| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.07.2012, 22:07
| #1 |
| |  Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? Hej! Heute hat der Bundespolizei-Trojaner ("Ihr Computer wurde gesperrt", zahle 100 EUR) auch mich erwischt. Nach einigem Suchen bin ich auf dem Trojaner Board gelandet und hoffe, hier nun fachkundigen Rat zu bekommen. Windows funktioniert im abgesicherten Modus mit Netzwerkunterstuetzung, aber nicht im normalen Modus - egal, welchen Account ich nutze. Hier ist der Malwarebyte's Log: Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.11.06 Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Nosferatu :: NOSFERATU-PC [administrator] Protection: Disabled 07/11/2012 16:49:10 mbam-log-2012-07-11 (16-49-10).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 407274 Time elapsed: 1 hour(s), 27 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\Nosferatu\AppData\Local\dgnbbkkq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Nosferatu\AppData\Local\Temp\liquid9638568.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Nosferatu\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully. C:\Users\Nosferatu\0.18070148964744925.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Nosferatu\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully. (end) OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 07/11/2012 22:36:33 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Nosferatu\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.80% Memory free 2.99 Gb Paging File | 2.21 Gb Available in Paging File | 73.79% Paging File free Paging file location(s): c:\pagefile.sys 1024 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 280.89 Gb Total Space | 86.18 Gb Free Space | 30.68% Space Free | Partition Type: NTFS Drive D: | 645.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: NOSFERATU-PC | User Name: Nosferatu | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/11 22:27:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nosferatu\Desktop\OTL.exe PRC - [2012/06/18 12:30:21 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012/06/18 12:30:21 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes\mbam.exe PRC - [2011/07/14 03:34:17 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/07/10 09:57:08 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/30 00:23:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/09 18:37:42 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes\mbamservice.exe -- (MBAMService) SRV - [2012/03/08 19:59:02 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2011/12/19 20:08:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/09/27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011/09/05 11:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/08/05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011/08/05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011/08/05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011/07/01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011/05/26 08:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2011/05/10 23:01:36 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2011/04/22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2011/04/02 23:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2011/03/07 10:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/10/08 16:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2010/06/14 19:42:36 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office 07\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager) ========== Driver Services (SafeList) ========== DRV - [2012/07/11 22:08:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/09/02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2011/09/02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2011/09/02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2011/07/26 11:13:42 | 000,062,240 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2011/07/26 11:13:42 | 000,021,600 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2011/07/26 11:13:42 | 000,016,936 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2011/03/07 05:46:26 | 000,252,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV - [2011/01/04 05:28:54 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R) DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/10/08 16:14:55 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess) DRV - [2010/07/04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010/03/02 23:34:30 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2010/03/02 23:33:54 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2007/08/02 10:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr) DRV - [2004/05/14 06:42:00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/30 00:23:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/21 22:32:06 | 000,000,000 | ---D | M] [2011/12/13 15:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nosferatu\AppData\Roaming\Mozilla\Extensions [2012/05/08 01:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nosferatu\AppData\Roaming\Mozilla\Firefox\Profiles\bv776mfq.default\extensions [2012/01/14 18:34:20 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Nosferatu\AppData\Roaming\Mozilla\Firefox\Profiles\bv776mfq.default\extensions\DeviceDetection@logitech.com [2012/02/14 20:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/05/30 00:23:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/01/05 00:18:14 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll [2012/02/14 20:08:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/14 20:08:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 07\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office 07\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [iPatchData] C:\Program Files\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Program Files\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [qkwgqgdovvkdaje] C:\ProgramData\qkwgqgdo.exe () O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe () O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup File not found O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [qkwgqgdovvkdaje] C:\ProgramData\qkwgqgdo.