. 19.06.2012 1.1.0.5790 Adobe CSI CS4 x64 23.03.2011 Adobe Drive CS4 x64 23.03.2011 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 06.05.2012 6,00MB 11.2.202.235 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 22.06.2012 6,00MB 11.3.300.262 Adobe Illustrator CS4 Adobe Systems Incorporated 19.06.2012 1,35GB 14.0 Adobe Media Player Adobe Systems Incorporated 19.06.2012 1.1 Adobe Photoshop CS3 Adobe Systems Incorporated 23.01.2012 1,10GB 10.0 Adobe Photoshop Lightroom 4.1 64-bit Adobe 10.06.2012 819MB 4.1.2 ANNO 1404 Ubisoft 25.08.2011 1.02.0000 ANNO 1404 - Venice Ubisoft 25.08.2011 2.0.5008.0 ANNO 2070 Ubisoft 02.01.2012 1.0.0.0 Apple Application Support Apple Inc. 16.02.2012 61,2MB 2.1.6 Apple Mobile Device Support Apple Inc. 16.02.2012 24,8MB 4.0.0.97 Apple Software Update Apple Inc. 16.02.2012 2,38MB 2.1.3.127 ASUS AI Recovery ASUS 23.03.2011 6,95MB 1.0.13 ASUS FancyStart ASUSTeK Computer Inc. 23.03.2011 12,0MB 1.0.8 ASUS K3 Series ScreenSaver ASUS 23.03.2011 52,8MB 1.0.0002 ASUS LifeFrame3 ASUS 23.03.2011 27,7MB 3.0.20 ASUS Power4Gear Hybrid ASUS 23.03.2011 13,2MB 1.1.43 ASUS SmartLogon ASUS 23.03.2011 10,9MB 1.0.0008 ASUS Splendid Video Enhancement Technology ASUS 23.03.2011 24,4MB 1.02.0030 ASUS Virtual Camera asus 23.03.2011 3,12MB 1.0.20 ATK Package ASUS 04.10.2011 12,0MB 1.0.0010 Battlefield: Bad Company™ 2 Electronic Arts 23.08.2011 5,73GB 1.0.0.0 Blender Blender Foundation 15.01.2012 2.61-release Bonjour Apple Inc. 16.02.2012 2,00MB 3.0.0.10 Call of Duty: Black Ops 24.08.2011 Canon Inkjet Printer Driver Add-On Module 17.09.2011 CCleaner Piriform 22.06.2012 3.20 CDBurnerXP CDBurnerXP 27.12.2011 12,7MB 4.4.0.2838 Control ActiveX de Windows Live Mesh para conexiones remotas Microsoft Corporation 23.03.2011 5,37MB 15.4.5722.2 Controlo ActiveX do Windows Live Mesh para Ligações Remotas Microsoft Corporation 23.03.2011 5,38MB 15.4.5722.2 Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 23.03.2011 5,37MB 15.4.5722.2 Counter-Strike 23.12.2011 Counter-Strike 1.6 23.09.2011 1.00.0000 CyberLink LabelPrint CyberLink Corp. 23.03.2011 137MB 2.5.1908 CyberLink Power2Go CyberLink Corp. 23.03.2011 110MB 6.1.3602c DAEMON Tools Lite DT Soft Ltd 22.08.2011 4.41.3.0173 Die Siedler 7 Ubisoft 23.08.2011 1.02.1221 DivX-Setup DivX, LLC 04.06.2012 2.6.1.8 Facebook Video Calling 1.2.0.159 Skype Limited 22.03.2012 4,76MB 1.2.159 Fallout New Vegas 25.08.2011 Fast Boot ASUS 23.03.2011 1,46MB 1.0.8 Free Audio Converter version 5.0.4.1228 DVDVideoSoft Ltd. 12.01.2012 57,3MB Free YouTube to MP3 Converter version 3.10.17.221 DVDVideoSoft Ltd. 26.02.2012 71,5MB 3.10.17.221 Google Chrome Google Inc. 23.03.2011 20.0.1132.47 Google SketchUp 8 Google, Inc. 24.06.2012 72,5MB 3.0.14358 Intel(R) Control Center Intel Corporation 07.07.2011 1.2.1.1007 Intel(R) Processor Graphics Intel Corporation 17.09.2011 8.15.10.2291 Intel(R) Turbo Boost Technology Monitor Intel 23.03.2011 2,15MB 1.0.400.4 IsoBuster 2.8.5 Smart Projects 25.08.2011 10,7MB 2.8.5 iTunes Apple Inc. 16.02.2012 172MB 10.5.3.3 Java(TM) 7 Update 3 (64-bit) Oracle 16.05.2012 93,6MB 7.0.30 Java(TM) 7 Update 4 Oracle 16.05.2012 99,3MB 7.0.40 JavaFX 2.1.0 Oracle Corporation 16.05.2012 20,8MB 2.1.0 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 06.07.2012 18,0MB 1.61.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 08.09.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 08.09.2011 2,93MB 4.0.30319 Microsoft Office Professional Plus 2010 Microsoft Corporation 19.02.2012 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 11.05.2012 100MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 23.03.2011 1,69MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22.08.2011 298KB 8.0.59193 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 22.08.2011 572KB 8.0.61000 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 23.08.2011 3,51MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.08.2011 594KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 12.01.2012 228KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.08.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.11.2011 15,0MB 10.0.40219 Mozilla Firefox 13.0.1 (x86 de) Mozilla 22.06.2012 35,8MB 13.0.1 Mozilla Maintenance Service Mozilla 22.06.2012 309KB 13.0.1 MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 23.03.2011 1,53MB 4.30.2107.0 NBA 2K12 2K Sports 03.01.2012 1.0.0 Nuance PDF Reader Nuance Communications, Inc. 23.03.2011 47,8MB 6.00.0041 NVIDIA 3D Vision Controller-Treiber 296.10 NVIDIA Corporation 14.03.2012 296.10 NVIDIA Grafiktreiber 296.10 NVIDIA Corporation 14.03.2012 296.10 NVIDIA PhysX-Systemsoftware 9.12.0213 NVIDIA Corporation 14.03.2012 9.12.0213 NVIDIA Update 1.7.11 NVIDIA Corporation 14.03.2012 1.7.11 Oblivion Bethesda Softworks 29.09.2011 1.00.0000 PunkBuster Services Even Balance, Inc. 23.08.2011 0.988 Realtek Ethernet Controller Driver For Windows 7 Realtek 23.03.2011 7.21.531.2010 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 23.03.2011 6.0.1.6294 Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 23.03.2011 6.1.7600.10001 Skype™ 5.5 Skype Technologies S.A. 17.10.2011 17,0MB 5.5.124 Stronghold 2 Deluxe Firefly Studios 16.10.2011 1.40.000 Stronghold 3 01.11.2011 3,77GB Stronghold Crusader Extreme Firefly Studios 24.08.2011 1.20.0000 Trend Micro Titanium Internet Security Trend Micro Inc. 23.03.2011 210MB 3.0 Ubisoft Game Launcher UBISOFT 23.08.2011 1.0.0.0 VLC media player 2.0.1 VideoLAN 21.03.2012 2.0.1 Windows Live Essentials Microsoft Corporation 19.03.2012 15.4.3538.0513 Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 23.03.2011 5,37MB 15.4.5722.2 Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 23.03.2011 5,37MB 15.4.5722.2 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 23.03.2011 5,38MB 15.4.5722.2 WinFlash ASUS 23.03.2011 856KB 2.31.0 WinRAR 4.01 (64-bit) win.rar GmbH 16.10.2011 4.01.0 Wireless Console 3 ASUS 23.03.2011 2,44MB 3.0.19 µTorrent 22.08.2011 3.0.0 Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις Microsoft Corporation 23.03.2011 5,38MB 15.4.5722.2 פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים Microsoft Corporation 23.03.2011 5,37MB 15.4.5722.2 適用遠端連線的 Windows Live Mesh ActiveX 控制項 Microsoft Corporation 23.03.2011 5,56MB 15.4.5722.2 |
|
06.07.2012, 12:15
| #4 |
| | GVU Trojaner....leider :-(Code:
ATTFilter OTL logfile created on: 06.07.2012 12:52:39 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Asus\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 59,33% Memory free 7,83 Gb Paging File | 6,18 Gb Available in Paging File | 79,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 33,11 Gb Free Space | 28,43% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 163,75 Gb Free Space | 49,95% Space Free | Partition Type: NTFS Computer Name: SEV-PC | User Name: Asus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.05 14:24:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe PRC - [2012.06.22 10:48:23 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.06.22 10:47:01 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.08.23 13:35:11 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.08.21 17:43:22 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.05.20 11:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.03.23 19:58:32 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.08.17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2012.06.22 10:48:23 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.06.22 10:47:00 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2010.11.30 22:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV:64bit: - [2010.04.17 01:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.06.22 10:48:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.19 11:59:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.23 13:35:11 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.08.21 17:43:22 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.03.01 02:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.08.25 19:10:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.08.25 19:10:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.08.22 18:35:33 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.14 18:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010.09.14 04:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.08.03 12:43:13 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.06.23 03:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.17 01:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.03.02 10:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.06.25 09:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) DRV:64bit: - [2007.06.25 09:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117obex.sys -- (s117obex) DRV:64bit: - [2007.06.25 09:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) DRV:64bit: - [2007.06.25 09:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdm.sys -- (s117mdm) DRV:64bit: - [2007.06.25 09:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2007.06.25 09:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdfl.sys -- (s117mdfl) DRV:64bit: - [2007.06.25 09:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM) DRV - [2011.05.25 19:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Englische Ergebnisse" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.http: "188.93.20.179" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Asus\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.03.23 19:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.04 21:46:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.22 10:48:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.25 00:51:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.22 10:48:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.25 00:51:17 | 000,000,000 | ---D | M] [2011.08.21 17:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions [2012.06.29 16:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\xochirt8.default\extensions [2012.06.27 21:09:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\xochirt8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.02.26 21:38:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\xochirt8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.25 22:25:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\xochirt8.default\extensions\firefox@tvunetworks.com [2011.08.21 17:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.17 16:10:03 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOCHIRT8.