|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner unter Windows 7 mit WebcamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.07.2012, 17:24 | #1 |
| GVU Trojaner unter Windows 7 mit Webcam Hallo an Alle, ich bin etwas verzweifelt, da ich mir einen GVU Trojaner eingefangen habe. Dieser erschien zu Beginn jedesmal nach dem Neustart des Rechners. Wenn ich dann über die Tastenkombination strg/ALT/Entfernen auf Abmelden geklickt habe, ist die Trojaner Oberfläche verschwunden und der Windows Desktop erschien. Der Rechner zeigte danach keine Anzeichen der Infektion mehr (bis zum nächsten Neustart, denn hier ging das gleiche Spiel von Vorne los). Ich habe jetzt lange im Forum gelesen und möchte würdigen, dass sich hier Leute um individualisierte Lösungen bemühen-Ihr habt einen Orden verdient. Ich hoffe natürlich, dass auch mein Problem mit diesem Trojaner gelöst werden kann. Ich habe nun die Checkliste durchgearbeitet, deren Ergebnisse ich anbei aufführe: Zu Beginn habe ich den Scan mit Malwarebytes durchgeführt (einmal vollständig (29 Findings) und einmal Quick (44 Findings), folgend beide Scans: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.12.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Melanie :: ******-PC [Administrator] Schutz: Aktiviert 12.07.2012 22:01:21 mbam-log-2012-07-12 (22-01-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 237191 Laufzeit: 5 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 4608 -> Löschen bei Neustart. Infizierte Speichermodule: 2 C:\Users\Melanie\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.DG) -> Löschen bei Neustart. C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Daten: C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=ibgfbdggapddbjjbopabhlhianklajie -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Löschen bei Neustart. Infizierte Dateien: 14 C:\Users\Melanie\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.DG) -> Löschen bei Neustart. C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Löschen bei Neustart. C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Löschen bei Neustart. C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und nun der Komplette Malware Scan: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.12.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Melanie :: MELANIE-PC [Administrator] Schutz: Aktiviert 12.07.2012 20:30:58 Malwarebytes-log-2012-07-12 (21-52-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 392096 Laufzeit: 1 Stunde(n), 19 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 4608 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 2 C:\Users\Melanie\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Daten: C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=ibgfbdggapddbjjbopabhlhianklajie -> Keine Aktion durchgeführt. HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 15 C:\Users\Melanie\AppData\Local\Temp\glom0_og.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Melanie\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) Defogger habe ich ebenfalls installiert und entsprechend der Anleitung den Disable-button aktiviert. Anschließend habe ich OTL heruntergeladen und laufen lassen. Anbei die beiden Files: Den User habe ich durch "User***" ersetzt. Habe ich hier irgendwo gelesen, dass man dies durchführen soll. Anbei OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 12.07.2012 21:33:54 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 34,32% Memory free 7,83 Gb Paging File | 5,16 Gb Available in Paging File | 65,95% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 128,07 Gb Free Space | 64,04% Space Free | Partition Type: NTFS Drive D: | 240,76 Gb Total Space | 43,99 Gb Free Space | 18,27% Space Free | Partition Type: NTFS Drive E: | 268,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: User***-PC | User Name: User*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\User***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\PDF24-Creator\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\FreeCommander\FreeCommander.exe (Marek Jasinski - www.FreeCommander.com) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Gembird\Power Manager\pm.exe (Gembird Electronics Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Users\User***\AppData\Local\Temp\glom0_og.exe () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll () MOD - C:\Program Files (x86)\BrowserCompanion\sqlite3.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (TurboBoost) Intel(R) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.) DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.) DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.) DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.) DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=da14c64900000000000078929c15abe1 IE - HKCU\..\SearchScopes\{435216DD-7692-4030-B308-075076971315}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_deDE451 IE - HKCU\..\SearchScopes\{8657A450-A790-46E0-A09B-28C941996A2F}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{943C70A8-F189-42C1-ACA0-B6A1F0145F0B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{9F2EDB52-9CA8-4254-B525-6F6CAC4716F6}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{DB07B951-34D7-4970-AAC7-DB6ECF09ECFA}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012.07.12 20:05:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 09:30:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Users\User***\AppData\Local\Temp\7zSF4DA.tmp\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Users\User***\AppData\Local\Temp\7zSF4DA.tmp\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 09:30:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.13 19:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User***\AppData\Roaming\mozilla\Extensions [2012.07.12 18:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User***\AppData\Roaming\mozilla\Firefox\Profiles\ox1chxpe.default\extensions [2012.05.05 22:22:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\User***\AppData\Roaming\mozilla\Firefox\Profiles\ox1chxpe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.29 18:02:56 | 000,000,853 | ---- | M] () -- C:\Users\User***\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\11-suche.xml [2012.03.28 15:44:54 | 000,000,925 | ---- | M] () -- C:\Users\User***\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\conduit.xml [2012.06.29 18:02:56 | 000,002,209 | ---- | M] () -- C:\Users\User***\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\englische-ergebnisse.xml [2012.06.29 18:02:56 | 000,010,506 | ---- | M] () -- C:\Users\User***\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\gmx-suche.xml [2012.06.29 18:02:56 | 000,002,368 | ---- | M] () -- C:\Users\User***\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\lastminute.xml [2012.06.29 18:02:56 | 000,005,489 | ---- | M] () -- C:\Users\User***\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\webde-suche.xml [2012.03.21 20:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.29 17:56:47 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\User***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OX1CHXPE.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.23 09:30:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.23 09:30:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.23 09:30:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 09:30:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 09:30:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 09:30:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 09:30:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! Deutschland (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms} CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\User***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\User***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Google Mail = C:\Users\User***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24-Creator\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Power Manager] C:\Program Files (x86)\Gembird\Power Manager\pm.exe (Gembird Electronics Ltd.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\User***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8:64bit: - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B765671D-37A7-4631-A008-A91FF2A1AAC4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD6FA579-54A8-4391-8465-38A1EC3ED1E5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.12 21:04:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User***\Desktop\OTL.exe [2012.07.12 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Roaming\Malwarebytes [2012.07.12 20:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.12 20:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.12 20:29:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.12 20:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.12 20:28:33 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User***\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.11 22:20:19 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.07.11 22:18:26 | 000,000,000 | ---D | C] -- C:\Windows\en [2012.07.11 22:18:13 | 000,000,000 | ---D | C] -- C:\Windows\el [2012.07.11 22:18:07 | 000,000,000 | ---D | C] -- C:\Windows\es [2012.07.11 22:18:02 | 000,000,000 | ---D | C] -- C:\Windows\fr [2012.07.11 22:17:54 | 000,000,000 | ---D | C] -- C:\Windows\he [2012.07.11 22:17:47 | 000,000,000 | ---D | C] -- C:\Windows\it [2012.07.11 22:17:41 | 000,000,000 | ---D | C] -- C:\Windows\nl [2012.07.11 22:17:27 | 000,000,000 | ---D | C] -- C:\Windows\ru [2012.07.11 22:17:19 | 000,000,000 | ---D | C] -- C:\Windows\ar [2012.07.11 22:10:28 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2012.07.11 22:09:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.11 21:55:33 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{F2397EC0-EF20-41DE-ABB3-1F695D4508B9} [2012.07.11 21:55:11 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{A4A0FB67-7842-4E00-9ADD-EE0843B19706} [2012.07.10 21:34:37 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012.07.10 18:38:00 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{AA838871-B6E1-4663-A07F-61A5663A47E2} [2012.07.10 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{34D935C6-ADAA-4A57-A476-BA6DDCB4C8BD} [2012.07.10 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{5F566CF3-D66F-4C95-A25F-1BD82C970A99} [2012.07.10 18:37:18 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{FDA900F3-558B-4687-B045-0D2DF13123D9} [2012.07.08 13:50:11 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{9DBF813C-43CA-4546-A0AB-509FCB203BDD} [2012.07.08 13:50:01 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{31F2AC1B-B86A-4164-9921-35AE431C7685} [2012.07.08 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{49298689-A7EA-4B59-8354-E0D7E9E678A4} [2012.07.08 13:49:41 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{69FA239F-D395-4484-B5E2-782A29AD11D1} [2012.07.08 13:49:32 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{AA60E430-7B20-46C7-A852-2A9CC7F80DD8} [2012.07.08 13:49:10 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{CD4DE722-215B-4C31-A8F3-1831C064F736} [2012.07.08 13:14:43 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{63AD87A4-11BB-4CE8-8760-B3ECE9831E9E} [2012.07.08 13:14:21 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{926C571C-29BA-4C09-B500-6FEF4565C91D} [2012.07.07 23:23:51 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{86F355A5-155B-4C9E-B949-17FA53995B8C} [2012.07.07 23:23:38 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{84B25411-66F5-45C0-A208-06AA29BCF42E} [2012.07.07 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{101EBAB2-E8DA-4637-B0EE-0C10EC33D3EC} [2012.07.07 23:23:13 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{072DECE0-8103-45F4-974D-F890D23E6E00} [2012.07.07 23:05:07 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{34D059B1-EC6D-4A74-B986-DB068170203E} [2012.07.07 23:04:58 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{2D8245E6-A844-4B9B-8BDA-06C1D72A437F} [2012.07.07 23:04:48 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{9096597A-46CD-424E-A729-A491B096B754} [2012.07.07 23:04:39 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{51615FF5-D4CA-4716-81BF-2D501575AD0C} [2012.07.07 23:04:29 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{75F811DE-1957-446D-B690-265536C70EA4} [2012.07.07 23:04:09 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{C69E0FE5-DD3C-4C34-B7DC-01C46E1F418E} [2012.07.07 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{7E3E1A61-628D-41C8-923E-464FC06E590F} [2012.07.07 23:01:54 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{D593E530-646E-481C-AC80-04B65F410912} [2012.07.07 23:01:45 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{1705854E-F491-4FB5-94CC-8DAD9E8D83D9} [2012.07.07 23:01:35 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{23AFE5CB-E7F0-4447-90EC-441C10C880A4} [2012.07.07 22:44:30 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{89CE82F0-C09D-4AC5-92FE-B97C04E793E5} [2012.07.07 22:26:38 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{C5EB99F7-945A-41F9-AC45-440435CC9FE3} [2012.07.07 22:26:23 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\{E0D99E8D-67EF-48BE-B67B-2F40E67C7E6D} [2012.07.01 16:27:34 | 000,000,000 | ---D | C] -- C:\Users\User***\Desktop\Passat [2012.06.25 16:46:55 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Local\Macromedia [2012.06.19 17:33:56 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.19 17:33:56 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.19 17:33:56 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.19 17:33:41 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.19 17:33:41 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.19 17:33:41 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.19 17:33:28 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.19 17:33:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.14 16:58:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 16:58:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 16:58:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 16:58:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 16:58:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 16:58:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 16:58:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.14 16:58:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.14 16:57:58 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.14 16:57:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.14 16:57:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.14 16:57:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 16:57:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 15:06:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.14 15:06:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.14 15:06:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.14 15:06:34 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.14 15:06:33 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.14 15:06:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.14 15:06:29 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.14 15:06:22 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.14 15:06:21 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.13 19:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.06.13 19:42:49 | 000,000,000 | ---D | C] -- C:\Users\User***\AppData\Roaming\pdfforge [2012.06.13 19:42:44 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2012.06.13 19:42:44 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012.06.13 19:42:44 | 000,094,208 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.13 19:42:43 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.06.13 19:42:43 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012.06.13 19:42:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.06.13 19:42:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012.06.13 19:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator ========== Files - Modified Within 30 Days ========== [2012.07.12 