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nosferatu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LastFM.lnk = C:\Program Files\Last.fm\LastFM.exe (Last.fm) O4 - Startup: C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe () O4 - Startup: C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZuseMe.lnk = C:\Program Files\ZuseMe ZuneScrobbler\ZuseMe\ZuseMe.exe (Arnold Vink) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 07\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office 07\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.30.255.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A8F4154-EF73-45CD-A536-588AE591EA66}: DhcpNameServer = 172.30.255.250 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 07\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office 07\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [1999/10/04 18:14:44 | 000,011,925 | R--- | M] () - D:\automenu.apm -- [ CDFS ] O32 - AutoRun File - [1996/11/07 19:19:30 | 000,450,560 | R--- | M] () - D:\automenu.exe -- [ CDFS ] O32 - AutoRun File - [1999/10/07 20:13:36 | 000,011,928 | R--- | M] () - D:\autorun.apm -- [ CDFS ] O32 - AutoRun File - [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [1999/04/15 16:44:06 | 000,000,029 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [1996/11/07 19:19:30 | 000,450,560 | R--- | M] () - E:\automenu.exe -- [ CDFS ] O32 - AutoRun File - [1999/10/07 20:11:58 | 000,011,902 | R--- | M] () - E:\autorun.apm -- [ CDFS ] O32 - AutoRun File - [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [1999/04/15 16:40:06 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\Shell - "" = AutoRun O33 - MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\Shell\AutoRun\command - "" = E:\autorun.exe -- [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) O33 - MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\Shell - "" = AutoRun O33 - MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\Shell\AutoRun\command - "" = D:\autorun.exe -- [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/11 22:27:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Nosferatu\Desktop\OTL.exe [2012/07/11 22:08:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/07/11 19:56:54 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2012/07/11 19:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012/07/11 19:47:42 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\ElevatedDiagnostics [2012/07/11 16:47:36 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Roaming\Malwarebytes [2012/07/11 16:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2012/07/11 16:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/11 16:47:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/07/11 16:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes [2012/07/11 16:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\bnssakmxqqhkgka [2012/07/10 23:26:32 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\Sophos [2012/07/06 20:27:50 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\Windows Live [2012/07/06 20:27:29 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\{C1645665-301D-4CB9-A9AD-FE72723C6F23} [2012/07/06 20:27:23 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Roaming\Windows Live Writer [2012/07/06 20:27:23 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\Windows Live Writer [2012/06/27 13:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gnuplot [2012/06/27 13:28:28 | 000,000,000 | ---D | C] -- C:\gnuplot [2012/06/26 09:38:17 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\Desktop\borda [2012/06/26 09:35:25 | 000,000,000 | -H-D | C] -- C:\8c9fed112fd56d2844c26c709c [2012/06/21 01:46:53 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\Desktop\new pics [2012/06/20 20:13:33 | 000,000,000 | -H-D | C] -- C:\4293886b4fa57bb37fc1f3 [2012/06/18 22:58:34 | 000,000,000 | -H-D | C] -- C:\1675e327f73e0484452fcd1acc1b00 [2012/06/15 12:58:11 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Roaming\Winamp [2012/06/13 19:17:58 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\Macromedia [2012/06/12 20:36:50 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\Desktop\hurricane [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/11 22:27:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nosferatu\Desktop\OTL.exe [2012/07/11 22:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/11 22:03:31 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys [2012/07/11 22:00:44 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/11 22:00:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/11 21:16:23 | 713,338,880 | ---- | M] () -- C:\Users\Nosferatu\Desktop\xubuntu-12.04-desktop-i386.iso [2012/07/11 20:47:22 | 000,619,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/07/11 20:47:22 | 000,108,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/07/11 