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.06.29 16:58:42 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOCHIRT8.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.22 10:48:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.22 10:48:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Asus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Asus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BB27F3-D1B0-4A2E-82A7-CC0178C6AD49}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{96b38b31-cca7-11e0-8727-bcaec550397b}\Shell - "" = AutoRun O33 - MountPoints2\{96b38b31-cca7-11e0-8727-bcaec550397b}\Shell\AutoRun\command - "" = G:\setup.exe /autorun O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.06 12:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.06 12:15:30 | 000,000,000 | ---D | C] -- C:\Users\Asus\4.0 [2012.07.06 12:15:28 | 000,000,000 | ---D | C] -- C:\Users\Asus\.tfo4 [2012.07.06 11:10:18 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Malwarebytes [2012.07.06 11:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.06 11:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.06 11:10:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.06 11:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.06 10:40:02 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.06 10:35:00 | 000,252,712 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\ETDUninst.dll [2012.07.05 14:24:43 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe [2012.06.24 14:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.06.24 14:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2012.06.22 10:48:57 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Macromedia [2012.06.21 10:23:01 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.21 10:23:01 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.21 10:23:01 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.21 10:22:55 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.21 10:22:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.21 10:22:55 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.21 10:22:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.21 10:22:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.19 12:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012.06.19 12:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012.06.19 12:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2012.06.19 12:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.06.14 14:55:22 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 14:55:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 14:55:10 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.14 14:55:08 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 14:55:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 14:55:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 14:55:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 14:55:05 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 14:55:05 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 14:54:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.14 14:54:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.14 14:54:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.14 14:54:44 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.14 14:54:42 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.14 14:54:41 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.14 14:54:40 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.14 14:54:33 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.14 14:54:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.10 17:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.06.10 16:43:17 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\8°° Session ========== Files - Modified Within 30 Days ========== [2012.07.06 12:55:34 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.06 12:52:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 12:52:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 12:49:51 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.06 12:49:51 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.06 12:49:51 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.06 12:49:51 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.06 12:49:51 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.06 12:45:59 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.07.06 12:45:55 | 000,002,220 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.07.06 12:45:53 | 000,001,329 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.07.06 12:45:39 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2012.07.06 12:45:37 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2012.07.06 12:45:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.06 12:45:21 | 3151,900,672 | -HS- | M] () -- C:\hiberfil.sys [2012.07.06 11:10:11 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.06 10:49:37 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll [2012.07.06 10:49:06 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe [2012.07.06 10:48:40 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.07.06 10:40:21 | 000,001,881 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.05 14:24:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe [2012.07.02 10:26:47 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.24 14:16:10 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012.06.22 10:47:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.22 10:47:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.22 10:45:42 | 003,266,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.19 14:56:09 | 000,034,333 | ---- | M] () -- C:\Users\Asus\Desktop\Cap copy.jpg [2012.06.19 14:54:18 | 000,034,549 | ---- | M] () -- C:\Users\Asus\Desktop\Cap copy2.jpg [2012.06.18 15:59:37 | 000,060,884 | ---- | M] () -- C:\Users\Asus\Desktop\Tshirt copy.jpg [2012.06.18 15:41:36 | 000,012,553 | ---- | M] () -- C:\Users\Asus\Desktop\Cap.jpg [2012.06.18 15:37:12 | 000,028,218 | ---- | M] () -- C:\Users\Asus\Desktop\Tshirt.jpg [2012.06.17 18:03:31 | 001,126,378 | ---- | M] () -- C:\Users\Asus\Desktop\Rechnungen.pdf [2012.06.14 15:55:06 | 000,721,607 | ---- | M] () -- C:\Users\Asus\Desktop\Zentralverrieglung.pdf [2012.06.10 18:21:18 | 003,543,878 | ---- | M] () -- C:\Users\Asus\Desktop\Gaastra Web (1 von 1).jpg [2012.06.10 18:14:33 | 001,185,805 | ---- | M] () -- C:\Users\Asus\Desktop\Gaastra 3.jpg [2012.06.10 18:13:07 | 000,645,074 | ---- | M] () -- C:\Users\Asus\Desktop\gaastra2.jpg [2012.06.10 17:58:07 | 001,571,543 | ---- | M] () -- C:\Users\Asus\Desktop\Gaastra.jpg [2012.06.10 17:25:20 | 000,001,692 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-Bit.lnk [2012.06.07 14:08:34 | 001,497,632 | ---- | M] () -- C:\Users\Asus\Desktop\DSC01396.JPG ========== Files Created - No Company Name ========== [2012.07.06 12:55:34 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.06 11:10:11 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.06 10:48:40 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.07.04 22:25:27 | 000,001,881 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.24 14:16:10 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012.06.19 14:54:15 | 000,034,549 | ---- | C] () -- C:\Users\Asus\Desktop\Cap copy2.jpg [2012.06.19 12:06:59 | 000,001,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS4.lnk [2012.06.19 12:06:21 | 000,000,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk [2012.06.19 12:05:54 | 000,001,438 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk [2012.06.19 12:03:40 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk [2012.06.19 12:02:24 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk [2012.06.19 12:02:04 | 000,001,409 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk [2012.06.18 15:54:42 | 000,034,333 | ---- | C] () -- C:\Users\Asus\Desktop\Cap