21:04:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User***\Desktop\OTL.exe [2012.07.12 21:02:15 | 000,000,000 | ---- | M] () -- C:\Users\User***\defogger_reenable [2012.07.12 21:01:38 | 000,050,477 | ---- | M] () -- C:\Users\User***\Desktop\Defogger.exe [2012.07.12 20:49:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.12 20:45:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.12 20:29:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 20:28:34 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User***\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.12 20:17:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 20:17:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 20:17:00 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.12 20:17:00 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.12 20:17:00 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.12 20:17:00 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.12 20:17:00 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.12 20:11:14 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.12 20:11:11 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.07.12 20:11:10 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.12 20:10:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.12 20:09:56 | 3151,835,136 | -HS- | M] () -- C:\hiberfil.sys [2012.07.12 19:53:18 | 280,918,016 | ---- | M] () -- C:\Users\User***\Desktop\kav_rescue_10.iso [2012.07.12 19:21:50 | 000,655,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 18:05:31 | 000,001,887 | ---- | M] () -- C:\Users\User***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.12 12:45:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.12 12:45:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 20:49:22 | 001,118,525 | ---- | M] () -- C:\Users\User***\Desktop\IMG_5526.JPG ========== Files Created - No Company Name ========== [2012.07.12 21:02:15 | 000,000,000 | ---- | C] () -- C:\Users\User***\defogger_reenable [2012.07.12 20:59:11 | 000,050,477 | ---- | C] () -- C:\Users\User***\Desktop\Defogger.exe [2012.07.12 20:29:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 19:44:36 | 280,918,016 | ---- | C] () -- C:\Users\User***\Desktop\kav_rescue_10.iso [2012.07.12 19:20:05 | 000,655,688 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 18:05:31 | 000,001,887 | ---- | C] () -- C:\Users\User***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.12 18:05:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.07.02 20:49:16 | 001,118,525 | ---- | C] () -- C:\Users\User***\Desktop\IMG_5526.JPG [2012.01.03 17:55:36 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.01.03 17:55:36 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.01.03 17:54:39 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI [2012.01.03 17:53:21 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.01.03 17:53:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.01.03 17:53:06 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.01.03 17:53:00 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.10.17 17:36:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.10.17 17:36:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.07.07 08:12:52 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.07 08:12:49 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.07 08:12:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2011.12.19 22:05:49 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\1&1 Mail & Media GmbH [2011.09.27 20:47:46 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\ASUS WebStorage [2012.02.07 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\Babylon [2012.06.05 13:55:03 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\BBZ [2012.05.26 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\Canon [2012.01.03 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\ControlCenter4 [2012.07.12 20:11:33 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\Dropbox [2012.05.05 22:23:10 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\DVDVideoSoft [2012.05.05 22:22:33 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.11 12:53:58 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\FreeCommander [2011.12.13 21:37:47 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\FreePDF [2011.12.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\GHISLER [2012.04.17 07:42:40 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\Juniper Networks [2012.01.03 18:04:02 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\Nuance [2012.06.13 19:43:47 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\pdfforge [2012.04.23 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\PhotoScape [2012.01.19 17:30:39 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\Sony [2012.02.07 15:50:33 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\streamripper [2011.09.27 23:18:20 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\Windows Live Writer [2011.10.15 17:34:28 | 000,000,000 | ---D | M] -- C:\Users\User***\AppData\Roaming\Zeon [2012.05.20 16:23:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC < End of report > Und die OTL Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.07.2012 21:33:54 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 34,32% Memory free 7,83 Gb Paging File | 5,16 Gb Available in Paging File | 65,95% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 128,07 Gb Free Space | 64,04% Space Free | Partition Type: NTFS Drive D: | 240,76 Gb Total Space | 43,99 Gb Free Space | 18,27% Space Free | Partition Type: NTFS Drive E: | 268,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: User***-PC | User Name: User*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F020051-C459-46DC-A28B-DC38C17B8E3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{147E254D-BD46-4E76-9E2E-99C4649BC80A}" = lport=139 | protocol=6 | dir=in | app=system | "{1812505C-0630-4EB1-845A-DE946819DE71}" = rport=139 | protocol=6 | dir=out | app=system | "{1A2E26B3-FD4D-4B22-9EE8-A587BF28EB13}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1E35FEBF-0B8D-4A78-A440-56F004190922}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{2588F5E8-82E5-4C6F-BA2F-8663F742DC29}" = lport=137 | protocol=17 | dir=in | app=system | "{325D28F8-D926-4583-A297-4CA3A16EE24E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{341C43E9-A471-4260-9CBE-535E6695021F}" = rport=138 | protocol=17 | dir=out | app=system | "{439C6598-E317-400B-AD3E-30789F5335AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{49AB69B7-D098-4839-ADBD-691ED6C28D4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B6C8F77-9BDF-4E82-B006-01D4E6CE0472}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{5C72F787-DAF7-4348-984B-19D85B6E64CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{70484A7D-A0A3-4496-AD22-217E83D65AAB}" = rport=10243 | protocol=6 | dir=out | app=system | "{7C109493-0822-438D-A83D-31096F41D929}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{83E081B2-FB36-4F52-8912-3C1B2DAE23F7}" = lport=10243 | protocol=6 | dir=in | app=system | "{8B43FCD8-C03E-4839-A241-87E2B507222B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9911DA4F-B085-4BDE-A479-0C428E27BF47}" = rport=445 | protocol=6 | dir=out | app=system | "{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{B2DA5300-43F4-4DC7-B3A0-0ADE4235A256}" = lport=138 | protocol=17 | dir=in | app=system | "{B375404F-525C-4A40-A80F-A224DA79C803}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3852138-36E9-4EF8-9958-48A8B824E763}" = rport=137 | protocol=17 | dir=out | app=system | "{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B8D81D15-3C11-41F1-958F-E27C305277EA}" = lport=445 | protocol=6 | dir=in | app=system | "{BC4027B0-8BD3-47BA-88E3-78944E5A778A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E483ACDB-1F89-43F9-93FE-3B0B195EE2A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EF4703C8-965C-4D22-9CF3-1E4B5FA89242}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F91605E1-25D0-4BD4-BB58-9E41F934AA37}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09F03E67-E09C-43B2-9B7B-476A857EB12F}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{113478BD-96A2-499F-A1CD-07873E948F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{18FA41C9-0D6C-4E91-A311-8DF4945E4BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{1CBF9902-39E5-4D82-B861-2E8DAD4FBD8C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{255F62A6-DF23-46A5-AEFE-46408F982A7A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{25E9E4E5-3FD9-4B33-BB96-D9E7D14C7349}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | "{26803BE5-F0BE-425B-86E1-9E0B95A665EE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{26C6CA2B-2CC3-4743-94DE-0BA6DC6CEA8C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2E7E6E21-6A3A-4267-8FCA-054ADEB97AF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{319B26FB-F6AC-40A7-9752-E2429F78072E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{31FC0137-B781-4217-9C92-1FEFB9E6ECE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B6BAB7B-B93A-4FD5-AF5F-1ED886B53844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{412750CF-5ACB-484A-9BC3-8931AFF4368E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{43AB61AA-AAFD-4A59-A7FA-439DA1F03517}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{43CEA3D4-27B1-44F2-950F-CDEC2E06A235}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5398A68D-C7D1-4540-97CC-71678EFE195B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{5DB1E0A4-EAC0-4B2F-A3D2-CC641271D5B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5F558219-2F4A-4D33-84D2-26C0EC2174D1}" = protocol=17 | dir=in | app=c:\users\User***\appdata\roaming\dropbox\bin\dropbox.exe | "{61BE722F-47B8-4C31-9759-5559578A01DE}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{61FC8E2D-0654-487A-B8F5-A980005EFF42}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{639D5997-2954-42D2-8CC5-AC1B59E1D7DC}" = protocol=6 | dir=in | app=c:\users\User***\appdata\roaming\dropbox\bin\dropbox.exe | "{6A2C9F97-4CB7-4210-B6FF-93D71833C1FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6CD76A1F-E002-47BE-B9DC-17622F7BC178}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{730096A5-AE50-41BB-83AF-FAF3E4D0C573}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8513F52D-71AA-42C7-B926-38D9511A3056}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{94FFFEAC-C708-4E8B-BA9D-EC6CB54A73E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A5EE7B03-10A9-427C-B377-4BB37C525D22}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A822F1C3-3E5E-4BD6-9916-861C9447B404}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{B61F4A42-E4DC-43E3-BB3C-3726959D7B62}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B9961F03-ADD0-4945-9A92-36F1A4B7C419}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BDCA1DE0-7F64-49D7-AF35-912DA550F1BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BEFA8D79-0513-4027-AAA4-46AC7A603A77}" = protocol=6 | dir=out | app=system | "{C321EF9F-0CCA-4E12-8AC9-23747E482525}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C5D0B410-DC2D-4A5C-8FE9-AE6E42EE0AB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CE1A89D0-6AFB-43EC-87C6-0C10F60AF66D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DB0B0154-F904-4B09-A8A8-EC5B10045713}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{DB925EFC-EC85-4ACF-B019-F8C7C7069CE5}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | "{E1CC6B96-003D-4131-B49B-11D5D047BA25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E771E4FA-2DA5-4C71-8F6E-B0C1FDA7B7CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EAF71684-673A-4B23-875B-7FA4B7D99AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{EF1ABF3D-4F7F-4E76-B615-6B0B807A40BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EF424C1B-95FE-4606-98C4-91AB29FEFDFF}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "TCP Query User{33B69875-22AA-483D-B795-B89B2481F815}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | "TCP Query User{8951EC6A-FAFC-4DB2-B96C-5F4D59F4FF99}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | "TCP Query User{CA8E8E3A-2230-485F-8D8A-9C2674B1A7D5}C:\users\User***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\User***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{2773F213-0962-4CD0-80CA-ABA727F3ACE3}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | "UDP Query User{3CBF2538-7591-459F-9B7A-B208428FFE97}C:\users\User***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\User***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{F215D2B4-4228-4CAA-B989-4625EADA9848}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety "{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software "{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}" = Microsoft IntelliPoint 7.1 "{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2 "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{A2862596-B7C3-4D7F-A227-40FEDDF1332B}" = WEB.DE Toolbar MSVC100 CRT x64 "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2 "ProInst" = Intel PROSet Wireless "Redirection Port Monitor" = RedMon - Redirection Port Monitor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8 "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{CA2CE23E-6751-4828-AF8B-66EA06E697F6}" = Power Manager "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86 "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EDC7F608-2A5E-4933-8DAD-0BDD9D757EB5}" = BBZ "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.015 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox "1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0 "ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "Audacity_is1" = Audacity 1.2.6 "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor "BrowserCompanion" = BrowserCompanion "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "DPP" = Canon Utilities Digital Photo Professional 3.10 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EOS Sample Music" = Canon Utilities EOS Sample Music "EOS Utility" = Canon Utilities EOS Utility "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423 "FreeCommander_is1" = FreeCommander 2009.02b "Hotel Dash Suite Success" = Hotel Dash Suite Success "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "JOA_is1" = Jewels of Atlantis "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "PhotoScape" = PhotoScape "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "ProInst" = Intel PROSet Wireless "Update Engine" = Sony Ericsson Update Engine "WinLiveSuite" = Windows Live Essentials "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility "Zuma - Deluxe" = Zuma - Deluxe ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.07.2012 04:43:29 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:43:29.343]: [00005744]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 07.07.2012 04:43:29 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:43:29.343]: [00005744]: Initialize TwdsMain Class failed! Error - 07.07.2012 04:46:06 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:46:06.939]: [00005744]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 07.07.2012 04:46:06 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:46:06.939]: [00005744]: Initialize TwdsMain Class failed! Error - 07.07.2012 04:48:21 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:48:21.756]: [00005744]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 07.07.2012 04:48:21 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:48:21.756]: [00005744]: Initialize TwdsMain Class failed! Error - 07.07.2012 04:50:24 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:50:24.247]: [00005744]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 07.07.2012 04:50:24 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:50:24.247]: [00005744]: Initialize TwdsMain Class failed! Error - 07.07.2012 04:53:40 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:53:40.197]: [00005744]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 07.07.2012 04:53:40 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:53:40.197]: [00005744]: Initialize TwdsMain Class failed! Error - 07.07.2012 