16:36:04 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/11 16:36:04 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/11 16:18:41 | 000,000,051 | ---- | M] () -- C:\ProgramData\hdszbkfocetpsus [2012/07/11 16:18:32 | 000,065,536 | ---- | M] () -- C:\ProgramData\qkwgqgdo.exe [2012/07/11 13:08:31 | 000,000,926 | ---- | M] () -- C:\Users\Nosferatu\Desktop\Master Thesis.lnk [2012/07/11 09:41:13 | 000,686,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/07/10 09:57:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/07/10 09:57:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/07/07 08:16:27 | 000,000,600 | ---- | M] () -- C:\Users\Nosferatu\PUTTY.RND [2012/06/28 17:31:56 | 000,907,596 | ---- | M] () -- C:\Users\Nosferatu\Desktop\DSC03044.jpg [2012/06/28 17:31:49 | 004,413,677 | ---- | M] () -- C:\Users\Nosferatu\Desktop\DSC03044.png [2012/06/27 14:38:03 | 000,000,166 | ---- | M] () -- C:\Users\Nosferatu\AppData\Roaming\gnuplot_history [2012/06/26 09:33:11 | 000,170,190 | ---- | M] () -- C:\Users\Nosferatu\Desktop\Linienuebersichtplan.pdf [2012/06/18 10:25:55 | 000,544,897 | ---- | M] () -- C:\Users\Nosferatu\Desktop\Arrigo et al. 2012.pdf [2012/06/18 10:25:37 | 000,213,936 | ---- | M] () -- C:\Users\Nosferatu\Desktop\Stief et al 2002.pdf [2012/06/15 12:59:12 | 000,000,974 | ---- | M] () -- C:\Users\Nosferatu\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2012/06/13 16:57:40 | 000,428,865 | ---- | M] () -- C:\Users\Nosferatu\Desktop\lion.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/11 20:46:49 | 713,338,880 | ---- | C] () -- C:\Users\Nosferatu\Desktop\xubuntu-12.04-desktop-i386.iso [2012/07/11 16:18:39 | 000,065,536 | ---- | C] () -- C:\ProgramData\qkwgqgdo.exe [2012/07/11 16:18:35 | 000,000,051 | ---- | C] () -- C:\ProgramData\hdszbkfocetpsus [2012/06/28 17:31:39 | 004,413,677 | ---- | C] () -- C:\Users\Nosferatu\Desktop\DSC03044.png [2012/06/28 17:31:09 | 000,907,596 | ---- | C] () -- C:\Users\Nosferatu\Desktop\DSC03044.jpg [2012/06/27 14:38:03 | 000,000,166 | ---- | C] () -- C:\Users\Nosferatu\AppData\Roaming\gnuplot_history [2012/06/26 09:33:11 | 000,170,190 | ---- | C] () -- C:\Users\Nosferatu\Desktop\Linienuebersichtplan.pdf [2012/06/18 10:25:53 | 000,544,897 | ---- | C] () -- C:\Users\Nosferatu\Desktop\Arrigo et al. 2012.pdf [2012/06/18 10:25:37 | 000,213,936 | ---- | C] () -- C:\Users\Nosferatu\Desktop\Stief et al 2002.pdf [2012/06/15 12:59:12 | 000,000,974 | ---- | C] () -- C:\Users\Nosferatu\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2012/06/13 16:57:40 | 000,428,865 | ---- | C] () -- C:\Users\Nosferatu\Desktop\lion.jpg [2012/04/10 15:59:31 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2012/04/10 15:59:31 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2012/04/02 15:06:07 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2012/03/26 00:15:57 | 000,000,660 | ---- | C] () -- C:\Windows\System32\http--www.google.com-imgresum=1&hl=en&client=opera&sa=N&rls=en&channel=suggest&biw=991&bih=510&tbm=isch&tbnid=7UJUfM9sJF9TDM&imgrefurl=http--mescritiques.be-spip.php%3Farticle1221&docid=SDJOB-.jpg.lnk [2012/03/25 23:47:50 | 000,000,040 | ---- | C] () -- C:\Users\Nosferatu\AppData\Roaming\cdr.ini [2012/03/04 15:03:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2012/03/04 15:01:34 | 000,000,009 | ---- | C] () -- C:\Windows\sierra.ini [2012/01/30 23:28:40 | 000,044,680 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys [2012/01/19 22:20:07 | 000,000,000 | ---- | C] () -- C:\Users\Nosferatu\AppData\Local\{30D90EDC-D15A-4460-B056-C6895CC333E3} [2012/01/14 22:37:01 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini [2012/01/10 18:38:46 | 000,001,156 | ---- | C] () -- C:\Users\Nosferatu\Study - Shortcut.lnk [2012/01/09 13:59:21 | 000,007,602 | ---- | C] () -- C:\Users\Nosferatu\AppData\Local\Resmon.ResmonCfg [2011/12/30 22:38:50 | 000,001,166 | ---- | C] () -- C:\Users\Nosferatu\AppData\Roaming\PdfView.ini [2011/12/24 15:45:03 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2011/12/19 12:24:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011/12/19 12:24:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011/12/18 14:58:22 | 000,006,656 | ---- | C] () -- C:\Users\Nosferatu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/16 01:10:35 | 000,000,600 | ---- | C] () -- C:\Users\Nosferatu\PUTTY.RND [2011/07/26 10:15:57 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2011/07/26 10:15:57 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011/07/26 10:15:57 | 000,029,494 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT [2011/07/26 10:15:57 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011/07/26 10:15:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2011/07/26 10:15:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011/07/26 10:15:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011/07/26 10:15:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011/07/26 10:15:57 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2011/07/26 10:15:57 | 000,000,040 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011/07/26 10:12:54 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll < End of report > [/code] Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07/11/2012 22:36:33 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Nosferatu\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.80% Memory free
2.99 Gb Paging File | 2.21 Gb Available in Paging File | 73.79% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.89 Gb Total Space | 86.18 Gb Free Space | 30.68% Space Free | Partition Type: NTFS