copy.jpg [2012.06.18 15:52:00 | 000,060,884 | ---- | C] () -- C:\Users\Asus\Desktop\Tshirt copy.jpg [2012.06.18 15:41:35 | 000,012,553 | ---- | C] () -- C:\Users\Asus\Desktop\Cap.jpg [2012.06.18 15:37:11 | 000,028,218 | ---- | C] () -- C:\Users\Asus\Desktop\Tshirt.jpg [2012.06.17 18:03:31 | 001,126,378 | ---- | C] () -- C:\Users\Asus\Desktop\Rechnungen.pdf [2012.06.14 15:55:06 | 000,721,607 | ---- | C] () -- C:\Users\Asus\Desktop\Zentralverrieglung.pdf [2012.06.10 18:21:17 | 003,543,878 | ---- | C] () -- C:\Users\Asus\Desktop\Gaastra Web (1 von 1).jpg [2012.06.10 18:14:32 | 001,185,805 | ---- | C] () -- C:\Users\Asus\Desktop\Gaastra 3.jpg [2012.06.10 17:25:20 | 000,001,692 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-Bit.lnk [2012.06.10 17:25:20 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-Bit.lnk [2012.06.07 16:12:45 | 001,497,632 | ---- | C] () -- C:\Users\Asus\Desktop\DSC01396.JPG [2011.10.06 16:51:27 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.23 13:35:12 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.23 13:35:11 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.23 13:35:09 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.08.21 17:38:59 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011.03.26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.03.26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.03.23 19:07:09 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.03.23 18:05:45 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2011.03.23 18:04:16 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2011.03.23 17:53:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.01.03 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\2K Sports [2011.08.21 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Asus WebStorage [2012.01.15 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Blender Foundation [2011.12.27 14:57:49 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Canneverbe Limited [2011.08.22 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DAEMON Tools Lite [2012.02.26 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DVDVideoSoft [2012.02.26 21:38:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.21 17:31:16 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Nuance [2012.05.08 17:23:58 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\redsn0w [2012.02.15 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\SoftGrid Client [2011.10.06 16:52:11 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TP [2012.01.02 13:29:27 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Ubisoft [2012.06.19 11:39:54 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\uTorrent [2011.08.21 17:31:12 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Zeon [2012.04.06 22:14:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.07.2012 12:52:39 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Asus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 59,33% Memory free
7,83 Gb Paging File | 6,18 Gb Available in Paging File | 79,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 33,11 Gb Free Space | 28,43% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 163,75 Gb Free Space | 49,95% Space Free | Partition Type: NTFS
Computer Name: SEV-PC | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FDCB43-F93B-4FAC-ABDB-95C4D8CF613D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{097C54E8-488A-4CE6-BFDB-FF56879FA42B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0AD76D7C-6C5B-499D-ACB1-850659E787A3}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{0BFC5CFA-426B-4875-B18E-F5713BB79C1A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{11642834-2B3D-425F-B97C-9E106CE6A2E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1417D5FC-4710-44AD-8626-792E03176AAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A3A83A1-D85E-4136-97CB-DC948FD6E9F5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{33AAFE0E-8165-4597-B3E3-8126C02A2FCF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{360BE0EF-BEE2-4328-BE99-4509DE0FB88F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E0E7B11-0A1F-4FD9-935F-63067244ECF8}" = lport=138 | protocol=17 | dir=in | app=system |
"{3ECBAA0F-97A4-4346-BB3F-B0CD3A315061}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{441A4B1C-789A-4FC0-9D32-1B5B91FF1BCE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4524E809-0CC5-4474-B395-06B94C24C452}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51F99F82-0AE6-4B3F-B9C9-75ACA7D737AD}" = rport=139 | protocol=6 | dir=out | app=system |
"{553F0C37-3A42-4BC9-9939-98E4B1A1EBCC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{657C222F-D4CE-44A0-9C79-D6D43C74B7E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69D917C9-7515-493C-A427-871AEBB981E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C774DEB-B09A-4609-90FC-B17A529B16A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{771D788D-A284-4CA8-8487-65EEBB7D2C23}" = lport=137 | protocol=17 | dir=in | app=system |
"{80706F2F-F94E-4F26-ABA2-30E6FA98C2C8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{85C7ED57-5D5D-41E6-80B5-EF798266C77E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{869331B0-6F49-41BF-92EC-054BE86BA15B}" = rport=445 | protocol=6 | dir=out | app=system |
"{8EC33CBB-21A2-4497-B466-EAA267193150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{915F83AB-44F2-4291-93DF-DE4480352904}" = rport=137 | protocol=17 | dir=out | app=system |
"{97073CBA-8CF7-4AE6-BA53-8D56D2CBE2B7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{99F611CE-9803-40AD-A428-FE76578C077A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC76833E-C93E-40E4-98D5-F26AF876F5D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B38301A6-146C-41A3-A219-84AAB9495934}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B3CC7A00-F059-4C35-89C8-BA496F273EEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B94E5B15-4311-4EE3-B2D0-C504BB5A8802}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2F97B58-D14A-48A5-A299-26561D1DCF91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4011AC7-97FF-4B78-BE7D-DDAE00E6E041}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB4EDF58-F96E-4BD4-BCCC-84BB7C0F251A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E57375F5-6C79-4676-B233-967C8AAE8316}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA52BB76-12EB-4737-9005-EB71D02715E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{F50F0E2E-EB2D-4B66-9C40-3A1C3FD3C74C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{FA1129F6-A792-403F-9E50-C287CB4A40C2}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005A6D36-7DC1-4C0B-9852-2262E8C5E27C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{01F7FC1D-DFA3-4FF3-8A17-E4F734C9EE6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{05161528-968F-4749-A01F-F2706926C180}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{05A4E8EA-F232-4F97-B7AB-9056B08554C8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0A5CAE5D-91B8-46D1-9D7D-5240F8E6AE5D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B130C37-187D-4863-B8ED-272D9657DD09}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0DB931A3-227C-4389-A814-F701FA7777DF}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\addonweb.exe |
"{0FF51ABF-37CE-486C-AF51-C91090B5DF6A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1362447C-859E-40C3-B442-9C4E11F9195C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{148E3313-82FE-4C7A-9F2E-5A6238034C7C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{19DCEAA1-512C-4795-9B54-B26E8EE0A41A}" = protocol=6 | dir=in | app=d:\spiele\nba 2k12\spiel-installiert\nba2k12.exe |
"{19E44384-E69F-4826-B88F-70A08DF188D2}" = protocol=17 | dir=in | app=d:\spiele\nba 2k12\spiel-installiert\nba2k12.exe |
"{1A66E2D2-0DBC-4575-B9A9-B16E1F5D403E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CAE8B9D-5162-41C0-BF16-28F987D9081D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1D0858FF-B91C-4786-A488-84B76B43DDB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{207F2DBD-588A-476F-8258-FA5436964277}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2552A6CD-0CEA-47F5-8EE4-637CC61DF773}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{26111C96-8C12-4C00-BD24-CC5AAC475FC7}" = protocol=6 | dir=in | app=d:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{34707B6B-2BBA-4579-BE7C-0A848B852CBE}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\initengine.exe |
"{34BC95EF-86E8-4D61-A559-CAB0BE9BD20C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34D6248C-F9AC-4A9E-9DA6-D2EFB83F87A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36C3E958-0529-459B-ACB9-11F4562367D3}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"{372C13EA-97C3-46F4-889B-2BD19185483C}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\addon.exe |
"{3B1A68A1-42D5-4B93-A850-23E585AE04A7}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\autopatcher.exe |
"{3D863E82-827F-4484-A749-55B4E0FF4CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3F45E171-CFB1-4A34-950B-036E8D1829EB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46702560-57DE-4DFA-B72E-CA6F38821B55}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4B187FDA-96E2-481E-83B4-A6821F960238}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5417570B-B9D7-4AFF-8A67-C1C1430A9BCF}" = protocol=17 | dir=in | app=d:\spiele\bf bc 2\bfbc2updater.exe |