04:56:15 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:56:15.337]: [00005744]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 07.07.2012 04:56:15 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:56:15.337]: [00005744]: Initialize TwdsMain Class failed! Error - 07.07.2012 04:58:59 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:58:59.997]: [00005744]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 07.07.2012 04:58:59 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 10:58:59.997]: [00005744]: Initialize TwdsMain Class failed! Error - 07.07.2012 05:00:29 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 11:00:29.443]: [00005744]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 07.07.2012 05:00:29 | Computer Name = User***-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/07 11:00:29.443]: [00005744]: Initialize TwdsMain Class failed! [ OSession Events ] Error - 23.10.2011 12:31:55 | Computer Name = User***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11392 seconds with 5640 seconds of active time. This session ended with a crash. Error - 28.01.2012 09:17:40 | Computer Name = User***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1004 seconds with 960 seconds of active time. This session ended with a crash. [ System Events ] Error - 01.02.2012 16:16:53 | Computer Name = User***-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 05.02.2012 08:35:27 | Computer Name = User***-PC | Source = DCOM | ID = 10010 Description = Error - 09.02.2012 16:04:01 | Computer Name = User***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 11.02.2012 12:05:20 | Computer Name = User***-PC | Source = DCOM | ID = 10010 Description = Error - 16.02.2012 16:43:53 | Computer Name = User***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.02.2012 16:43:54 | Computer Name = User***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.02.2012 16:43:54 | Computer Name = User***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.02.2012 16:43:55 | Computer Name = User***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.02.2012 16:43:55 | Computer Name = User***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 23.02.2012 08:57:36 | Computer Name = User***-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. < End of report > Ich wollte noch bemerken, dass ich die OTL habe laufen lassen, bevor ich die infizierten Objekte von Malwarebytes in Quarantäne gesetzt hatte (aus Angst etwas aus Versehen zu löschen. Wie geht es jetzt weiter. Dringend Hilfe benötigt. Danke schon einmal im Voraus für die Bemühungen. |
14.07.2012, 10:35 | #2 |
/// Helfer-Team | GVU Trojaner unter Windows 7 mit WebcamBitte ein neues OTL-Logfile erstellen 1. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
14.07.2012, 12:19 | #3 |
| GVU Trojaner unter Windows 7 mit Webcam Hallo t´john,
__________________danke, dass du dich der Sache annimmst. Ich muss gestehen, dass ich auf diesem Gebiet vollkommen unerfahren bin. ich wollte gerade ein neues OTL log erstellen. Nach einiger zeit kommt die Fehlermeldung "List idex out of bounds (29)". Gestern hat es noch wunderbar funktioniert? Nachdem ich gestern den Beitrag gepostet habe und den Rechner ausgeschaltet habe, habe ich bemerkt, dass wohl ein Windows update installiert wurde. kann es daran liegen? Danke für die Hilfe. Viele Grüße |
14.07.2012, 12:23 | #4 |
/// Helfer-Team | GVU Trojaner unter Windows 7 mit Webcam Bitte mal neustarten, alle Virenscanner deaktivieren und erneut versuchen. |
14.07.2012, 12:47 | #5 |
| GVU Trojaner unter Windows 7 mit Webcam Hallo t´john, so ich habe den Rechner neu gestartet und meine Virenscanner (Trend Micro Titanium) ausgeschaltet. Leider weiß ich nicht, ob Malwarebytes, welches ich runtergeladen habe aktiv ist. Hir ist das Häkchen "Schutz aktivieren" grau hinterlegt. Habe daraufhin OTl nochmal laufen lassen mit dem gleichen Ergebnis 2list index out of bounds (29)". Unten in der fußzeile zeigt das OTL Fenster folgendes "Application event Log record 28361". |
14.07.2012, 20:02 | #6 |
/// Helfer-Team | GVU Trojaner unter Windows 7 mit Webcam Gut dann versuchen wir es so: http://www.trojaner-board.de/83878-o...processes.html dann OTL laufen lassen...
__________________ --> GVU Trojaner unter Windows 7 mit Webcam |
14.07.2012, 20:22 | #7 |
| GVU Trojaner unter Windows 7 mit Webcam OK, der Quick Scan läuft gerade. Ich werde nach dem Scan alle gefunden Infizierten Objekte löschen (also in Quarantäne setzen) und OTL erneut laufen lassen. Ich habe den gerade durchgeführten Prozess zwar nicht verstanden aber mal schauen, ob OTL jetzt funzt. Quick Scan ergab folgendes: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.14.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Melanie :: MELANIE-PC [Administrator] Schutz: Deaktiviert 14.07.2012 21:27:18 mbam-log-2012-07-14 (21-27-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236940 Laufzeit: 2 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Soll ich den Rechner jetzt neu starten, denn dies geschieht nicht automatisch, wie in der OTH Anleitung beschrieben (neu starten über OTH Reboot? Es hat geklappt. Anbei die Logs von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.07.2012 21:36:56 - Run 4 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Melanie\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 53,42% Memory free 7,83 Gb Paging File | 5,89 Gb Available in Paging File | 75,28% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 128,64 Gb Free Space | 64,32% Space Free | Partition Type: NTFS Drive D: | 240,76 Gb Total Space | 43,99 Gb Free Space | 18,27% Space Free | Partition Type: NTFS Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Melanie\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\PDF24-Creator\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Gembird\Power Manager\pm.exe (Gembird Electronics Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (TurboBoost) Intel(R) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.) DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.) DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.) DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.) DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Asus | MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Asus | MSN IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=da14c64900000000000078929c15abe1 IE - HKCU\..\SearchScopes\{435216DD-7692-4030-B308-075076971315}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_deDE451 IE - HKCU\..\SearchScopes\{8657A450-A790-46E0-A09B-28C941996A2F}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{943C70A8-F189-42C1-ACA0-B6A1F0145F0B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{9F2EDB52-9CA8-4254-B525-6F6CAC4716F6}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{DB07B951-34D7-4970-AAC7-DB6ECF09ECFA}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012.07.14 21:36:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 09:30:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Users\Melanie\AppData\Local\Temp\7zSF4DA.tmp\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Users\Melanie\AppData\Local\Temp\7zSF4DA.tmp\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 09:30:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.13 19:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions [2012.07.12 18:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\ox1chxpe.default\extensions [2012.05.05 22:22:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\ox1chxpe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.29 18:02:56 | 000,000,853 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\11-suche.xml [2012.03.28 15:44:54 | 000,000,925 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\conduit.xml [2012.06.29 18:02:56 | 000,002,209 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\englische-ergebnisse.xml [2012.06.29 18:02:56 | 000,010,506 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\gmx-suche.xml [2012.06.29 18:02:56 | 000,002,368 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\lastminute.xml [2012.06.29 18:02:56 | 000,005,489 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\webde-suche.xml [2012.03.21 20:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.29 17:56:47 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\MELANIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OX1CHXPE.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.23 09:30:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.23 09:30:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.23 09:30:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 09:30:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 09:30:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 09:30:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 09:30:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! Deutschland (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms} CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms} CHR - homepage: iGoogle CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Google Mail = C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24-Creator\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Power Manager] C:\Program Files (x86)\Gembird\Power Manager\pm.exe (Gembird Electronics Ltd.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8:64bit: - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Mit PDF Viewer Plus öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B765671D-37A7-4631-A008-A91FF2A1AAC4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD6FA579-54A8-4391-8465-38A1EC3ED1E5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.14 21:11:48 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTH.scr [2012.07.14 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Desktop\OTL_alt [2012.07.13 12:59:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.13 12:59:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.13 12:59:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.13 12:59:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.13 12:59:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.13 12:59:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.13 12:59:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.13 12:59:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.13 12:59:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.13 12:59:44 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.13 12:59:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.13 12:59:44 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.13 12:59:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.12 21:04:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe [2012.07.12 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\Malwarebytes [2012.07.12 20:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.12 20:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.12 20:29:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.12 20:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.12 20:28:33 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Melanie\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.12 18:48:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.12 18:48:19 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.12 18:14:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.12 18:14:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.12 18:14:24 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 22:20:19 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.07.11 22:18:26 | 000,000,000 | ---D | C] -- C:\Windows\en [2012.07.11 22:18:13 | 000,000,000 | ---D | C] -- C:\Windows\el [2012.07.11 22:18:07 | 000,000,000 | ---D | C] -- C:\Windows\es [2012.07.11 22:18:02 | 000,000,000 | ---D | C] -- C:\Windows\fr [2012.07.11 22:17:54 | 000,000,000 | ---D | C] -- C:\Windows\he [2012.07.11 22:17:47 | 000,000,000 | ---D | C] -- C:\Windows\it [2012.07.11 22:17:41 | 000,000,000 | ---D | C] -- C:\Windows\nl [2012.07.11 22:17:27 | 000,000,000 | ---D | C] -- C:\Windows\ru [2012.07.11 22:17:19 | 000,000,000 | ---D | C] -- C:\Windows\ar [2012.07.11 22:10:28 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2012.07.11 22:09:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.11 21:55:33 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{F2397EC0-EF20-41DE-ABB3-1F695D4508B9} [2012.07.11 21:55:11 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{A4A0FB67-7842-4E00-9ADD-EE0843B19706} [2012.07.10 21:34:37 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012.07.10 18:38:00 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{AA838871-B6E1-4663-A07F-61A5663A47E2} [2012.07.10 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{34D935C6-ADAA-4A57-A476-BA6DDCB4C8BD} [2012.07.10 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{5F566CF3-D66F-4C95-A25F-1BD82C970A99} [2012.07.10 18:37:18 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{FDA900F3-558B-4687-B045-0D2DF13123D9} [2012.07.08 13:50:11 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{9DBF813C-43CA-4546-A0AB-509FCB203BDD} [2012.07.08 13:50:01 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{31F2AC1B-B86A-4164-9921-35AE431C7685} [2012.07.08 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{49298689-A7EA-4B59-8354-E0D7E9E678A4} [2012.07.08 13:49:41 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{69FA239F-D395-4484-B5E2-782A29AD11D1} [2012.07.08 13:49:32 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{AA60E430-7B20-46C7-A852-2A9CC7F80DD8} [2012.07.08 13:49:10 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{CD4DE722-215B-4C31-A8F3-1831C064F736} [2012.07.08 13:14:43 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{63AD87A4-11BB-4CE8-8760-B3ECE9831E9E} [2012.07.08 13:14:21 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{926C571C-29BA-4C09-B500-6FEF4565C91D} [2012.07.07 23:23:51 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{86F355A5-155B-4C9E-B949-17FA53995B8C} [2012.07.07 23:23:38 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{84B25411-66F5-45C0-A208-06AA29BCF42E} [2012.07.07 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{101EBAB2-E8DA-4637-B0EE-0C10EC33D3EC} [2012.07.07 23:23:13 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{072DECE0-8103-45F4-974D-F890D23E6E00} [2012.07.07 23:05:07 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{34D059B1-EC6D-4A74-B986-DB068170203E} [2012.07.07 23:04:58 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{2D8245E6-A844-4B9B-8BDA-06C1D72A437F} [2012.07.07 23:04:48 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{9096597A-46CD-424E-A729-A491B096B754} [2012.07.07 23:04:39 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{51615FF5-D4CA-4716-81BF-2D501575AD0C} [2012.07.07 23:04:29 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{75F811DE-1957-446D-B690-265536C70EA4} [2012.07.07 23:04:09 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{C69E0FE5-DD3C-4C34-B7DC-01C46E1F418E} [2012.07.07 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{7E3E1A61-628D-41C8-923E-464FC06E590F} [2012.07.07 23:01:54 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{D593E530-646E-481C-AC80-04B65F410912} [2012.07.07 23:01:45 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{1705854E-F491-4FB5-94CC-8DAD9E8D83D9} [2012.07.07 23:01:35 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{23AFE5CB-E7F0-4447-90EC-441C10C880A4} [2012.07.07 22:44:30 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{89CE82F0-C09D-4AC5-92FE-B97C04E793E5} [2012.07.07 22:26:38 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{C5EB99F7-945A-41F9-AC45-440435CC9FE3} [2012.07.07 22:26:23 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{E0D99E8D-67EF-48BE-B67B-2F40E67C7E6D} [2012.07.01 16:27:34 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Desktop\Passat [2012.06.25 16:46:55 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\Macromedia [2012.06.25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [2012.06.19 17:33:56 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.19 17:33:56 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.19 17:33:56 