Drive D: | 645.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: NOSFERATU-PC | User Name: Nosferatu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C9EBC5A-0BD3-446F-A260-4B928BFAA926}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{269A9E0C-F3FD-4C91-8E2A-A7AEACA2DDB9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{272C9E1E-DA43-4E21-ACC9-4C03FB991903}" = lport=2869 | protocol=6 | dir=in | app=system |
"{892D499B-457C-4359-AA81-B6F476E08795}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF983A2E-4CF6-4281-9ACF-B98C2ECF7BB3}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
"{F32753B3-6C6B-446C-883A-567ED4534334}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FF3D4753-CEAF-4C3F-88CF-53C7F7A251B2}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A7358D-174E-4794-B742-C7A40558212F}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{0A3A2F4C-6D53-4178-9995-3C5530A36650}" = protocol=17 | dir=in | app=c:\program files\microsoft office 07\office12\groove.exe |
"{167D30FA-43A4-4B4C-8EA2-CF8BD5B04D68}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{18FEC579-3B35-4810-8F24-5A0FCDA13285}" = protocol=6 | dir=out | app=system |
"{23A2454B-DCB5-4C07-8AAF-39C3AD7F2591}" = protocol=17 | dir=in | app=c:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe |
"{37208718-B0F4-445D-B26F-082AD186E1DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office 07\office12\groove.exe |
"{46FDD054-A124-4A4A-9FE5-14C5A302D5E8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{4E6B70EA-3828-43C2-8BFC-70B8CE79E03D}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{51F5CCC6-4B1D-448A-AE89-DD43D4F4F046}" = protocol=6 | dir=in | app=c:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe |
"{66AD603B-F1EE-4A9D-A0C6-FFE3E8203885}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{692DD4D1-6969-477D-8B96-67DF3891A514}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{6C2A4E2C-B54F-4562-84EE-D5B80091C935}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6F1B0B40-28B4-479F-9859-CFDB4980E911}" = protocol=17 | dir=in | app=c:\program files\ease todo backup\bin\agent.exe |
"{77C5B203-A691-4E67-94F4-32F7806AFA30}" = protocol=6 | dir=in | app=c:\program files\ease todo backup\bin\agent.exe |
"{794DC11F-DB2A-4726-8E6D-60DC0AEB1EE3}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{7E029CAD-CF96-4CFC-ABF8-E3E644FAA0C1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8D2B6000-10D1-477F-8F69-027F4AF85F4C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{9AC5061F-8A8F-49DF-B40B-02A3266A13E0}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{A05CF5DD-7796-4E77-886A-B7E6BF816F04}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B039994B-B2D8-407E-A078-99A2B0C9935C}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{B70F37CB-79EB-481A-995B-046DE99B3FD1}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{DD809069-5613-4886-917C-73C9AC216CEE}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{E7AB8E98-66A8-4A8E-8422-074399ED0BF0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F0794409-54B1-42B1-B79A-56637EB2ECE6}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{F33176B2-09E6-4498-89A8-9F1DA9073FA9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F671BFB3-E235-495C-9003-B2C19712AEA2}" = protocol=6 | dir=out | app=system |
"{F6C57710-D06E-461E-88D9-C1C99E15E96F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{FC15D026-7D5C-4100-8D3D-963CF6C3DF5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3E49CD46-EAC9-46AB-B530-3EFFD8EE24C6}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{4429D8A1-AE79-4EDE-A68B-992E0AF91CDB}C:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{46E6FB21-9FD1-41BF-8537-FF4385679476}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{64748D20-5648-4651-B912-C24FCCD99220}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{83927FA9-1D82-45F3-9E2F-7D7AB4501456}C:\program files\spss20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\spss20\jre\bin\javaw.exe |
"TCP Query User{D4EBCD00-9459-487F-88C9-4B35210211A0}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{0D4A1E4E-3B78-4FA5-BA76-57CECD65AE91}C:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{177122FF-82E3-4525-91B7-B8E81A04B400}C:\program files\spss20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\spss20\jre\bin\javaw.exe |
"UDP Query User{51C9D726-C63A-46F5-9466-65B381BCE155}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{792602ED-6718-4549-A7FC-B80455F5F35D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{8AA5F03E-DDE2-4656-8B82-AAB931AB0581}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{A87EBC2F-1366-4126-A137-8DB8AE517DA0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01D2EB2D-0560-3473-8300-7FF46FD7EC85}" = Strawberry Perl
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{05E47624-97C4-4B22-83C8-D4E30EC3EF02}" = Windows Live Remote Client Resources
"{065241D0-A178-4F24-8A09-691761A8957B}" = Windows Live Remote Service Resources
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E6B3568-2337-4429-9E14-0D9D8157D45A}" = Network Recording Player
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{143DB9C9-3F0D-4DC7-A57B-A7E4F26FA12E}" = Windows Live Remote Client Resources
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{244C5A67-39DC-4C6C-BF1B-BCC9D342A4C4}" = Windows Live Remote Client Resources
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2852BC06-B850-4518-97E6-CD136FE75683}" = Windows Live Remote Client Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2B3EA5DA-D040-48FB-813F-1CF8C0123698}" = Windows Live Remote Client Resources