"{57B0E798-02D4-4E18-94BD-9074F7AA8ED8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5C4FE4B3-AAD7-4686-8F94-268FF37E88B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{673CA1A8-4BBD-463E-B2B2-98280CEA7C7E}" = protocol=6 | dir=in | app=d:\spiele\stronghold 2\stronghold2.exe |
"{675F9365-5ACB-4B08-87B2-BAF8B7017E5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6C731C7B-FAB7-4736-8795-B4C0E88B3827}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6D5E79F5-1C06-4CEF-932E-8039CB4D7FC8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6F6259BB-AD2A-4ECB-BADF-4DF857AD2823}" = protocol=6 | dir=in | app=d:\spiele\bf bc 2\bfbc2updater.exe |
"{72961851-ACEC-4B46-8285-4D5AB849C16A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{768AD535-5648-4C8F-9A04-1A3F9A754AA8}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\initengine.exe |
"{7DA37918-0F75-4FB7-8CE9-C242332490B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83069DDD-6544-4503-AA93-B818F544B26D}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\anno5.exe |
"{8CA4F19B-2FBC-4804-A873-9E3B931D4FB3}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\addon.exe |
"{91BB79CF-DB4E-4E88-AED8-AF3867314F86}" = protocol=17 | dir=in | app=d:\spiele\stronghold 2\stronghold2.exe |
"{95D78B14-5F98-49AB-9A96-456C2228D402}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{96280C26-DB2B-484F-879A-EC93BE8E5E5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A0125E4A-0731-4913-B7AC-9A21A4393886}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1E86BA7-5C47-452B-A2A6-DFB037190869}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2401925-ABF3-4DBF-B6FE-86942A228529}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A36709A3-23E2-4C27-A3AF-71194CA10585}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3A517AD-368C-4043-B2B2-2E589B739E48}" = dir=in | app=c:\users\asus\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A4B083C4-E155-4363-99BE-5FA48D87F684}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\addonweb.exe |
"{A5D7FF95-B460-47E4-825A-D1F2AE98D04D}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\anno5.exe |
"{A70DB4F6-AF11-46E7-A010-B9CCF5E20E05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A87FD830-5853-420A-BB16-D445E5044034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7B85804-EB79-4BA6-914C-58AC0E571098}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BE129D84-AAA1-4F3B-8CFB-739163DEAD8F}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\autopatcher.exe |
"{C7E370CC-A6E8-4C3E-A07B-E0C41E97633E}" = protocol=6 | dir=out | app=system |
"{C9AF2771-813E-4C8F-8CF0-9ABE383D8954}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CE60356A-9F15-4E91-9FD7-71A4309CDBBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D44D2EF7-94B1-4E65-9B2B-8F62A118412A}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\anno4.exe |
"{D7950F53-2383-4B8A-B712-9D9CD9FABCB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E2DF6A83-8762-495D-A626-481EE1A3395E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E47EBDB9-47AA-447F-B5D3-A1B70DFF0506}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E7675E07-D020-4E33-86E2-0A2DDA793240}" = protocol=17 | dir=in | app=d:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{E85E0065-0575-4058-BA48-744347B82BFE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA32B7DA-C902-4951-9A06-65BF04FA5706}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EB67A37A-00F3-41F4-9333-CD1E83E84D07}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBF62DEC-6843-4EDB-BC2A-D3856AEFD2DA}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\anno4.exe |
"{EFEC6E93-D4DA-4FCC-9E01-D5D24A1D9264}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FF699F6A-6D54-4B5A-941B-8DDA84BD7915}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"TCP Query User{0E415485-9F3E-41A9-BBDC-29D1F0E3A7DD}D:\spiele\stronghold 3\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold 3\stronghold 3\bin\win32_release\stronghold3.exe |
"TCP Query User{18710469-CB84-41E7-BFCF-9D559E33ACA1}D:\spiele\hl.exe" = protocol=6 | dir=in | app=d:\spiele\hl.exe |
"TCP Query User{2BC0F941-E20A-451E-BDE8-296C4DC7C546}D:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=d:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe |
"TCP Query User{389B9DC5-5DBE-444C-94A4-E43028E2358D}D:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=d:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe |
"TCP Query User{39BE8CB0-FD50-4F9F-B54C-CD8275C63F67}D:\spiele\cs source\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\cs source\counter strike source 2010\hl2.exe |
"TCP Query User{4A6B724A-BCC5-4AA9-97F1-09D3D36A60B7}D:\spiele\cs 1.6\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs 1.6\hl.exe |
"TCP Query User{9363ED42-FAC5-4266-8203-03676E7F80FC}D:\spiele\counter strike online\hl.exe" = protocol=6 | dir=in | app=d:\spiele\counter strike online\hl.exe |
"TCP Query User{A414FE28-C01F-4FD2-89C8-BA026679B500}D:\spiele\counter strike online\das spiel\hl.exe" = protocol=6 | dir=in | app=d:\spiele\counter strike online\das spiel\hl.exe |
"TCP Query User{ADB301E3-637E-4278-9D99-3DA3CA198D71}D:\counter-strike cs 1.6 p47\counter-strike cs 1.6 p47\hl.exe" = protocol=6 | dir=in | app=d:\counter-strike cs 1.6 p47\counter-strike cs 1.6 p47\hl.exe |
"TCP Query User{C2B55CCB-BD57-4B91-B925-BB98822F27A9}D:\spiele\stronghold c-extreme\stronghold_crusader_extreme.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold c-extreme\stronghold_crusader_extreme.exe |
"TCP Query User{CAEE6142-E3F3-41E0-961B-81441449FE23}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{E7FA7E9A-FF27-4952-B9A9-3657DB4593C1}D:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=d:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"TCP Query User{F67EF276-57E2-44BB-B536-B1806380F751}D:\spiele\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\addonweb.exe |
"TCP Query User{FBC1B9E3-2684-41D9-859A-B95839577A1A}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{FC280DA9-6956-4B38-99C1-2DF24691CC73}D:\spiele\bf vietnam\bf vietnam\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=d:\spiele\bf vietnam\bf vietnam\battlefield vietnam\bfvietnam.exe |
"UDP Query User{0548F127-B59D-419E-8E71-C0B967C9C120}D:\spiele\cs 1.6\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs 1.6\hl.exe |
"UDP Query User{2AC9BEB5-D59B-4920-9219-DABE67F42C4B}D:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=d:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"UDP Query User{2C3D1C0E-21A8-413D-B975-F30632DEF68A}D:\counter-strike cs 1.6 p47\counter-strike cs 1.6 p47\hl.exe" = protocol=17 | dir=in | app=d:\counter-strike cs 1.6 p47\counter-strike cs 1.6 p47\hl.exe |
"UDP Query User{4FB16DD6-96E7-475C-B44C-30023D0885B6}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{64A7EABD-056C-4DF0-8820-A5F22ED561AC}D:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=d:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe |
"UDP Query User{734FDA82-F4C0-42C7-9EBF-7E84A7EDA10D}D:\spiele\bf vietnam\bf vietnam\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=d:\spiele\bf vietnam\bf vietnam\battlefield vietnam\bfvietnam.exe |
"UDP Query User{81393D73-6283-4476-BD0B-E3A1939FE2FE}D:\spiele\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\addonweb.exe |
"UDP Query User{AEDB6D03-D05A-487C-84E7-6A617085E272}D:\spiele\stronghold 3\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold 3\stronghold 3\bin\win32_release\stronghold3.exe |
"UDP Query User{C0269C21-5F4A-4FD5-8149-83A06076C5DD}D:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=d:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe |
"UDP Query User{C2321C6E-B382-4F5B-9E4D-06660C7F8197}D:\spiele\counter strike online\das spiel\hl.exe" = protocol=17 | dir=in | app=d:\spiele\counter strike online\das spiel\hl.exe |
"UDP Query User{C483A7E8-78A5-414B-84BC-09D23689DFDC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{CF373D34-7142-4F12-BC8A-C83759D747FF}D:\spiele\cs source\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\cs source\counter strike source 2010\hl2.exe |
"UDP Query User{DE752CFB-96EF-4090-90E5-87EE58FDAC38}D:\spiele\hl.exe" = protocol=17 | dir=in | app=d:\spiele\hl.exe |
"UDP Query User{EF721653-6927-4EF2-9977-B907C20507C8}D:\spiele\stronghold c-extreme\stronghold_crusader_extreme.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold c-extreme\stronghold_crusader_extreme.exe |
"UDP Query User{FC53C97E-1999-42B2-8602-BF83AB4EA21E}D:\spiele\counter strike online\hl.exe" = protocol=17 | dir=in | app=d:\spiele\counter strike online\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Blender" = Blender
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venice
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Fallout New Vegas_is1" = Fallout New Vegas
"Free Audio Converter_is1" = Free Audio Converter version 5.0.4.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IsoBuster_is1" = IsoBuster 2.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PunkBusterSvc" = PunkBuster Services