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.19 17:33:41 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.19 17:33:41 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.19 17:33:41 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.19 17:33:28 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.19 17:33:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.14 21:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.14 21:42:02 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.14 21:42:02 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.14 21:34:54 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.07.14 21:34:52 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.14 21:34:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.14 21:34:21 | 3151,835,136 | -HS- | M] () -- C:\hiberfil.sys [2012.07.14 21:15:52 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.14 21:11:51 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTH.scr [2012.07.14 14:01:29 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.13 16:14:53 | 000,655,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 22:11:41 | 000,001,439 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.07.12 21:04:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe [2012.07.12 21:02:15 | 000,000,000 | ---- | M] () -- C:\Users\Melanie\defogger_reenable [2012.07.12 21:01:38 | 000,050,477 | ---- | M] () -- C:\Users\Melanie\Desktop\Defogger.exe [2012.07.12 20:28:34 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Melanie\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.12 20:17:00 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.12 20:17:00 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.12 20:17:00 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.12 20:17:00 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.12 20:17:00 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.12 20:11:14 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.12 19:53:18 | 280,918,016 | ---- | M] () -- C:\Users\Melanie\Desktop\kav_rescue_10.iso [2012.07.12 12:45:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.12 12:45:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 20:49:22 | 001,118,525 | ---- | M] () -- C:\Users\Melanie\Desktop\IMG_5526.JPG [2012.06.25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.12 21:02:15 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\defogger_reenable [2012.07.12 20:59:11 | 000,050,477 | ---- | C] () -- C:\Users\Melanie\Desktop\Defogger.exe [2012.07.12 20:29:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 19:44:36 | 280,918,016 | ---- | C] () -- C:\Users\Melanie\Desktop\kav_rescue_10.iso [2012.07.12 19:20:05 | 000,655,688 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 18:05:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.07.02 20:49:16 | 001,118,525 | ---- | C] () -- C:\Users\Melanie\Desktop\IMG_5526.JPG [2012.01.03 17:55:36 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.01.03 17:55:36 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.01.03 17:54:39 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI [2012.01.03 17:53:21 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.01.03 17:53:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.01.03 17:53:06 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.01.03 17:53:00 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.10.17 17:36:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.10.17 17:36:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.07.07 08:12:52 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.07 08:12:49 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.07 08:12:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2011.12.19 22:05:49 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\1&1 Mail & Media GmbH [2011.09.27 20:47:46 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\ASUS WebStorage [2012.02.07 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Babylon [2012.06.05 13:55:03 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\BBZ [2012.05.26 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Canon [2012.01.03 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\ControlCenter4 [2012.07.14 21:35:35 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Dropbox [2012.05.05 22:23:10 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DVDVideoSoft [2012.05.05 22:22:33 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.11 12:53:58 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\FreeCommander [2011.12.13 21:37:47 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\FreePDF [2011.12.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\GHISLER [2012.04.17 07:42:40 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Juniper Networks [2012.01.03 18:04:02 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Nuance [2012.06.13 19:43:47 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\pdfforge [2012.04.23 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\PhotoScape [2012.01.19 17:30:39 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Sony [2012.02.07 15:50:33 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\streamripper [2011.09.27 23:18:20 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Windows Live Writer [2011.10.15 17:34:28 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Zeon [2012.05.20 16:23:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC < End of report > Und das OTL EXTRAOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.07.2012 21:36:56 - Run 4 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Melanie\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 53,42% Memory free 7,83 Gb Paging File | 5,89 Gb Available in Paging File | 75,28% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 128,64 Gb Free Space | 64,32% Space Free | Partition Type: NTFS Drive D: | 240,76 Gb Total Space | 43,99 Gb Free Space | 18,27% Space Free | Partition Type: NTFS Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F020051-C459-46DC-A28B-DC38C17B8E3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{147E254D-BD46-4E76-9E2E-99C4649BC80A}" = lport=139 | protocol=6 | dir=in | app=system | "{1812505C-0630-4EB1-845A-DE946819DE71}" = rport=139 | protocol=6 | dir=out | app=system | "{1A2E26B3-FD4D-4B22-9EE8-A587BF28EB13}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1E35FEBF-0B8D-4A78-A440-56F004190922}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{2588F5E8-82E5-4C6F-BA2F-8663F742DC29}" = lport=137 | protocol=17 | dir=in | app=system | "{325D28F8-D926-4583-A297-4CA3A16EE24E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{341C43E9-A471-4260-9CBE-535E6695021F}" = rport=138 | protocol=17 | dir=out | app=system | "{439C6598-E317-400B-AD3E-30789F5335AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{49AB69B7-D098-4839-ADBD-691ED6C28D4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B6C8F77-9BDF-4E82-B006-01D4E6CE0472}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{5C72F787-DAF7-4348-984B-19D85B6E64CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{70484A7D-A0A3-4496-AD22-217E83D65AAB}" = rport=10243 | protocol=6 | dir=out | app=system | "{7C109493-0822-438D-A83D-31096F41D929}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{83E081B2-FB36-4F52-8912-3C1B2DAE23F7}" = lport=10243 | protocol=6 | dir=in | app=system | "{8B43FCD8-C03E-4839-A241-87E2B507222B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9911DA4F-B085-4BDE-A479-0C428E27BF47}" = rport=445 | protocol=6 | dir=out | app=system | "{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{B2DA5300-43F4-4DC7-B3A0-0ADE4235A256}" = lport=138 | protocol=17 | dir=in | app=system | "{B375404F-525C-4A40-A80F-A224DA79C803}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3852138-36E9-4EF8-9958-48A8B824E763}" = rport=137 | protocol=17 | dir=out | app=system | "{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B8D81D15-3C11-41F1-958F-E27C305277EA}" = lport=445 | protocol=6 | dir=in | app=system | "{BC4027B0-8BD3-47BA-88E3-78944E5A778A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E483ACDB-1F89-43F9-93FE-3B0B195EE2A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EF4703C8-965C-4D22-9CF3-1E4B5FA89242}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F91605E1-25D0-4BD4-BB58-9E41F934AA37}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09F03E67-E09C-43B2-9B7B-476A857EB12F}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{113478BD-96A2-499F-A1CD-07873E948F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{18FA41C9-0D6C-4E91-A311-8DF4945E4BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{1CBF9902-39E5-4D82-B861-2E8DAD4FBD8C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{255F62A6-DF23-46A5-AEFE-46408F982A7A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{25E9E4E5-3FD9-4B33-BB96-D9E7D14C7349}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | "{26803BE5-F0BE-425B-86E1-9E0B95A665EE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{26C6CA2B-2CC3-4743-94DE-0BA6DC6CEA8C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2E7E6E21-6A3A-4267-8FCA-054ADEB97AF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{319B26FB-F6AC-40A7-9752-E2429F78072E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{31FC0137-B781-4217-9C92-1FEFB9E6ECE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B6BAB7B-B93A-4FD5-AF5F-1ED886B53844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{412750CF-5ACB-484A-9BC3-8931AFF4368E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{43AB61AA-AAFD-4A59-A7FA-439DA1F03517}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{43CEA3D4-27B1-44F2-950F-CDEC2E06A235}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5398A68D-C7D1-4540-97CC-71678EFE195B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{5DB1E0A4-EAC0-4B2F-A3D2-CC641271D5B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5F558219-2F4A-4D33-84D2-26C0EC2174D1}" = protocol=17 | dir=in | app=c:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe | "{61BE722F-47B8-4C31-9759-5559578A01DE}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{61FC8E2D-0654-487A-B8F5-A980005EFF42}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{639D5997-2954-42D2-8CC5-AC1B59E1D7DC}" = protocol=6 | dir=in | app=c:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe | "{6A2C9F97-4CB7-4210-B6FF-93D71833C1FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6CD76A1F-E002-47BE-B9DC-17622F7BC178}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{730096A5-AE50-41BB-83AF-FAF3E4D0C573}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8513F52D-71AA-42C7-B926-38D9511A3056}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{94FFFEAC-C708-4E8B-BA9D-EC6CB54A73E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A5EE7B03-10A9-427C-B377-4BB37C525D22}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A822F1C3-3E5E-4BD6-9916-861C9447B404}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{B61F4A42-E4DC-43E3-BB3C-3726959D7B62}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B9961F03-ADD0-4945-9A92-36F1A4B7C419}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BDCA1DE0-7F64-49D7-AF35-912DA550F1BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BEFA8D79-0513-4027-AAA4-46AC7A603A77}" = protocol=6 | dir=out | app=system | "{C321EF9F-0CCA-4E12-8AC9-23747E482525}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C5D0B410-DC2D-4A5C-8FE9-AE6E42EE0AB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CE1A89D0-6AFB-43EC-87C6-0C10F60AF66D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DB0B0154-F904-4B09-A8A8-EC5B10045713}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{DB925EFC-EC85-4ACF-B019-F8C7C7069CE5}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | "{E1CC6B96-003D-4131-B49B-11D5D047BA25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E771E4FA-2DA5-4C71-8F6E-B0C1FDA7B7CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EAF71684-673A-4B23-875B-7FA4B7D99AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{EF1ABF3D-4F7F-4E76-B615-6B0B807A40BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EF424C1B-95FE-4606-98C4-91AB29FEFDFF}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "TCP Query User{33B69875-22AA-483D-B795-B89B2481F815}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | "TCP Query User{8951EC6A-FAFC-4DB2-B96C-5F4D59F4FF99}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | "TCP Query User{CA8E8E3A-2230-485F-8D8A-9C2674B1A7D5}C:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{2773F213-0962-4CD0-80CA-ABA727F3ACE3}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | "UDP Query User{3CBF2538-7591-459F-9B7A-B208428FFE97}C:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{F215D2B4-4228-4CAA-B989-4625EADA9848}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety "{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software "{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}" = Microsoft IntelliPoint 7.1 "{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2 "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{A2862596-B7C3-4D7F-A227-40FEDDF1332B}" = WEB.DE Toolbar MSVC100 CRT x64 "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2 "ProInst" = Intel PROSet Wireless "Redirection Port Monitor" = RedMon - Redirection Port Monitor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8 "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{CA2CE23E-6751-4828-AF8B-66EA06E697F6}" = Power Manager "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86 "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EDC7F608-2A5E-4933-8DAD-0BDD9D757EB5}" = BBZ "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.015 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox "1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0 "ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "Audacity_is1" = Audacity 1.2.6 "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "DPP" = Canon Utilities Digital Photo Professional 3.10 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EOS Sample Music" = Canon Utilities EOS Sample Music "EOS Utility" = Canon Utilities EOS Utility "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423 "FreeCommander_is1" = FreeCommander 2009.02b "Hotel Dash Suite Success" = Hotel Dash Suite Success "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "JOA_is1" = Jewels of Atlantis "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "PhotoScape" = PhotoScape "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "ProInst" = Intel PROSet Wireless "Update Engine" = Sony Ericsson Update Engine "WinLiveSuite" = Windows Live Essentials "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility "Zuma - Deluxe" = Zuma - Deluxe ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.07.2012 15:35:08 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000 Error - 07.07.2012 17:23:38 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wlsetup.exe, Version: 15.4.3555.308, Zeitstempel: 0x4f596768 Name des fehlerhaften Moduls: msi.dll, Version: 5.0.7601.17807, Zeitstempel: 0x4f802294 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001eb94 ID des fehlerhaften Prozesses: 0x236c Startzeit der fehlerhaften Anwendung: 0x01cd5c86c0d467af Pfad der fehlerhaften Anwendung: C:\Users\Melanie\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\msi.dll Berichtskennung: 03a0afc0-c87a-11e1-866b-14dae96380d9 Error - 08.07.2012 05:28:00 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000 Error - 08.07.2012 08:25:12 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000 Error - 08.07.2012 13:43:51 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 08.07.2012 13:43:51 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13697 Error - 08.07.2012 13:43:51 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13697 Error - 09.07.2012 12:07:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 09.07.2012 12:07:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1107 Error - 09.07.2012 12:07:35 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1107 Error - 09.07.2012 12:07:36 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 09.07.2012 12:07:36 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2137 Error - 09.07.2012 12:07:36 | Computer Name = Melanie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2137 Error - 10.07.2012 12:37:48 | Computer Name = Melanie-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/10 18:37:48.388]: [00008036]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 10.07.2012 12:37:48 | Computer Name = Melanie-PC | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2012/07/10 18:37:48.394]: [00008036]: Initialize TwdsMain Class failed! Error - 11.07.2012 14:19:41 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000 [ OSession Events ] Error - 23.10.2011 12:31:55 | Computer Name = Melanie-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11392 seconds with 5640 seconds of active time. This session ended with a crash. Error - 28.01.2012 09:17:40 | Computer Name = Melanie-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1004 seconds with 960 seconds of active time. This session ended with a crash. [ System Events ] Error - 01.02.2012 16:16:53 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 05.02.2012 08:35:27 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010 Description = Error - 09.02.2012 16:04:01 | Computer Name = Melanie-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 11.02.2012 12:05:20 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010 Description = Error - 16.02.2012 16:43:53 | Computer Name = Melanie-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.02.2012 16:43:54 | Computer Name = Melanie-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.02.2012 16:43:54 | Computer Name = Melanie-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.02.2012 16:43:55 | Computer Name = Melanie-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 16.02.2012 16:43:55 | Computer Name = Melanie-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 23.02.2012 08:57:36 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. < End of report > |