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2BAE6A53-E241-11D5-873A-0050DABC2539}" = Tropico: Paradise Island
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30E82CD5-6E97-4381-86EB-548202A6D5B7}" = Windows Live Remote Client Resources
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources
"{3BFB2388-64EE-4AAA-9235-5FE725FED6DE}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{41E4FA4B-9376-4C32-AA46-65FCC0087CD5}" = Windows Live Remote Service Resources
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{448702D4-83DD-4EFC-B09B-94AD6CA0D978}" = Windows Live Remote Service Resources
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{5008BC55-FD3D-4A32-A1B7-610E18F4D220}" = Windows Live Remote Service Resources
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61A5DE19-BE38-45AF-A9BC-73E49703315E}" = Windows Live Remote Service Resources
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6255D9FC-427F-4867-84DB-164DBEA0661F}" = Windows Live Remote Client Resources
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{7612E28A-C4DB-4259-AA91-CB02B1BCF623}" = Windows Live Remote Service Resources
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{7846B719-862C-468A-9FD0-4769D2590535}" = Windows Live Remote Client Resources
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7962DFC7-BBD8-4FA1-B510-46A993C2BF94}" = Windows Live Remote Client Resources
"{7A143876-9658-4A58-82E7-B5F02D942957}" = Windows Live Remote Client Resources
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{84D3CB13-C7EE-4A29-817E-D82697320BF5}" = Windows Live Remote Client Resources
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93C6647F-AFE0-4CC2-8809-28A0B320D11B}" = Windows Live Remote Service Resources
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97124033-1253-4474-8B25-1AB314A920E6}" = Windows Live Remote Service Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4C16B19-10AA-4990-AA87-D14F653E3345}" = Windows Live Remote Client Resources
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1" = gnuplot 4.6.0
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC259A12-6CD9-486D-A97A-B619EB46225A}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B512307E-543D-457E-B759-75E0D5B0BCDF}" = Windows Live Remote Client Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6F55C3E-30EE-4D25-8BAD-CEE4BF8C78EB}" = Windows Live Remote Client Resources
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BA8D4CEF-D23D-44AB-8A89-66E602253791}" = Windows Live Remote Service Resources
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1015024-0BF1-4B51-8A06-C28953687DA7}" = Windows Live Remote Service Resources
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2ED3B35-5980-4496-B32B-1DE76D61DF63}" = STAN 2.0.1703
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C411942C-C26B-4450-8B9A-173DCC22AEC6}" = Windows Live Remote Service Resources
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB240A71-3AFC-4429-B4D4-F965B8C4267E}" = Windows Live Remote Service Resources
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD6CB7F1-1B8E-424A-9B81-F8D2F03958EC}" = Windows Live Remote Client Resources
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}" = Windows Live Remote Service Resources
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDF8BAB-98D7-4CFA-9C42-27431EC4BD1F}" = Windows Live Remote Service Resources
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1629C45-9CEF-498E-83CD-D6A09CADA176}" = Windows Live Remote Client Resources
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7FB0043-24A5-4B30-AED6-01B47B44CB67}" = Windows Live Remote Client Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F02598C2-2A5F-4593-8F09-439F3317B2C8}" = Sentinel System Driver 5.42.1 (32-bit)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F81DB83D-A016-45A6-A6A0-135B1E6939EF}" = Windows Live Remote Service Resources
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB61162-F860-4490-97FE-8E33EF6072D2}" = Kurso de Esperanto 3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ArcGIS License Manager" = ArcGIS License Manager
"Boxoft Flac to MP3 (freeware)_is1" = Boxoft Flac to MP3 (freeware)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"IrfanView" = IrfanView (remove only)
"LameACM" = Lame ACM MP3 Codec
"LastFM_is1" = Last.fm 1.5.4.27091
"Launchy_21344213_is1" = Launchy 2.5
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.00.1467" = Opera 12.00
"Picasa 3" = Picasa 3
"Python 2.4.1" = Python 2.4.1
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SopCast" = SopCast 3.4.8
"sp6" = Logitech SetPoint 6.32
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"UltraStar Deluxe" = UltraStar Deluxe
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WildTangent acer Master Uninstall" = Acer Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.0.7
"WTA-076dc1c4-bff5-4258-95c9-6b189b804c78" = Virtual Villagers 4 - The Tree of Life
"WTA-1703119c-2b1e-4d84-9088-bd1a57e952d0" = Jewel Match 3
"WTA-1d91f406-91dd-483a-b76a-1e2021079b80" = Insaniquarium Deluxe
"WTA-289728b4-fea1-4041-b260-83f95ddb7af9" = Agatha Christie - Death on the Nile
"WTA-42e2e7d2-38d1-47ea-b8f9-fabfa9d44769" = Slingo Deluxe
"WTA-442f5303-3eda-49ee-a546-cf5a0f30fcc7" = Polar Bowler
"WTA-5a1fae77-1c99-4665-8195-284134059d01" = Zuma Deluxe
"WTA-62d8d729-8c12-43e9-bc80-09d98a2504ca" = Skip-Bo - Castaway Caper
"WTA-64df0eb8-1084-4e88-9540-eb8b61a96a35" = Penguins!