"Stronghold 3_is1" = Stronghold 3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Counter-Strike" = Counter-Strike
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.06.2012 11:22:38 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.06.2012 11:22:38 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9672
Error - 22.06.2012 11:22:38 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9672
Error - 22.06.2012 11:22:39 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.06.2012 11:22:39 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10701
Error - 22.06.2012 11:22:39 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10701
Error - 22.06.2012 20:04:01 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.06.2012 20:04:01 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31292833
Error - 22.06.2012 20:04:01 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31292833
Error - 22.06.2012 20:16:33 | Computer Name = Sev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
Version: 11.3.300.262, Zeitstempel: 0x4fe20fae Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll,
Version: 11.3.300.262, Zeitstempel: 0x4fe21212 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001983cd ID des fehlerhaften Prozesses: 0x594 Startzeit der fehlerhaften Anwendung:
0x01cd50558ba63df9 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
Berichtskennung:
afb15390-bcc8-11e1-9918-bcaec550397b
[ System Events ]
Error - 08.03.2012 10:05:55 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 08.03.2012 10:34:52 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 06:58:11 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 07:34:09 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 07:58:11 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 08:34:13 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 09:10:09 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 09:34:08 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 10:10:09 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 22:01:44 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
< End of report >
|
|
06.07.2012, 12:17
| #5 |
| | GVU Trojaner....leider :-(Code:
ATTFilter OTL logfile created on: 06.07.2012 12:52:39 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Asus\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 59,33% Memory free 7,83 Gb Paging File | 6,18 Gb Available in Paging File | 79,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 33,11 Gb Free Space | 28,43% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 163,75 Gb Free Space | 49,95% Space Free | Partition Type: NTFS Computer Name: SEV-PC | User Name: Asus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.05 14:24:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe PRC - [2012.06.22 10:48:23 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.06.22 10:47:01 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.08.23 13:35:11 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.08.21 17:43:22 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.05.20 11:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.03.23 19:58:32 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.08.17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2012.06.22 10:48:23 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.06.22 10:47:00 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2010.11.30 22:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV:64bit: - [2010.04.17 01:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.06.22 10:48:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.19 11:59:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.23 13:35:11 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.08.21 17:43:22 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.03.01 02:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.08.25 19:10:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.08.25 19:10:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.08.22 18:35:33 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.14 18:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010.09.14 04:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.08.03 12:43:13 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.06.23 03:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.17 01:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.03.02 10:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.06.25 09:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) DRV:64bit: - [2007.06.25 09:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117obex.sys -- (s117obex) DRV:64bit: - [2007.06.25 09:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) DRV:64bit: - [2007.06.25 09:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdm.sys -- (s117mdm) DRV:64bit: - [2007.06.25 09:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2007.06.25 09:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdfl.sys -- (s117mdfl) DRV:64bit: - [2007.06.25 09:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM) DRV - [2011.05.25 19:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Englische Ergebnisse" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.http: "188.93.20.179" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Asus\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.03.23 19:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.04 21:46:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.22 10:48:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.25 00:51:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.22 10:48:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.25 00:51:17 | 000,000,000 | ---D | M] [2011.08.21 17:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions [2012.06.29 16:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\xochirt8.default\extensions [2012.06.27 21:09:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\xochirt8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.02.26 21:38:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\xochirt8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.25 22:25:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\xochirt8.default\extensions\firefox@tvunetworks.com [2011.08.21 17:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.17 16:10:03 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOCHIRT8.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.06.29 16:58:42 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XOCHIRT8.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.22 10:48:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.22 10:48:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Asus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Asus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BB27F3-D1B0-4A2E-82A7-CC0178C6AD49}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{96b38b31-cca7-11e0-8727-bcaec550397b}\Shell - "" = AutoRun O33 - MountPoints2\{96b38b31-cca7-11e0-8727-bcaec550397b}\Shell\AutoRun\command - "" = G:\setup.exe /autorun O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.06 12:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.06 12:15:30 | 000,000,000 | ---D | C] -- C:\Users\Asus\4.0 [2012.07.06 12:15:28 | 000,000,000 | ---D | C] -- C:\Users\Asus\.tfo4 [2012.07.06 11:10:18 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Malwarebytes [2012.07.06 11:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.06 11:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.06 11:10:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.06 11:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.06 10:40:02 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.06 10:35:00 | 000,252,712 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\ETDUninst.dll [2012.07.05 14:24:43 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe [2012.06.24 14:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.06.24 14:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2012.06.22 10:48:57 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\Macromedia [2012.06.21 10:23:01 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.21 10:23:01 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.21 10:23:01 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.21 10:22:55 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.21 10:22:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.21 10:22:55 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.21 10:22:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.21 10:22:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.19 12:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012.06.19 12:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012.06.19 12:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2012.06.19 12:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.06.14 14:55:22 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 14:55:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 14:55:10 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.14 14:55:08 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 