14.07.2012, 21:09 | #8 |
/// Helfer-Team | GVU Trojaner unter Windows 7 mit Webcam Sehr gut! Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=da14c64900000000000078929c15abe1 IE - HKCU\..\SearchScopes\{435216DD-7692-4030-B308-075076971315}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_deDE451 IE - HKCU\..\SearchScopes\{8657A450-A790-46E0-A09B-28C941996A2F}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{943C70A8-F189-42C1-ACA0-B6A1F0145F0B}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{9F2EDB52-9CA8-4254-B525-6F6CAC4716F6}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{DB07B951-34D7-4970-AAC7-DB6ECF09ECFA}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab (Reg Error: Key error.) O32 - HKLM CDRom: AutoRun - 1 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC [2012.07.14 21:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.14 21:34:52 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.14 14:01:29 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.12 20:11:14 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.12 18:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\ox1chxpe.default\extensions [2012.07.12 18:05:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.02.07 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Babylon :Files C:\ProgramData\go_0molg.pad ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
14.07.2012, 21:20 | #9 |
| GVU Trojaner unter Windows 7 mit Webcam das Fixieren hat geklappt. Anbei das Logfile: Error: Unable to interpret <OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.07.2012 21:36:56 - Run 4> in the current context! Error: Unable to interpret <OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Melanie\Desktop> in the current context! Error: Unable to interpret <64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context! Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context! Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <3,91 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 53,42% Memory free> in the current context! Error: Unable to interpret <7,83 Gb Paging File | 5,89 Gb Available in Paging File | 75,28% Paging File free> in the current context! Error: Unable to interpret <Paging file location(s): c:\pagefile.sys 0 0 [binary data]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context! Error: Unable to interpret <Drive C: | 200,00 Gb Total Space | 128,64 Gb Free Space | 64,32% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive D: | 240,76 Gb Total Space | 43,99 Gb Free Space | 18,27% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.> in the current context! Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans> in the current context! Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Extra Registry (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== File Associations ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context! Error: Unable to interpret <.html[@ = ChromeHTML] -- Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context! Error: Unable to interpret <.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <.html [@ = ChromeHTML] -- Reg Error: Key error. File not found> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]> in the current context! Error: Unable to interpret <.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Shell Spawning ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context! Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context! Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <htmlfile [edit] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"> in the current context! Error: Unable to interpret <http [open] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <https [open] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context! Error: Unable to interpret <InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)> in the current context! Error: Unable to interpret <InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)> in the current context! Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context! Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <scrfile [config] -- "%1"> in the current context! Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context! Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context! Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context! Error: Unable to interpret <Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()> in the current context! Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context! Error: Unable to interpret <Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)> in the current context! Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()> in the current context! Error: Unable to interpret <Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"> in the current context! Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context! Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context! Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)> in the current context! Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context! Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <htmlfile [edit] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"> in the current context! Error: Unable to interpret <http [open] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <https [open] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context! Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context! Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <scrfile [config] -- "%1"> in the current context! Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context! Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context! Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context! Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context! Error: Unable to interpret <Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()> in the current context! Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context! Error: Unable to interpret <Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)> in the current context! Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()> in the current context! Error: Unable to interpret <Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"> in the current context! Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context! Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Security Center Settings ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context! Error: Unable to interpret <"cval" = 1> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context! Error: Unable to interpret <"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]> in the current context! Error: Unable to interpret <"AntiVirusOverride" = 0> in the current context! Error: Unable to interpret <"AntiSpywareOverride" = 0> in the current context! Error: Unable to interpret <"FirewallOverride" = 0> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Firewall Settings ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]> in the current context! Error: Unable to interpret <"DisableNotifications" = 0> in the current context! Error: Unable to interpret <"EnableFirewall" = 1> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]> in the current context! Error: Unable to interpret <"DisableNotifications" = 0> in the current context! Error: Unable to interpret <"EnableFirewall" = 1> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]> in the current context! Error: Unable to interpret <"DisableNotifications" = 0> in the current context! Error: Unable to interpret <"EnableFirewall" = 1> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Authorized Applications List ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Vista Active Open Ports Exception List ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context! Error: Unable to interpret <"{0F020051-C459-46DC-A28B-DC38C17B8E3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{147E254D-BD46-4E76-9E2E-99C4649BC80A}" = lport=139 | protocol=6 | dir=in | app=system | > in the current context! Error: Unable to interpret <"{1812505C-0630-4EB1-845A-DE946819DE71}" = rport=139 | protocol=6 | dir=out | app=system | > in the current context! Error: Unable to interpret <"{1A2E26B3-FD4D-4B22-9EE8-A587BF28EB13}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{1E35FEBF-0B8D-4A78-A440-56F004190922}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | > in the current context! Error: Unable to interpret <"{2588F5E8-82E5-4C6F-BA2F-8663F742DC29}" = lport=137 | protocol=17 | dir=in | app=system | > in the current context! Error: Unable to interpret <"{325D28F8-D926-4583-A297-4CA3A16EE24E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{341C43E9-A471-4260-9CBE-535E6695021F}" = rport=138 | protocol=17 | dir=out | app=system | > in the current context! Error: Unable to interpret <"{439C6598-E317-400B-AD3E-30789F5335AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{49AB69B7-D098-4839-ADBD-691ED6C28D4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{4B6C8F77-9BDF-4E82-B006-01D4E6CE0472}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | > in the current context! Error: Unable to interpret <"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | > in the current context! Error: Unable to interpret <"{5C72F787-DAF7-4348-984B-19D85B6E64CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | > in the current context! Error: Unable to interpret <"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | > in the current context! Error: Unable to interpret <"{70484A7D-A0A3-4496-AD22-217E83D65AAB}" = rport=10243 | protocol=6 | dir=out | app=system | > in the current context! Error: Unable to interpret <"{7C109493-0822-438D-A83D-31096F41D929}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | > in the current context! Error: Unable to interpret <"{83E081B2-FB36-4F52-8912-3C1B2DAE23F7}" = lport=10243 | protocol=6 | dir=in | app=system | > in the current context! Error: Unable to interpret <"{8B43FCD8-C03E-4839-A241-87E2B507222B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{9911DA4F-B085-4BDE-A479-0C428E27BF47}" = rport=445 | protocol=6 | dir=out | app=system | > in the current context! Error: Unable to interpret <"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | > in the current context! Error: Unable to interpret <"{B2DA5300-43F4-4DC7-B3A0-0ADE4235A256}" = lport=138 | protocol=17 | dir=in | app=system | > in the current context! Error: Unable to interpret <"{B375404F-525C-4A40-A80F-A224DA79C803}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{B3852138-36E9-4EF8-9958-48A8B824E763}" = rport=137 | protocol=17 | dir=out | app=system | > in the current context! Error: Unable to interpret <"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | > in the current context! Error: Unable to interpret <"{B8D81D15-3C11-41F1-958F-E27C305277EA}" = lport=445 | protocol=6 | dir=in | app=system | > in the current context! Error: Unable to interpret <"{BC4027B0-8BD3-47BA-88E3-78944E5A778A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{E483ACDB-1F89-43F9-93FE-3B0B195EE2A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{EF4703C8-965C-4D22-9CF3-1E4B5FA89242}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{F91605E1-25D0-4BD4-BB58-9E41F934AA37}" = lport=2869 | protocol=6 | dir=in | app=system | > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Vista Active Application Exception List ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context! Error: Unable to interpret <"{09F03E67-E09C-43B2-9B7B-476A857EB12F}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | > in the current context! Error: Unable to interpret <"{113478BD-96A2-499F-A1CD-07873E948F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | > in the current context! Error: Unable to interpret <"{18FA41C9-0D6C-4E91-A311-8DF4945E4BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | > in the current context! Error: Unable to interpret <"{1CBF9902-39E5-4D82-B861-2E8DAD4FBD8C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | > in the current context! Error: Unable to interpret <"{255F62A6-DF23-46A5-AEFE-46408F982A7A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | > in the current context! Error: Unable to interpret <"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | > in the current context! Error: Unable to interpret <"{25E9E4E5-3FD9-4B33-BB96-D9E7D14C7349}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | > in the current context! Error: Unable to interpret <"{26803BE5-F0BE-425B-86E1-9E0B95A665EE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | > in the current context! Error: Unable to interpret <"{26C6CA2B-2CC3-4743-94DE-0BA6DC6CEA8C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | > in the current context! Error: Unable to interpret <"{2E7E6E21-6A3A-4267-8FCA-054ADEB97AF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | > in the current context! Error: Unable to interpret <"{319B26FB-F6AC-40A7-9752-E2429F78072E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | > in the current context! Error: Unable to interpret <"{31FC0137-B781-4217-9C92-1FEFB9E6ECE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | > in the current context! Error: Unable to interpret <"{3B6BAB7B-B93A-4FD5-AF5F-1ED886B53844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > in the current context! Error: Unable to interpret <"{412750CF-5ACB-484A-9BC3-8931AFF4368E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | > in the current context! Error: Unable to interpret <"{43AB61AA-AAFD-4A59-A7FA-439DA1F03517}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | > in the current context! Error: Unable to interpret <"{43CEA3D4-27B1-44F2-950F-CDEC2E06A235}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | > in the current context! Error: Unable to interpret <"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | > in the current context! Error: Unable to interpret <"{5398A68D-C7D1-4540-97CC-71678EFE195B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | > in the current context! Error: Unable to interpret <"{5DB1E0A4-EAC0-4B2F-A3D2-CC641271D5B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | > in the current context! Error: Unable to interpret <"{5F558219-2F4A-4D33-84D2-26C0EC2174D1}" = protocol=17 | dir=in | app=c:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe | > in the current context! Error: Unable to interpret <"{61BE722F-47B8-4C31-9759-5559578A01DE}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | > in the current context! Error: Unable to interpret <"{61FC8E2D-0654-487A-B8F5-A980005EFF42}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | > in the current context! Error: Unable to interpret <"{639D5997-2954-42D2-8CC5-AC1B59E1D7DC}" = protocol=6 | dir=in | app=c:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe | > in the current context! Error: Unable to interpret <"{6A2C9F97-4CB7-4210-B6FF-93D71833C1FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | > in the current context! Error: Unable to interpret <"{6CD76A1F-E002-47BE-B9DC-17622F7BC178}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | > in the current context! Error: Unable to interpret <"{730096A5-AE50-41BB-83AF-FAF3E4D0C573}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | > in the current context! Error: Unable to interpret <"{8513F52D-71AA-42C7-B926-38D9511A3056}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | > in the current context! Error: Unable to interpret <"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | > in the current context! Error: Unable to interpret <"{94FFFEAC-C708-4E8B-BA9D-EC6CB54A73E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | > in the current context! Error: Unable to interpret <"{A5EE7B03-10A9-427C-B377-4BB37C525D22}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | > in the current context! Error: Unable to interpret <"{A822F1C3-3E5E-4BD6-9916-861C9447B404}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | > in the current context! Error: Unable to interpret <"{B61F4A42-E4DC-43E3-BB3C-3726959D7B62}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | > in the current context! Error: Unable to interpret <"{B9961F03-ADD0-4945-9A92-36F1A4B7C419}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | > in the current context! Error: Unable to interpret <"{BDCA1DE0-7F64-49D7-AF35-912DA550F1BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > in the current context! Error: Unable to interpret <"{BEFA8D79-0513-4027-AAA4-46AC7A603A77}" = protocol=6 | dir=out | app=system | > in the current context! Error: Unable to interpret <"{C321EF9F-0CCA-4E12-8AC9-23747E482525}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | > in the current context! Error: Unable to interpret <"{C5D0B410-DC2D-4A5C-8FE9-AE6E42EE0AB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > in the current context! Error: Unable to interpret <"{CE1A89D0-6AFB-43EC-87C6-0C10F60AF66D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | > in the current context! Error: Unable to interpret <"{DB0B0154-F904-4B09-A8A8-EC5B10045713}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | > in the current context! Error: Unable to interpret <"{DB925EFC-EC85-4ACF-B019-F8C7C7069CE5}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | > in the current context! Error: Unable to interpret <"{E1CC6B96-003D-4131-B49B-11D5D047BA25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > in the current context! Error: Unable to interpret <"{E771E4FA-2DA5-4C71-8F6E-B0C1FDA7B7CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | > in the current context! Error: Unable to interpret <"{EAF71684-673A-4B23-875B-7FA4B7D99AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | > in the current context! Error: Unable to interpret <"{EF1ABF3D-4F7F-4E76-B615-6B0B807A40BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | > in the current context! Error: Unable to interpret <"{EF424C1B-95FE-4606-98C4-91AB29FEFDFF}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | > in the current context! Error: Unable to interpret <"TCP Query User{33B69875-22AA-483D-B795-B89B2481F815}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | > in the current context! Error: Unable to interpret <"TCP Query User{8951EC6A-FAFC-4DB2-B96C-5F4D59F4FF99}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | > in the current context! Error: Unable to interpret <"TCP Query User{CA8E8E3A-2230-485F-8D8A-9C2674B1A7D5}C:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe | > in the current context! Error: Unable to interpret <"UDP Query User{2773F213-0962-4CD0-80CA-ABA727F3ACE3}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | > in the current context! Error: Unable to interpret <"UDP Query User{3CBF2538-7591-459F-9B7A-B208428FFE97}C:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\melanie\appdata\roaming\dropbox\bin\dropbox.exe | > in the current context! Error: Unable to interpret <"UDP Query User{F215D2B4-4228-4CAA-B989-4625EADA9848}C:\program files (x86)\gembird\power manager\pm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gembird\power manager\pm.exe | > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== HKEY_LOCAL_MACHINE Uninstall List ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context! Error: Unable to interpret <"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector> in the current context! Error: Unable to interpret <"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack> in the current context! Error: Unable to interpret <"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot> in the current context! Error: Unable to interpret <"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant> in the current context! Error: Unable to interpret <"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor> in the current context! Error: Unable to interpret <"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software> in the current context! Error: Unable to interpret <"{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes> in the current context! Error: Unable to interpret <"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}" = Microsoft IntelliPoint 7.1> in the current context! Error: Unable to interpret <"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)> in the current context! Error: Unable to interpret <"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour> in the current context! Error: Unable to interpret <"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit> in the current context! Error: Unable to interpret <"{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support> in the current context! Error: Unable to interpret <"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2> in the current context! Error: Unable to interpret <"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007> in the current context! Error: Unable to interpret <"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007> in the current context! Error: Unable to interpret <"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting> in the current context! Error: Unable to interpret <"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid> in the current context! Error: Unable to interpret <"{A2862596-B7C3-4D7F-A227-40FEDDF1332B}" = WEB.DE Toolbar MSVC100 CRT x64> in the current context! Error: Unable to interpret <"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security> in the current context! Error: Unable to interpret <"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security> in the current context! Error: Unable to interpret <"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)> in the current context! Error: Unable to interpret <"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56> in the current context! Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56> in the current context! Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22> in the current context! Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application> in the current context! Error: Unable to interpret <"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components> in the current context! Error: Unable to interpret <"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety> in the current context! Error: Unable to interpret <"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter> in the current context! Error: Unable to interpret <"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client> in the current context! Error: Unable to interpret <"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service> in the current context! Error: Unable to interpret <"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile> in the current context! Error: Unable to interpret <"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources> in the current context! Error: Unable to interpret <"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources> in the current context! Error: Unable to interpret <"CCleaner" = CCleaner> in the current context! Error: Unable to interpret <"Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL> in the current context! Error: Unable to interpret <"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile> in the current context! Error: Unable to interpret <"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack> in the current context! Error: Unable to interpret <"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2> in the current context! Error: Unable to interpret <"ProInst" = Intel PROSet Wireless> in the current context! Error: Unable to interpret <"Redirection Port Monitor" = RedMon - Redirection Port Monitor> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context! Error: Unable to interpret <"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator> in the current context! Error: Unable to interpret <"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas> in the current context! Error: Unable to interpret <"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional> in the current context! Error: Unable to interpret <"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology> in the current context! Error: Unable to interpret <"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus> in the current context! Error: Unable to interpret <"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live> in the current context! Error: Unable to interpret <"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer> in the current context! Error: Unable to interpret <"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live> in the current context! Error: Unable to interpret <"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW> in the current context! Error: Unable to interpret <"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials> in the current context! Error: Unable to interpret <"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer> in the current context! Error: Unable to interpret <"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser> in the current context! Error: Unable to interpret <"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3> in the current context! Error: Unable to interpret <"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update> in the current context! Error: Unable to interpret <"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions> in the current context! Error: Unable to interpret <"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3> in the current context! Error: Unable to interpret <"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer> in the current context! Error: Unable to interpret <"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20> in the current context! Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31> in the current context! Error: Unable to interpret <"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus> in the current context! Error: Unable to interpret <"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections> in the current context! Error: Unable to interpret <"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials> in the current context! Error: Unable to interpret <"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart> in the current context! Error: Unable to interpret <"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery> in the current context! Error: Unable to interpret <"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live> in the current context! Error: Unable to interpret <"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support> in the current context! Error: Unable to interpret <"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery> in the current context! Error: Unable to interpret <"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery> in the current context! Error: Unable to interpret <"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go> in the current context! Error: Unable to interpret <"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live> in the current context! Error: Unable to interpret <"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater> in the current context! Error: Unable to interpret <"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance> in the current context! Error: Unable to interpret <"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth> in the current context! Error: Unable to interpret <"{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8> in the current context! Error: Unable to interpret <"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項> in the current context! Error: Unable to interpret <"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver> in the current context! Error: Unable to interpret <"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon> in the current context! Error: Unable to interpret <"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE> in the current context! Error: Unable to interpret <"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729> in the current context! Error: Unable to interpret <"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12> in the current context! Error: Unable to interpret <"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable> in the current context! Error: Unable to interpret <"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live> in the current context! Error: Unable to interpret <"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update> in the current context! Error: Unable to interpret <"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials> in the current context! Error: Unable to interpret <"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0> in the current context! Error: Unable to interpret <"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable> in the current context! Error: Unable to interpret <"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform> in the current context! Error: Unable to interpret <"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials> in the current context! Error: Unable to interpret <"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver> in the current context! Error: Unable to interpret <"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight> in the current context! Error: Unable to interpret <"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime> in the current context! Error: Unable to interpret <"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT> in the current context! Error: Unable to interpret <"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash> in the current context! Error: Unable to interpret <"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007> in the current context! Error: Unable to interpret <"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007> in the current context! Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007> in the current context! Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007> in the current context! Error: Unable to interpret <"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007> in the current context! Error: Unable to interpret <"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007> in the current context! Error: Unable to interpret <"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007> in the current context! Error: Unable to interpret <"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)> in the current context! Error: Unable to interpret <"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In> in the current context! Error: Unable to interpret <"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161> in the current context! Error: Unable to interpret <"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים> in the current context! Error: Unable to interpret <"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite> in the current context! Error: Unable to interpret <"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery> in the current context! Error: Unable to interpret <"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper> in the current context! Error: Unable to interpret <"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6> in the current context! Error: Unable to interpret <"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package> in the current context! Error: Unable to interpret <"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials> in the current context! Error: Unable to interpret <"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch> in the current context! Error: Unable to interpret <"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie> in the current context! Error: Unable to interpret <"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader> in the current context! Error: Unable to interpret <"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials> in the current context! Error: Unable to interpret <"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live> in the current context! Error: Unable to interpret <"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений> in the current context! Error: Unable to interpret <"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live> in the current context! Error: Unable to interpret <"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen> in the current context! Error: Unable to interpret <"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections> in the current context! Error: Unable to interpret <"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint> in the current context! Error: Unable to interpret <"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections> in the current context! Error: Unable to interpret <"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{CA2CE23E-6751-4828-AF8B-66EA06E697F6}" = Power Manager> in the current context! Error: Unable to interpret <"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86> in the current context! Error: Unable to interpret <"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live> in the current context! Error: Unable to interpret <"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform> in the current context! Error: Unable to interpret <"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64> in the current context! Error: Unable to interpret <"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common> in the current context! Error: Unable to interpret <"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform> in the current context! Error: Unable to interpret <"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack> in the current context! Error: Unable to interpret <"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail> in the current context! Error: Unable to interpret <"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials> in the current context! Error: Unable to interpret <"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10> in the current context! Error: Unable to interpret <"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة> in the current context! Error: Unable to interpret <"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas> in the current context! Error: Unable to interpret <"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger> in the current context! Error: Unable to interpret <"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer> in the current context! Error: Unable to interpret <"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live> in the current context! Error: Unable to interpret <"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live> in the current context! Error: Unable to interpret <"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera> in the current context! Error: Unable to interpret <"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live> in the current context! Error: Unable to interpret <"{EDC7F608-2A5E-4933-8DAD-0BDD9D757EB5}" = BBZ> in the current context! Error: Unable to interpret <"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心> in the current context! Error: Unable to interpret <"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集> in the current context! Error: Unable to interpret <"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.015> in the current context! Error: Unable to interpret <"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]> in the current context! Error: Unable to interpret <"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics> in the current context! Error: Unable to interpret <"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver> in the current context! Error: Unable to interpret <"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources> in the current context! Error: Unable to interpret <"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις> in the current context! Error: Unable to interpret <"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center> in the current context! Error: Unable to interpret <"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials> in the current context! Error: Unable to interpret <"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update> in the current context! Error: Unable to interpret <"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live> in the current context! Error: Unable to interpret <"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh> in the current context! Error: Unable to interpret <"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials> in the current context! Error: Unable to interpret <"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker> in the current context! Error: Unable to interpret <"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung> in the current context! Error: Unable to interpret <"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox> in the current context! Error: Unable to interpret <"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer> in the current context! Error: Unable to interpret <"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX> in the current context! Error: Unable to interpret <"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin> in the current context! Error: Unable to interpret <"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0> in the current context! Error: Unable to interpret <"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver> in the current context! Error: Unable to interpret <"Asus Vibe2.0" = AsusVibe2.0> in the current context! Error: Unable to interpret <"ASUS WebStorage" = ASUS WebStorage> in the current context! Error: Unable to interpret <"Audacity_is1" = Audacity 1.2.6> in the current context! Error: Unable to interpret <"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor> in the current context! Error: Unable to interpret <"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX> in the current context! Error: Unable to interpret <"Canon MOV Decoder" = Canon MOV Decoder> in the current context! Error: Unable to interpret <"Canon MOV Encoder" = Canon MOV Encoder> in the current context! Error: Unable to interpret <"DPP" = Canon Utilities Digital Photo Professional 3.10> in the current context! Error: Unable to interpret <"ENTERPRISE" = Microsoft Office Enterprise 2007> in the current context! Error: Unable to interpret <"EOS Sample Music" = Canon Utilities EOS Sample Music> in the current context! Error: Unable to interpret <"EOS Utility" = Canon Utilities EOS Utility> in the current context! Error: Unable to interpret <"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX> in the current context! Error: Unable to interpret <"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423> in the current context! Error: Unable to interpret <"FreeCommander_is1" = FreeCommander 2009.02b> in the current context! Error: Unable to interpret <"Hotel Dash Suite Success" = Hotel Dash Suite Success> in the current context! Error: Unable to interpret <"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go> in the current context! Error: Unable to interpret <"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint> in the current context! Error: Unable to interpret <"JOA_is1" = Jewels of Atlantis> in the current context! Error: Unable to interpret <"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300> in the current context! Error: Unable to interpret <"McAfee Security Scan" = McAfee Security Scan Plus> in the current context! Error: Unable to interpret <"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH> in the current context! Error: Unable to interpret <"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX> in the current context! Error: Unable to interpret <"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube> in the current context! Error: Unable to interpret <"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)> in the current context! Error: Unable to interpret <"MozillaMaintenanceService" = Mozilla Maintenance Service> in the current context! Error: Unable to interpret <"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin> in the current context! Error: Unable to interpret <"PhotoScape" = PhotoScape> in the current context! Error: Unable to interpret <"PhotoStitch" = Canon Utilities PhotoStitch> in the current context! Error: Unable to interpret <"Picture Style Editor" = Canon Utilities Picture Style Editor> in the current context! Error: Unable to interpret <"ProInst" = Intel PROSet Wireless> in the current context! Error: Unable to interpret <"Update Engine" = Sony Ericsson Update Engine> in the current context! Error: Unable to interpret <"WinLiveSuite" = Windows Live Essentials> in the current context! Error: Unable to interpret <"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX> in the current context! Error: Unable to interpret <"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility> in the current context! Error: Unable to interpret <"Zuma - Deluxe" = Zuma - Deluxe> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== HKEY_CURRENT_USER Uninstall List ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context! Error: Unable to interpret <"Dropbox" = Dropbox> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Last 20 Event Log Errors ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[ Application Events ]> in the current context! Error: Unable to interpret <Error - 07.07.2012 15:35:08 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000> in the current context! Error: Unable to interpret <Error - 07.07.2012 17:23:38 | Computer Name = Melanie-PC | Source = Application > in the current context! Error: Unable to interpret <Error | ID = 1000> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Name der fehlerhaften Anwendung: wlsetup.exe, Version: 15.4.3555.308, Zeitstempel: 0x4f596768> in the current context! Error: Unable to interpret <Name des fehlerhaften Moduls: msi.dll, Version: 5.0.7601.17807, Zeitstempel: 0x4f802294> in the current context! Error: Unable to interpret <Ausnahmecode: 0xc0000005> in the current context! Error: Unable to interpret <Fehleroffset: 0x0001eb94> in the current context! Error: Unable to interpret <ID des fehlerhaften Prozesses: 0x236c> in the current context! Error: Unable to interpret <Startzeit der fehlerhaften Anwendung: 0x01cd5c86c0d467af> in the current context! Error: Unable to interpret <Pfad der fehlerhaften Anwendung: C:\Users\Melanie\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe> in the current context! Error: Unable to interpret <Pfad des fehlerhaften Moduls: C:\Windows\system32\msi.dll> in the current context! Error: Unable to interpret <Berichtskennung: 03a0afc0-c87a-11e1-866b-14dae96380d9> in the current context! Error: Unable to interpret <Error - 08.07.2012 05:28:00 | Computer Name = Melanie-PC | Source = Application > in the current context! Error: Unable to interpret <Error | ID = 1000> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 08.07.2012 08:25:12 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000> in the current context! Error: Unable to interpret <Error - 08.07.2012 13:43:51 | Computer Name = Melanie-PC | Source = Bonjour Service> in the current context! Error: Unable to interpret < | ID = 100> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Task Scheduling Error: Continuously busy for more than a second> in the current context! Error: Unable to interpret <Error - 08.07.2012 13:43:51 | Computer Name = Melanie-PC | Source = Bonjour Service> in the current context! Error: Unable to interpret < | ID = 100> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledEvent 13697> in the current context! Error: Unable to interpret <Error - 08.07.2012 13:43:51 | Computer Name = Melanie-PC | Source = Bonjour Service> in the current context! Error: Unable to interpret < | ID = 100> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledSPRetry 13697> in the current context! Error: Unable to interpret <Error - 09.07.2012 12:07:35 | Computer Name = Melanie-PC | Source = Bonjour Service> in the current context! Error: Unable to interpret < | ID = 100> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Task Scheduling Error: Continuously busy for more than a second> in the current context! Error: Unable to interpret <Error - 09.07.2012 12:07:35 | Computer Name = Melanie-PC | Source = Bonjour Service> in the current context! Error: Unable to interpret < | ID = 100> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledEvent 1107> in the current context! Error: Unable to interpret <Error - 09.07.2012 12:07:35 | Computer Name = Melanie-PC | Source = Bonjour Service> in the current context! Error: Unable to interpret < | ID = 100> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledSPRetry 1107> in the current context! Error: Unable to interpret <Error - 09.07.2012 12:07:36 | Computer Name = Melanie-PC | Source = Bonjour Service> in the current context! Error: Unable to interpret < | ID = 100> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Task Scheduling Error: Continuously busy for more than a second> in the current context! Error: Unable to interpret <Error - 09.07.2012 12:07:36 | Computer Name = Melanie-PC | Source = Bonjour Service> in the current context! Error: Unable to interpret < | ID = 100> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledEvent 2137> in the current context! Error: Unable to interpret <Error - 09.07.2012 12:07:36 | Computer Name = Melanie-PC | Source = Bonjour Service> in the current context! Error: Unable to interpret < | ID = 100> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = Task Scheduling Error: m->NextScheduledSPRetry 2137> in the current context! Error: Unable to interpret <Error - 10.07.2012 12:37:48 | Computer Name = Melanie-PC | Source = Brother BrLog> in the current context! Error: Unable to interpret < | ID = 1001> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = TWN BrtTWN: [2012/07/10 18:37:48.388]: [00008036]: ##### Fatal ERROR!! Create STI-device failed! #####> in the current context! Error: Unable to interpret <Error - 10.07.2012 12:37:48 | Computer Name = Melanie-PC | Source = Brother BrLog> in the current context! Error: Unable to interpret < | ID = 1001> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Description = TWN BrtTWN: [2012/07/10 18:37:48.394]: [00008036]: Initialize TwdsMain Class failed!> in the current context! Error: Unable to interpret <Error - 11.07.2012 14:19:41 | Computer Name = Melanie-PC | Source = Application > in the current context! Error: Unable to interpret <Error | ID = 1000> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[ OSession Events ]> in the current context! Error: Unable to interpret <Error - 23.10.2011 12:31:55 | Computer Name = Melanie-PC | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context! Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context! Error: Unable to interpret < 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11392> in the current context! Error: Unable to interpret < seconds with 5640 seconds of active time. This session ended with a crash.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 28.01.2012 09:17:40 | Computer Name = Melanie-PC | Source = Microsoft Office 12 Sessions | ID = 7001> in the current context! Error: Unable to interpret <Description = ID: 0, Application Name: Microsoft Office Word, Application Version:> in the current context! Error: Unable to interpret < 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1004> in the current context! Error: Unable to interpret < seconds with 960 seconds of active time. This session ended with a crash.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[ System Events ]> in the current context! Error: Unable to interpret <Error - 01.02.2012 16:16:53 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7031> in the current context! Error: Unable to interpret <Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist> in the current context! Error: Unable to interpret < bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden> in the current context! Error: Unable to interpret < durchgeführt: Neustart des Diensts.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 05.02.2012 08:35:27 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010> in the current context! Error: Unable to interpret <Description = > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 09.02.2012 16:04:01 | Computer Name = Melanie-PC | Source = Disk | ID = 262155> in the current context! Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 11.02.2012 12:05:20 | Computer Name = Melanie-PC | Source = DCOM | ID = 10010> in the current context! Error: Unable to interpret <Description = > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 16.02.2012 16:43:53 | Computer Name = Melanie-PC | Source = Disk | ID = 262155> in the current context! Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 16.02.2012 16:43:54 | Computer Name = Melanie-PC | Source = Disk | ID = 262155> in the current context! Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 16.02.2012 16:43:54 | Computer Name = Melanie-PC | Source = Disk | ID = 262155> in the current context! Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 16.02.2012 16:43:55 | Computer Name = Melanie-PC | Source = Disk | ID = 262155> in the current context! Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 16.02.2012 16:43:55 | Computer Name = Melanie-PC | Source = Disk | ID = 262155> in the current context! Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Error - 23.02.2012 08:57:36 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011> in the current context! Error: Unable to interpret <Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung> in the current context! Error: Unable to interpret < von Dienst ShellHWDetection erreicht.> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret << End of report > > in the current context! OTL by OldTimer - Version 3.2.54.0 log created on 07142012_221746 |
14.07.2012, 21:24 | #10 |
/// Helfer-Team | GVU Trojaner unter Windows 7 mit Webcam Du hast das Log eingegeben statt des FIX!!! Bitte richtig durchfuehren: http://www.trojaner-board.de/119402-...tml#post865073 |
14.07.2012, 21:43 | #11 |
| GVU Trojaner unter Windows 7 mit Webcam Habs gemerkt. Bin über dem von dir geposteten Script auf alles kopieren-wurde wohl nicht angenommen und ich habe munter das vorher kopierte Log eingefügt. So, aber jetzt das Log All processes killed ========== OTL ========== No active process named Program Files was found! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{435216DD-7692-4030-B308-075076971315}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435216DD-7692-4030-B308-075076971315}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8657A450-A790-46E0-A09B-28C941996A2F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8657A450-A790-46E0-A09B-28C941996A2F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{943C70A8-F189-42C1-ACA0-B6A1F0145F0B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{943C70A8-F189-42C1-ACA0-B6A1F0145F0B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F2EDB52-9CA8-4254-B525-6F6CAC4716F6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F2EDB52-9CA8-4254-B525-6F6CAC4716F6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB07B951-34D7-4970-AAC7-DB6ECF09ECFA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB07B951-34D7-4970-AAC7-DB6ECF09ECFA}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "Yahoo" removed from browser.search.defaultenginename Prefs.js: "WiseConvert Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "chr-greentree_ff&type=827316&ilc=12" removed from browser.search.param.yahoo-fr Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "www.google.de" removed from browser.startup.homepage Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" removed from keyword.URL Prefs.js: 0 removed from network.proxy.type Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found. File C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully. 64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully. C:\Program Files\WEB.DE Toolbar\IE\uitb.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully. C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} C:\Windows\Downloaded Program Files\jinstall-6u20.inf moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1174994656-1186062306-230243989-1000\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! ADS C:\ProgramData\Temp:981884E7 deleted successfully. ADS C:\ProgramData\Temp:3E7393FC deleted successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\ProgramData\go_0molg.pad moved successfully. C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\ox1chxpe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully. C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\ox1chxpe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully. C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\ox1chxpe.default\extensions folder moved successfully. File C:\ProgramData\go_0molg.pad not found. C:\Users\Melanie\AppData\Roaming\Babylon folder moved successfully. ========== FILES ========== File\Folder C:\ProgramData\go_0molg.pad not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Melanie\Desktop\cmd.bat deleted successfully. C:\Users\Melanie\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Melanie ->Temp folder emptied: 19897821 bytes ->Temporary Internet Files folder emptied: 3638639 bytes ->Java cache emptied: 29232319 bytes ->FireFox cache emptied: 53624045 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 985 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 711240 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 178463 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 104362 bytes Total Files Cleaned = 102,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Melanie ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07142012_223834 Files\Folders moved on Reboot... C:\Users\Melanie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Melanie\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... |
14.07.2012, 22:00 | #12 |
/// Helfer-Team | GVU Trojaner unter Windows 7 mit Webcam Sehr gut! Wie laeuft der Rechner? Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
14.07.2012, 22:04 | #13 |
| GVU Trojaner unter Windows 7 mit Webcam Hallo t´john, Rechner läuft gut. Leider weiß ich ja nicht, was da im Hintergund sein Unwesen treibt-Ich hoffe bald nichts mehr. Anbei das Log vom ADW-scan # AdwCleaner v1.702 - Logfile created 07/14/2012 at 23:03:25 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Melanie - MELANIE-PC # Running from : C:\Users\Melanie\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Melanie\AppData\Local\Babylon Folder Found : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Folder Found : C:\Users\Melanie\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Melanie\AppData\LocalLow\bbrs_002.tb Folder Found : C:\Users\Melanie\AppData\LocalLow\pdfforge Folder Found : C:\Users\Melanie\AppData\LocalLow\Search Settings Folder Found : C:\Users\Melanie\AppData\Roaming\pdfforge Folder Found : C:\ProgramData\Babylon Folder Found : C:\Program Files (x86)\Application Updater Folder Found : C:\Program Files (x86)\Common Files\spigot File Found : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\Conduit.xml ***** [Registry] ***** Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\BrowserCompanion Key Found : HKCU\Software\pdfforge Key Found : HKCU\Software\Search Settings Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\BabylonToolbar Key Found : HKLM\SOFTWARE\BrowserCompanion Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie Key Found : HKLM\SOFTWARE\pdfforge Key Found : HKLM\SOFTWARE\Search Settings [x64] Key Found : HKCU\Software\BabylonToolbar [x64] Key Found : HKCU\Software\BrowserCompanion [x64] Key Found : HKCU\Software\pdfforge [x64] Key Found : HKCU\Software\Search Settings [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (de) Profile name : default File : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\prefs.js Found : user_pref("extensions.BabylonToolbar.admin", false); Found : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar.babExt", ""); Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=101365"); Found : user_pref("extensions.BabylonToolbar.bbDpng", 14); Found : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Found : user_pref("extensions.BabylonToolbar.dfltSrch", true); Found : user_pref("extensions.BabylonToolbar.hmpg", true); Found : user_pref("extensions.BabylonToolbar.id", "da14c64900000000000078929c15abe1"); Found : user_pref("extensions.BabylonToolbar.instlDay", "15377"); Found : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar.lastDP", 14); Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:57:07"); Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0"); Found : user_pref("extensions.BabylonToolbar.newTab", true); Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar.propectorlck", 67796682); Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar.ptch_0717", true); Found : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:57:07"); Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101365"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "da14c64900000000000078929c15abe1"); Found : user_pref("extensions.BabylonToolbar_i.id", "da14c64900000000000078929c15abe1"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15377"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", false); Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:57:07"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); -\\ Google Chrome v [Unable to get version] File : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [12069 octets] - [14/07/2012 23:03:25] ########## EOF - C:\AdwCleaner[R1].txt - [12198 octets] ########## |
15.07.2012, 11:38 | #14 |
/// Helfer-Team | GVU Trojaner unter Windows 7 mit Webcam
danach: Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log |
15.07.2012, 12:03 | #15 |
| GVU Trojaner unter Windows 7 mit Webcam Schönen Sonntag wünsche ich. So, anbei das log nachdem bei ADW-Scan der delete Knopf gedrückt wurde: # AdwCleaner v1.702 - Logfile created 07/15/2012 at 12:58:33 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Melanie - MELANIE-PC # Running from : C:\Users\Melanie\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Melanie\AppData\Local\Babylon Folder Deleted : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Folder Deleted : C:\Users\Melanie\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Melanie\AppData\LocalLow\bbrs_002.tb Folder Deleted : C:\Users\Melanie\AppData\LocalLow\pdfforge Folder Deleted : C:\Users\Melanie\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Melanie\AppData\Roaming\pdfforge Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Program Files (x86)\Application Updater Folder Deleted : C:\Program Files (x86)\Common Files\spigot File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\searchplugins\Conduit.xml ***** [Registry] ***** Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\BrowserCompanion Key Deleted : HKCU\Software\pdfforge Key Deleted : HKCU\Software\Search Settings Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\BabylonToolbar Key Deleted : HKLM\SOFTWARE\BrowserCompanion Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie Key Deleted : HKLM\SOFTWARE\pdfforge Key Deleted : HKLM\SOFTWARE\Search Settings ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (de) Profile name : default File : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\prefs.js C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ox1chxpe.default\user.js ... Deleted ! Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101365"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 14); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true); Deleted : user_pref("extensions.BabylonToolbar.hmpg", true); Deleted : user_pref("extensions.BabylonToolbar.id", "da14c64900000000000078929c15abe1"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15377"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 14); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:57:07"); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 67796682); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:57:07"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101365"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "da14c64900000000000078929c15abe1"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "da14c64900000000000078929c15abe1"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15377"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:57:07"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); -\\ Google Chrome v [Unable to get version] File : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [12112 octets] - [14/07/2012 23:03:25] AdwCleaner[R2].txt - [12173 octets] - [14/07/2012 23:32:07] AdwCleaner[S1].txt - [10362 octets] - [15/07/2012 12:58:33] ########## EOF - C:\AdwCleaner[S1].txt - [10491 octets] ########## Ich mache jetzt den Online Scan. Hallo t´john, so der ESEt scan ist jetzt beendet. Anbei das Log Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=44b24c8aee3ddf44ba14e3354be7c0fb # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-15 01:22:13 # local_time=2012-07-15 03:22:13 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 21944745 21944745 0 0 # compatibility_mode=5893 16776574 100 94 21946152 93980622 0 0 # compatibility_mode=8192 67108863 100 0 183 183 0 0 # scanned=216287 # found=7 # cleaned=0 # scan_time=7761 C:\Users\Melanie\Downloads\installer_cool_edit_pro_2_1_Deutsch.exe Win32/Vittalia application (unable to clean) 00000000000000000000000000000000 I C:\Windows\Installer\1698a.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\07142012_223834\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I D:\MELANIE-PC\Backup Set 2011-11-20 190000\Backup Files 2012-02-13 150035\Backup files 1.zip Win32/Vittalia application (unable to clean) 00000000000000000000000000000000 I D:\MELANIE-PC\Backup Set 2011-11-20 190000\Backup Files 2012-03-04 190001\Backup files 1.zip Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I D:\MELANIE-PC\Backup Set 2012-05-13 191819\Backup Files 2012-05-13 191819\Backup files 21.zip Win32/Vittalia application (unable to clean) 00000000000000000000000000000000 I D:\MELANIE-PC\Backup Set 2012-05-13 191819\Backup Files 2012-06-10 192024\Backup files 2.zip multiple threats (unable to clean) 00000000000000000000000000000000 I |
Themen zu GVU Trojaner unter Windows 7 mit Webcam |
alternate, audacity, cftmon.lnk, checkliste, ctfmon.lnk, dringend, fatal error, flash player, gfnexsrv.exe, glom0, google earth, go_0molg.pad, gvu mit wasserwebcam, gvu trojaner, gvu trojaner entfernen, gvu trojaner mit webcam, heuristiks/extra, heuristiks/shuriken, install.exe, microsoft office word, nvidia update, nvpciflt.sys, office 2007, origin, pdfforge toolbar, plug-in, pup.blabbers, realtek, searchscopes, security, spyware.zbot.dg, trojan.ransom.gen, trojaner, usb 2.0, webcam gvu trojaner, webcamfenster, windows 7, wscript.exe |