"WTA-6daa3c1b-f63e-4a12-a63c-d270a4bec5c2" = Torchlight
"WTA-847fa9c4-6136-4c4e-bea7-0f7ad50c97e8" = Bejeweled 2 Deluxe
"WTA-89e336fe-a6ef-4315-9a33-fe65ca59c4f1" = Wedding Dash
"WTA-a0a683d4-3d72-4563-a3cc-3b5702218d03" = Plants vs. Zombies - Game of the Year
"WTA-ad4bafeb-c91a-4dab-b167-747041dc514e" = Tradewinds Legends
"WTA-bd42aa28-e4a7-44aa-a155-6806543031e4" = Final Drive: Nitro
"WTA-d3eb8269-182d-4684-a8ec-ff8b9bc99f1d" = FATE
"WTA-faa2ec55-fee2-466f-93d8-a830146fab2e" = Jewel Quest Solitaire
"WTA-fce960de-bcc3-48bb-98d5-1133ade0ad60" = Chuzzle Deluxe
"Zenses2" = Zenses2 Beta2
"Zune" = Zune
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06/15/2012 04:40:26 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
0x4ee2440b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x002168b8 Faulting process id: 0x2b1c Faulting application
start time: 0x01cd4ad27d046167 Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
module path: unknown Report Id: c0bf0f83-b6c5-11e1-9122-e89a8fe1819a
Error - 06/15/2012 04:40:29 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
0x4ee2440b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x002168b8 Faulting process id: 0x2b1c Faulting application
start time: 0x01cd4ad27d046167 Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
module path: unknown Report Id: c2420bad-b6c5-11e1-9122-e89a8fe1819a
Error - 06/15/2012 04:56:20 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
0x4ee2440b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x001cf2c0 Faulting process id: 0x153c Faulting application
start time: 0x01cd4ad4b4735bb5 Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
module path: unknown Report Id: f95e9f07-b6c7-11e1-9122-e89a8fe1819a
Error - 06/15/2012 04:56:23 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
0x4ee2440b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x001cf2c0 Faulting process id: 0x153c Faulting application
start time: 0x01cd4ad4b4735bb5 Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
module path: unknown Report Id: fb18d8a0-b6c7-11e1-9122-e89a8fe1819a
Error - 06/15/2012 04:56:32 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
0x4ee2440b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00302850 Faulting process id: 0x8e4 Faulting application
start time: 0x01cd4ad4be4f4e6a Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
module path: unknown Report Id: 009bc129-b6c8-11e1-9122-e89a8fe1819a
Error - 06/15/2012 04:56:35 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
0x4ee2440b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00302850 Faulting process id: 0x8e4 Faulting application
start time: 0x01cd4ad4be4f4e6a Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
module path: unknown Report Id: 02084ed0-b6c8-11e1-9122-e89a8fe1819a
Error - 06/15/2012 06:50:22 | Computer Name = Nosferatu-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ecc Start
Time: 01cd4a761420e339 Termination Time: 395 Application Path: C:\Windows\Explorer.EXE
Report
Id:
Error - 06/16/2012 09:44:27 | Computer Name = Nosferatu-PC | Source = WinMgmt | ID = 10
Description =
Error - 06/16/2012 10:10:26 | Computer Name = Nosferatu-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 06/16/2012 15:39:22 | Computer Name = Nosferatu-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 04/18/2012 06:23:23 | Computer Name = Nosferatu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1126
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 06/27/2012 09:21:55 | Computer Name = Nosferatu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6425.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1471 seconds with 840 seconds of active time. This session ended with a
crash.