14:55:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 14:55:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 14:55:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 14:55:05 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 14:55:05 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 14:54:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.14 14:54:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.14 14:54:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.14 14:54:44 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.14 14:54:42 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.14 14:54:41 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.14 14:54:40 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.14 14:54:33 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.14 14:54:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.10 17:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.06.10 16:43:17 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\8°° Session ========== Files - Modified Within 30 Days ========== [2012.07.06 12:55:34 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.06 12:52:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 12:52:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 12:49:51 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.06 12:49:51 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.06 12:49:51 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.06 12:49:51 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.06 12:49:51 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.06 12:45:59 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.07.06 12:45:55 | 000,002,220 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.07.06 12:45:53 | 000,001,329 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.07.06 12:45:39 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2012.07.06 12:45:37 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2012.07.06 12:45:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.06 12:45:21 | 3151,900,672 | -HS- | M] () -- C:\hiberfil.sys [2012.07.06 11:10:11 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.06 10:49:37 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll [2012.07.06 10:49:06 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe [2012.07.06 10:48:40 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.07.06 10:40:21 | 000,001,881 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.05 14:24:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Asus\Desktop\OTL.exe [2012.07.02 10:26:47 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.24 14:16:10 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012.06.22 10:47:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.22 10:47:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.22 10:45:42 | 003,266,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.19 14:56:09 | 000,034,333 | ---- | M] () -- C:\Users\Asus\Desktop\Cap copy.jpg [2012.06.19 14:54:18 | 000,034,549 | ---- | M] () -- C:\Users\Asus\Desktop\Cap copy2.jpg [2012.06.18 15:59:37 | 000,060,884 | ---- | M] () -- C:\Users\Asus\Desktop\Tshirt copy.jpg [2012.06.18 15:41:36 | 000,012,553 | ---- | M] () -- C:\Users\Asus\Desktop\Cap.jpg [2012.06.18 15:37:12 | 000,028,218 | ---- | M] () -- C:\Users\Asus\Desktop\Tshirt.jpg [2012.06.17 18:03:31 | 001,126,378 | ---- | M] () -- C:\Users\Asus\Desktop\Rechnungen.pdf [2012.06.14 15:55:06 | 000,721,607 | ---- | M] () -- C:\Users\Asus\Desktop\Zentralverrieglung.pdf [2012.06.10 18:21:18 | 003,543,878 | ---- | M] () -- C:\Users\Asus\Desktop\Gaastra Web (1 von 1).jpg [2012.06.10 18:14:33 | 001,185,805 | ---- | M] () -- C:\Users\Asus\Desktop\Gaastra 3.jpg [2012.06.10 18:13:07 | 000,645,074 | ---- | M] () -- C:\Users\Asus\Desktop\gaastra2.jpg [2012.06.10 17:58:07 | 001,571,543 | ---- | M] () -- C:\Users\Asus\Desktop\Gaastra.jpg [2012.06.10 17:25:20 | 000,001,692 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-Bit.lnk [2012.06.07 14:08:34 | 001,497,632 | ---- | M] () -- C:\Users\Asus\Desktop\DSC01396.JPG ========== Files Created - No Company Name ========== [2012.07.06 12:55:34 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.06 11:10:11 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.06 10:48:40 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.07.04 22:25:27 | 000,001,881 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.24 14:16:10 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012.06.19 14:54:15 | 000,034,549 | ---- | C] () -- C:\Users\Asus\Desktop\Cap copy2.jpg [2012.06.19 12:06:59 | 000,001,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS4.lnk [2012.06.19 12:06:21 | 000,000,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk [2012.06.19 12:05:54 | 000,001,438 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk [2012.06.19 12:03:40 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk [2012.06.19 12:02:24 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk [2012.06.19 12:02:04 | 000,001,409 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk [2012.06.18 15:54:42 | 000,034,333 | ---- | C] () -- C:\Users\Asus\Desktop\Cap copy.jpg [2012.06.18 15:52:00 | 000,060,884 | ---- | C] () -- C:\Users\Asus\Desktop\Tshirt copy.jpg [2012.06.18 15:41:35 | 000,012,553 | ---- | C] () -- C:\Users\Asus\Desktop\Cap.jpg [2012.06.18 15:37:11 | 000,028,218 | ---- | C] () -- C:\Users\Asus\Desktop\Tshirt.jpg [2012.06.17 18:03:31 | 001,126,378 | ---- | C] () -- C:\Users\Asus\Desktop\Rechnungen.pdf [2012.06.14 15:55:06 | 000,721,607 | ---- | C] () -- C:\Users\Asus\Desktop\Zentralverrieglung.pdf [2012.06.10 18:21:17 | 003,543,878 | ---- | C] () -- C:\Users\Asus\Desktop\Gaastra Web (1 von 1).jpg [2012.06.10 18:14:32 | 001,185,805 | ---- | C] () -- C:\Users\Asus\Desktop\Gaastra 3.jpg [2012.06.10 17:25:20 | 000,001,692 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-Bit.lnk [2012.06.10 17:25:20 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-Bit.lnk [2012.06.07 16:12:45 | 001,497,632 | ---- | C] () -- C:\Users\Asus\Desktop\DSC01396.JPG [2011.10.06 16:51:27 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.23 13:35:12 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.23 13:35:11 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.23 13:35:09 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.08.21 17:38:59 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011.03.26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.03.26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.03.23 19:07:09 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.03.23 18:05:45 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2011.03.23 18:04:16 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2011.03.23 17:53:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.01.03 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\2K Sports [2011.08.21 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Asus WebStorage [2012.01.15 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Blender Foundation [2011.12.27 14:57:49 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Canneverbe Limited [2011.08.22 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DAEMON Tools Lite [2012.02.26 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DVDVideoSoft [2012.02.26 21:38:03 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.21 17:31:16 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Nuance [2012.05.08 17:23:58 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\redsn0w [2012.02.15 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\SoftGrid Client [2011.10.06 16:52:11 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\TP [2012.01.02 13:29:27 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Ubisoft [2012.06.19 11:39:54 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\uTorrent [2011.08.21 17:31:12 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\Zeon [2012.04.06 22:14:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.07.2012 12:52:39 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Asus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 59,33% Memory free
7,83 Gb Paging File | 6,18 Gb Available in Paging File | 79,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 33,11 Gb Free Space | 28,43% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 163,75 Gb Free Space | 49,95% Space Free | Partition Type: NTFS
Computer Name: SEV-PC | User Name: Asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FDCB43-F93B-4FAC-ABDB-95C4D8CF613D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{097C54E8-488A-4CE6-BFDB-FF56879FA42B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0AD76D7C-6C5B-499D-ACB1-850659E787A3}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{0BFC5CFA-426B-4875-B18E-F5713BB79C1A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{11642834-2B3D-425F-B97C-9E106CE6A2E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1417D5FC-4710-44AD-8626-792E03176AAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A3A83A1-D85E-4136-97CB-DC948FD6E9F5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{33AAFE0E-8165-4597-B3E3-8126C02A2FCF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{360BE0EF-BEE2-4328-BE99-4509DE0FB88F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E0E7B11-0A1F-4FD9-935F-63067244ECF8}" = lport=138 | protocol=17 | dir=in | app=system |