Error - 07/11/2012 06:47:29 | Computer Name = Nosferatu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.4518.1014. This session lasted 4892
seconds with 1860 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07/11/2012 15:59:20 | Computer Name = Nosferatu-PC | Source = Service Control Manager | ID = 7000
Description = The ArcGIS License Manager service failed to start due to the following
error: %%1053
Error - 07/11/2012 16:03:34 | Computer Name = Nosferatu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:02:20 on ?11.?07.?2012 was unexpected.
Error - 07/11/2012 16:03:37 | Computer Name = Nosferatu-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 07/11/2012 16:03:38 | Computer Name = Nosferatu-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk SAVOnAccess spldr Wanarpv6
Error - 07/11/2012 16:04:11 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description =
Error - 07/11/2012 16:04:17 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description =
Error - 07/11/2012 16:04:19 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description =
Error - 07/11/2012 16:04:19 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description =
Error - 07/11/2012 16:04:20 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description =
Error - 07/11/2012 16:05:38 | Computer Name = Nosferatu-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1068
< End of report >
[/code] Ich hoffe, Ihr koennt mir helfen und waere Euch wirklich sehr dankbar. Vielen Dank schonmal fuer Eure Zeit und fuer's Durchlesen. Wenn Ihr noch weitere Infos braucht, stelle ich die gern zur Verfuegung! Gruss /Jan |
|
12.07.2012, 12:17
| #2 |
| /// Helfer-Team  | Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [qkwgqgdovvkdaje] C:\ProgramData\qkwgqgdo.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup File not found
O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [qkwgqgdovvkdaje] C:\ProgramData\qkwgqgdo.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\Shell - "" = AutoRun
O33 - MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\Shell\AutoRun\command - "" = E:\autorun.exe -- [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation)
O33 - MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\Shell - "" = AutoRun
O33 - MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\Shell\AutoRun\command - "" = D:\autorun.exe -- [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation)
[2012/07/11 22:00:44 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/11 22:00:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
:Files
C:\ProgramData\qkwgqgdo.exe
:Commands
ipconfig /flushdns /c
[emptytemp]
[emptyflash]
[resethosts]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
13.07.2012, 09:37
| #3 |
| | Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? Also, schonmal tausend Dank fuer diese Hilfe t'john. Das System lauft jetzt wieder 'normal' - hoffe mal, dass sich da nichts schwerwiegenderes eingenistet hat. Gibt es jetzt noch etwas zu tun, damit das Zeug ganz runter ist?
__________________Ist denn irgendwie bekannt, wie sich dieser Trojaner in die Systeme einschleicht? Es scheinen ja doch einige Leute davon betroffen zu sein. Hier ist der Log von OTL - da hat sich ganz schoen viel angesammelt in den temporaeren Dateien... Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qkwgqgdovvkdaje deleted successfully.
C:\ProgramData\qkwgqgdo.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UnlockerAssistant deleted successfully.
C:\Program Files\Unlocker\UnlockerAssistant.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Boxoft Tools deleted successfully.
C:\ProgramData\Boxtools\Boxofttoolbox.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Run\\qkwgqgdovvkdaje deleted successfully.
File C:\ProgramData\qkwgqgdo.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\ not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f410b939-ad85-11e1-b157-e89a8fe1819a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f410b939-ad85-11e1-b157-e89a8fe1819a}\ not found.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\qkwgqgdo.exe not found.
========== COMMANDS ==========
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Nosferatu
->Temp folder emptied: 30140967 bytes
->Temporary Internet Files folder emptied: 120494460 bytes
->Java cache emptied: 2892122 bytes
->FireFox cache emptied: 134764713 bytes
->Opera cache emptied: 30682960 bytes
->Flash cache emptied: 63050 bytes
User: Presentation
->Temp folder emptied: 49547 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
User: work
->Temp folder emptied: 49547 bytes
->Temporary Internet Files folder emptied: 8383312 bytes
->Flash cache emptied: 624 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3688550 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 440708737 bytes
RecycleBin emptied: 1508730 bytes
Total Files Cleaned = 738.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Nosferatu
->Flash cache emptied: 0 bytes
User: Presentation
User: Public
User: work
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.1 log created on 07132012_101754
Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
C:\Windows\temp\dd_vcredistMSI14A8.txt moved successfully.
C:\Windows\temp\dd_vcredistUI14A8.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
[1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) E:\autorun.exe : MD5=868B8A84FB177209D42154251F55C2F3
[1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) D:\autorun.exe : MD5=868B8A84FB177209D42154251F55C2F3
File C:\Windows\temp\dd_vcredistMSI14A8.txt not found!
File C:\Windows\temp\dd_vcredistUI14A8.txt not found!
[2012/07/13 10:27:28 | 000,789,352 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
[2012/07/13 10:27:18 | 000,381,744 | ---- | M] () C:\Windows\temp\LMutilps32.log : Unable to obtain MD5
Registry entries deleted on Reboot...
|
|
13.07.2012, 11:38
| #4 |
| /// Helfer-Team | Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? Sehr gut!  1. Schritt Neue Version! Bitte neu runterladen! Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
13.07.2012, 16:18
| #5 |
| | Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? Ja, Rechner laeuft wieder wie zuvor  Allerdings hat Sophos zwei Datein in die Quarantaene verbannt:- eine aus dem OTL mover folder "qkwgqgdo.exe" (Mal/Generic-L) - und eine .htm-Datei aus den Temporary Internet Files/Conten.IE5 (aber ich benutze doch nur Opera, wie kommt da dennoch was hin?) Naja, jedenfall fand Malwarebyte's nichts mehr und hier ist der adwCleaner-Log: Code:
ATTFilter # AdwCleaner v1.701 - Logfile created 07/13/2012 at 17:08:32
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Nosferatu - NOSFERATU-PC
# Running from : C:\Users\Nosferatu\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Nosferatu\AppData\Local\Conduit
Folder Found : C:\Users\Nosferatu\AppData\Local\TempDir
Folder Found : C:\Users\Nosferatu\AppData\LocalLow\Conduit
Folder Found : C:\Program Files\Conduit
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Conduit
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (en-US)
Profile name : default
File : C:\Users\Nosferatu\AppData\Roaming\Mozilla\Firefox\Profiles\bv776mfq.default\prefs.js
Found : user_pref("CT3072253.autoDisableScopes", -1);
-\\ Opera v12.0.1467.0
File : C:\Users\Nosferatu\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1450 octets] - [13/07/2012 17:08:32]
########## EOF - C:\AdwCleaner[R1].txt - [1578 octets] ##########
|
|
13.07.2012, 16:24
| #6 |
| /// Helfer-Team | Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? Sehr gut!
danach: Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? |
|
14.07.2012, 23:30
| #7 |
| | Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? Wunderbar! Hier ist der neue adwcleaner-Log: Code:
ATTFilter # AdwCleaner v1.701 - Logfile created 07/14/2012 at 10:30:11
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Nosferatu - NOSFERATU-PC
# Running from : C:\Users\Nosferatu\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Nosferatu\AppData\Local\Conduit
Folder Deleted : C:\Users\Nosferatu\AppData\Local\TempDir
Folder Deleted : C:\Users\Nosferatu\AppData\LocalLow\Conduit
Folder Deleted : C:\Program Files\Conduit
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (en-US)
Profile name : default
File : C:\Users\Nosferatu\AppData\Roaming\Mozilla\Firefox\Profiles\bv776mfq.default\prefs.js
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
-\\ Opera v12.0.1467.0
File : C:\Users\Nosferatu\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1579 octets] - [13/07/2012 17:08:32]
AdwCleaner[S1].txt - [1534 octets] - [14/07/2012 10:30:11]
########## EOF - C:\AdwCleaner[S1].txt - [1662 octets] ##########
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b0031f04063fb4f9cece23ad49d5faa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-14 02:00:34
# local_time=2012-07-14 04:00:34 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 63302 93886603 0 0
# compatibility_mode=8192 67108863 100 0 258 258 0 0
# compatibility_mode=8449 16775165 50 99 1341 74693379 0 0
# scanned=187636
# found=1
# cleaned=0
# scan_time=19023
C:\Users\Nosferatu\AppData\Local\Opera\Opera\temporary_downloads\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
|
|
15.07.2012, 10:36
| #8 |
| /// Helfer-Team | Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? Sehr gut! Du bist sauber und entlassen Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html |
|
16.07.2012, 12:38
| #9 |
| | Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? Ja, wunderbar! Tausend Dank auf jeden Fall fuer diesen super Support t'john und ich werde mich jetzt mal in den naechsten Tagen um die empfohlene Lektuere kuemmern Auf dass mir sowas nicht wieder vorkommt.Cheers! |
|
| Themen zu Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? |
| 7-zip, adobe, autorun, cftmon.lnk, computer, defender, excel, failed, flash player, format, google earth, go_0molg.pad, gvu trojaner, gvu trojaner entfernen, gvu trojaner mit webcam, helper, install.exe, launch, locker, logfile, microsoft office word, msiinstaller, office 2007, plug-in, pmmupdate.exe, problem, pup.bundleinstaller.somoto, realtek, recuva, rundll, searchscopes, security, svchost.exe, system, trojan.agent.ge, trojaner board, udp, webcam gvu trojaner, webcamfenster, wildtangent games, wrapper |
Linear-Darstellung