"{3ECBAA0F-97A4-4346-BB3F-B0CD3A315061}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{441A4B1C-789A-4FC0-9D32-1B5B91FF1BCE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4524E809-0CC5-4474-B395-06B94C24C452}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51F99F82-0AE6-4B3F-B9C9-75ACA7D737AD}" = rport=139 | protocol=6 | dir=out | app=system |
"{553F0C37-3A42-4BC9-9939-98E4B1A1EBCC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{657C222F-D4CE-44A0-9C79-D6D43C74B7E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69D917C9-7515-493C-A427-871AEBB981E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C774DEB-B09A-4609-90FC-B17A529B16A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{771D788D-A284-4CA8-8487-65EEBB7D2C23}" = lport=137 | protocol=17 | dir=in | app=system |
"{80706F2F-F94E-4F26-ABA2-30E6FA98C2C8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{85C7ED57-5D5D-41E6-80B5-EF798266C77E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{869331B0-6F49-41BF-92EC-054BE86BA15B}" = rport=445 | protocol=6 | dir=out | app=system |
"{8EC33CBB-21A2-4497-B466-EAA267193150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{915F83AB-44F2-4291-93DF-DE4480352904}" = rport=137 | protocol=17 | dir=out | app=system |
"{97073CBA-8CF7-4AE6-BA53-8D56D2CBE2B7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{99F611CE-9803-40AD-A428-FE76578C077A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC76833E-C93E-40E4-98D5-F26AF876F5D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B38301A6-146C-41A3-A219-84AAB9495934}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B3CC7A00-F059-4C35-89C8-BA496F273EEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B94E5B15-4311-4EE3-B2D0-C504BB5A8802}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2F97B58-D14A-48A5-A299-26561D1DCF91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4011AC7-97FF-4B78-BE7D-DDAE00E6E041}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB4EDF58-F96E-4BD4-BCCC-84BB7C0F251A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E57375F5-6C79-4676-B233-967C8AAE8316}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA52BB76-12EB-4737-9005-EB71D02715E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{F50F0E2E-EB2D-4B66-9C40-3A1C3FD3C74C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{FA1129F6-A792-403F-9E50-C287CB4A40C2}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005A6D36-7DC1-4C0B-9852-2262E8C5E27C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{01F7FC1D-DFA3-4FF3-8A17-E4F734C9EE6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{05161528-968F-4749-A01F-F2706926C180}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{05A4E8EA-F232-4F97-B7AB-9056B08554C8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0A5CAE5D-91B8-46D1-9D7D-5240F8E6AE5D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B130C37-187D-4863-B8ED-272D9657DD09}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0DB931A3-227C-4389-A814-F701FA7777DF}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\addonweb.exe |
"{0FF51ABF-37CE-486C-AF51-C91090B5DF6A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1362447C-859E-40C3-B442-9C4E11F9195C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{148E3313-82FE-4C7A-9F2E-5A6238034C7C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{19DCEAA1-512C-4795-9B54-B26E8EE0A41A}" = protocol=6 | dir=in | app=d:\spiele\nba 2k12\spiel-installiert\nba2k12.exe |
"{19E44384-E69F-4826-B88F-70A08DF188D2}" = protocol=17 | dir=in | app=d:\spiele\nba 2k12\spiel-installiert\nba2k12.exe |
"{1A66E2D2-0DBC-4575-B9A9-B16E1F5D403E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CAE8B9D-5162-41C0-BF16-28F987D9081D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1D0858FF-B91C-4786-A488-84B76B43DDB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{207F2DBD-588A-476F-8258-FA5436964277}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2552A6CD-0CEA-47F5-8EE4-637CC61DF773}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{26111C96-8C12-4C00-BD24-CC5AAC475FC7}" = protocol=6 | dir=in | app=d:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{34707B6B-2BBA-4579-BE7C-0A848B852CBE}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\initengine.exe |
"{34BC95EF-86E8-4D61-A559-CAB0BE9BD20C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34D6248C-F9AC-4A9E-9DA6-D2EFB83F87A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36C3E958-0529-459B-ACB9-11F4562367D3}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"{372C13EA-97C3-46F4-889B-2BD19185483C}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\addon.exe |
"{3B1A68A1-42D5-4B93-A850-23E585AE04A7}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\autopatcher.exe |
"{3D863E82-827F-4484-A749-55B4E0FF4CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3F45E171-CFB1-4A34-950B-036E8D1829EB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46702560-57DE-4DFA-B72E-CA6F38821B55}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4B187FDA-96E2-481E-83B4-A6821F960238}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5417570B-B9D7-4AFF-8A67-C1C1430A9BCF}" = protocol=17 | dir=in | app=d:\spiele\bf bc 2\bfbc2updater.exe |
"{57B0E798-02D4-4E18-94BD-9074F7AA8ED8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5C4FE4B3-AAD7-4686-8F94-268FF37E88B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{673CA1A8-4BBD-463E-B2B2-98280CEA7C7E}" = protocol=6 | dir=in | app=d:\spiele\stronghold 2\stronghold2.exe |
"{675F9365-5ACB-4B08-87B2-BAF8B7017E5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6C731C7B-FAB7-4736-8795-B4C0E88B3827}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6D5E79F5-1C06-4CEF-932E-8039CB4D7FC8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6F6259BB-AD2A-4ECB-BADF-4DF857AD2823}" = protocol=6 | dir=in | app=d:\spiele\bf bc 2\bfbc2updater.exe |
"{72961851-ACEC-4B46-8285-4D5AB849C16A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{768AD535-5648-4C8F-9A04-1A3F9A754AA8}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\initengine.exe |
"{7DA37918-0F75-4FB7-8CE9-C242332490B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83069DDD-6544-4503-AA93-B818F544B26D}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\anno5.exe |
"{8CA4F19B-2FBC-4804-A873-9E3B931D4FB3}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\addon.exe |
"{91BB79CF-DB4E-4E88-AED8-AF3867314F86}" = protocol=17 | dir=in | app=d:\spiele\stronghold 2\stronghold2.exe |
"{95D78B14-5F98-49AB-9A96-456C2228D402}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{96280C26-DB2B-484F-879A-EC93BE8E5E5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A0125E4A-0731-4913-B7AC-9A21A4393886}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1E86BA7-5C47-452B-A2A6-DFB037190869}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2401925-ABF3-4DBF-B6FE-86942A228529}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A36709A3-23E2-4C27-A3AF-71194CA10585}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3A517AD-368C-4043-B2B2-2E589B739E48}" = dir=in | app=c:\users\asus\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A4B083C4-E155-4363-99BE-5FA48D87F684}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\addonweb.exe |
"{A5D7FF95-B460-47E4-825A-D1F2AE98D04D}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\anno5.exe |
"{A70DB4F6-AF11-46E7-A010-B9CCF5E20E05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A87FD830-5853-420A-BB16-D445E5044034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7B85804-EB79-4BA6-914C-58AC0E571098}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BE129D84-AAA1-4F3B-8CFB-739163DEAD8F}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\anno.2070-reloaded\spiel-installiert\autopatcher.exe |
"{C7E370CC-A6E8-4C3E-A07B-E0C41E97633E}" = protocol=6 | dir=out | app=system |
"{C9AF2771-813E-4C8F-8CF0-9ABE383D8954}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CE60356A-9F15-4E91-9FD7-71A4309CDBBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D44D2EF7-94B1-4E65-9B2B-8F62A118412A}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\anno4.exe |
"{D7950F53-2383-4B8A-B712-9D9CD9FABCB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E2DF6A83-8762-495D-A626-481EE1A3395E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E47EBDB9-47AA-447F-B5D3-A1B70DFF0506}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E7675E07-D020-4E33-86E2-0A2DDA793240}" = protocol=17 | dir=in | app=d:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{E85E0065-0575-4058-BA48-744347B82BFE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EA32B7DA-C902-4951-9A06-65BF04FA5706}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EB67A37A-00F3-41F4-9333-CD1E83E84D07}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBF62DEC-6843-4EDB-BC2A-D3856AEFD2DA}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\anno4.exe |
"{EFEC6E93-D4DA-4FCC-9E01-D5D24A1D9264}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FF699F6A-6D54-4B5A-941B-8DDA84BD7915}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"TCP Query User{0E415485-9F3E-41A9-BBDC-29D1F0E3A7DD}D:\spiele\stronghold 3\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold 3\stronghold 3\bin\win32_release\stronghold3.exe |
"TCP Query User{18710469-CB84-41E7-BFCF-9D559E33ACA1}D:\spiele\hl.exe" = protocol=6 | dir=in | app=d:\spiele\hl.exe |
"TCP Query User{2BC0F941-E20A-451E-BDE8-296C4DC7C546}D:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=d:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe |
"TCP Query User{389B9DC5-5DBE-444C-94A4-E43028E2358D}D:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=d:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe |
"TCP Query User{39BE8CB0-FD50-4F9F-B54C-CD8275C63F67}D:\spiele\cs source\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\cs source\counter strike source 2010\hl2.exe |
"TCP Query User{4A6B724A-BCC5-4AA9-97F1-09D3D36A60B7}D:\spiele\cs 1.6\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs 1.6\hl.exe |
"TCP Query User{9363ED42-FAC5-4266-8203-03676E7F80FC}D:\spiele\counter strike online\hl.exe" = protocol=6 | dir=in | app=d:\spiele\counter strike online\hl.exe |
"TCP Query User{A414FE28-C01F-4FD2-89C8-BA026679B500}D:\spiele\counter strike online\das spiel\hl.exe" = protocol=6 | dir=in | app=d:\spiele\counter strike online\das spiel\hl.exe |
"TCP Query User{ADB301E3-637E-4278-9D99-3DA3CA198D71}D:\counter-strike cs 1.6 p47\counter-strike cs 1.6 p47\hl.exe" = protocol=6 | dir=in | app=d:\counter-strike cs 1.6 p47\counter-strike cs 1.6 p47\hl.exe |
"TCP Query User{C2B55CCB-BD57-4B91-B925-BB98822F27A9}D:\spiele\stronghold c-extreme\stronghold_crusader_extreme.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold c-extreme\stronghold_crusader_extreme.exe |
"TCP Query User{CAEE6142-E3F3-41E0-961B-81441449FE23}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{E7FA7E9A-FF27-4952-B9A9-3657DB4593C1}D:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=d:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"TCP Query User{F67EF276-57E2-44BB-B536-B1806380F751}D:\spiele\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\addonweb.exe |
"TCP Query User{FBC1B9E3-2684-41D9-859A-B95839577A1A}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{FC280DA9-6956-4B38-99C1-2DF24691CC73}D:\spiele\bf vietnam\bf vietnam\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=d:\spiele\bf vietnam\bf vietnam\battlefield vietnam\bfvietnam.exe |
"UDP Query User{0548F127-B59D-419E-8E71-C0B967C9C120}D:\spiele\cs 1.6\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs 1.6\hl.exe |
"UDP Query User{2AC9BEB5-D59B-4920-9219-DABE67F42C4B}D:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=d:\spiele\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"UDP Query User{2C3D1C0E-21A8-413D-B975-F30632DEF68A}D:\counter-strike cs 1.6 p47\counter-strike cs 1.6 p47\hl.exe" = protocol=17 | dir=in | app=d:\counter-strike cs 1.6 p47\counter-strike cs 1.6 p47\hl.exe |
"UDP Query User{4FB16DD6-96E7-475C-B44C-30023D0885B6}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{64A7EABD-056C-4DF0-8820-A5F22ED561AC}D:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=d:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe |
"UDP Query User{734FDA82-F4C0-42C7-9EBF-7E84A7EDA10D}D:\spiele\bf vietnam\bf vietnam\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=d:\spiele\bf vietnam\bf vietnam\battlefield vietnam\bfvietnam.exe |
"UDP Query User{81393D73-6283-4476-BD0B-E3A1939FE2FE}D:\spiele\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\addonweb.exe |
"UDP Query User{AEDB6D03-D05A-487C-84E7-6A617085E272}D:\spiele\stronghold 3\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold 3\stronghold 3\bin\win32_release\stronghold3.exe |
"UDP Query User{C0269C21-5F4A-4FD5-8149-83A06076C5DD}D:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=d:\spiele\cod bo\call of duty - black ops\call of duty - black ops\blackops.exe |
"UDP Query User{C2321C6E-B382-4F5B-9E4D-06660C7F8197}D:\spiele\counter strike online\das spiel\hl.exe" = protocol=17 | dir=in | app=d:\spiele\counter strike online\das spiel\hl.exe |
"UDP Query User{C483A7E8-78A5-414B-84BC-09D23689DFDC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{CF373D34-7142-4F12-BC8A-C83759D747FF}D:\spiele\cs source\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\cs source\counter strike source 2010\hl2.exe |
"UDP Query User{DE752CFB-96EF-4090-90E5-87EE58FDAC38}D:\spiele\hl.exe" = protocol=17 | dir=in | app=d:\spiele\hl.exe |
"UDP Query User{EF721653-6927-4EF2-9977-B907C20507C8}D:\spiele\stronghold c-extreme\stronghold_crusader_extreme.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold c-extreme\stronghold_crusader_extreme.exe |
"UDP Query User{FC53C97E-1999-42B2-8602-BF83AB4EA21E}D:\spiele\counter strike online\hl.exe" = protocol=17 | dir=in | app=d:\spiele\counter strike online\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Blender" = Blender
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venice
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Fallout New Vegas_is1" = Fallout New Vegas
"Free Audio Converter_is1" = Free Audio Converter version 5.0.4.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IsoBuster_is1" = IsoBuster 2.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PunkBusterSvc" = PunkBuster Services
"Stronghold 3_is1" = Stronghold 3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Counter-Strike" = Counter-Strike
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.06.2012 11:22:38 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.06.2012 11:22:38 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9672
Error - 22.06.2012 11:22:38 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9672
Error - 22.06.2012 11:22:39 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.06.2012 11:22:39 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10701
Error - 22.06.2012 11:22:39 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10701
Error - 22.06.2012 20:04:01 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.06.2012 20:04:01 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31292833
Error - 22.06.2012 20:04:01 | Computer Name = Sev-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31292833
Error - 22.06.2012 20:16:33 | Computer Name = Sev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
Version: 11.3.300.262, Zeitstempel: 0x4fe20fae Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll,
Version: 11.3.300.262, Zeitstempel: 0x4fe21212 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001983cd ID des fehlerhaften Prozesses: 0x594 Startzeit der fehlerhaften Anwendung:
0x01cd50558ba63df9 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
Berichtskennung:
afb15390-bcc8-11e1-9918-bcaec550397b
[ System Events ]
Error - 08.03.2012 10:05:55 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 08.03.2012 10:34:52 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 06:58:11 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 07:34:09 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 07:58:11 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 08:34:13 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 09:10:09 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 09:34:08 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 10:10:09 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
Error - 10.03.2012 22:01:44 | Computer Name = Sev-PC | Source = bowser | ID = 8003
Description =
< End of report >
|
|
06.07.2012, 23:33
| #6 | |
| /// Helfer-Team | GVU Trojaner....leider :-( hi... - Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizieren  - Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um: Code:
ATTFilter D:\Programme\Photoshop\www.torrent.to...Adobe.Photoshop.Lightroom.v4.1.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Programme\Photoshop\www.torrent.to...Adobe.Photoshop.Lightroom.v4.1.Multilingual.Incl.Keymaker-CORE\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Spiele\Anno 2070\Anno.2070-RELOADED\Spiel-Installiert\solidcore32.dll (Trojan.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Spiele\BF BC 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
** Du solltest in so einem Fall mal dein Konsummuster überdenken  Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne Malware bzw gerackte Software -> Empfehle ich Dir NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von... -> Ich möchte dich darauf hinweisen, dass wir bei Verwendung von Keygens & Cracks keine Beihilfe leisten wollen! :-> Forumregel:- Cracks, Keygens und andere illegale Software Zitat:
__________________ --> GVU Trojaner....leider :-( |
|
| Themen zu GVU Trojaner....leider :-( |
| 7-zip, adobe, bho, black, bonjour, call of duty, conduit, converter, defender, document, error, firefox, flash player, focus, format, gfnexsrv.exe, helper, home, install.exe, limited.com/facebook, microsoft office word, mozilla, mp3, nvidia update, nvpciflt.sys, photoshop, plug-ins, port, realtek, registry, rundll, scan, searchscopes, security, sketchup, software, svchost.exe, trojaner, udp, usb 2.0, windows, wscript.exe |
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
.
Linear-Darstellung
