|
Log-Analyse und Auswertung: Polizei Virus Österreich, am 31.07.2012Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.07.2012, 08:59 | #1 |
| Polizei Virus Österreich, am 31.07.2012 Hallo, auch mein Notebook wurde nun leider von dem bekannten "Polizei Virus" befallen ! Wie in der Anleitung geschildert, habe ich im abgesicherten Modus einen OTL-Scan gemacht um Ihnen hier die zwei Logfiles im Anhang hochladen zu können. Hier die OTL und EXTRA direkt als Code: OTL: [CODE][OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.07.2012 09:52:05 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Johnny\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 5,03 Gb Available Physical Memory | 85,16% Memory free 11,81 Gb Paging File | 11,06 Gb Available in Paging File | 93,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 279,45 Gb Total Space | 153,05 Gb Free Space | 54,77% Space Free | Partition Type: NTFS Drive D: | 394,18 Gb Total Space | 238,62 Gb Free Space | 60,54% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: Johnny-ASUS | User Name: Johnny | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - [2012.07.31 09:18:53 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Johnny\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2011.09.27 16:04:18 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.08.08 07:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.07.27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011.07.27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.07.27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011.06.03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011.03.04 02:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.07.01 23:38:24 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify) SRV - [2012.06.27 07:46:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 20:37:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 20:37:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.04 08:17:03 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.18 12:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.10.18 12:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.10.18 12:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011.09.09 00:48:30 | 000,092,800 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.11.18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Stopped] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.29 20:31:28 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2) DRV:64bit: - [2012.07.20 11:45:29 | 000,052,832 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.05.21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.05.08 20:37:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 20:37:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.05.06 13:12:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.10.19 04:56:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.19 04:56:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.09.27 16:56:52 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.27 15:25:08 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.20 19:56:42 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.08.29 17:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.08.09 02:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.08.08 17:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.08.08 17:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.08.04 03:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.08.02 02:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.08.02 02:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.07.21 13:01:14 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.05.14 00:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.15 12:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.09.20 19:56:42 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger) DRV - [2011.09.07 19:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 IE - HKLM\..\SearchScopes\{5991C7F0-6CFA-D58B-3201-7C3D08E6D208}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1802959\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.23 13:02:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.06.13 20:23:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 07:46:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.04 15:42:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.23 13:02:02 | 000,000,000 | ---D | M] [2012.02.22 22:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Extensions [2012.07.12 20:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.07.12 20:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2012.07.29 09:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions [2012.07.12 20:03:48 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com [2012.07.12 20:04:50 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions\OneClickDownload@OneClickDownload.com [2012.07.12 20:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged [2012.07.12 20:03:52 | 000,002,327 | ---- | M] () -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\searchplugins\Search.xml [2012.03.22 19:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.26 16:04:00 | 000,276,167 | ---- | M] () (No name found) -- C:\USERS\Johnny\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\03FZ0B43.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI [2012.02.22 22:33:00 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\Johnny\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\03FZ0B43.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.06.27 07:46:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [Update] C:\Users\Johnny\AppData\Roaming\deo0_sar.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify) O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [Update] C:\Users\Johnny\AppData\Roaming\deo0_sar.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB861BD-D212-4285-91EA-472938063372}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFE1DACC-026E-4510-9BE5-B4ECE6FFEFBD}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.07.31 09:21:20 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Johnny\Desktop\OTL.exe [2012.07.29 20:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify [2012.07.29 20:31:28 | 000,031,344 | ---- | C] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys [2012.07.29 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify [2012.07.29 20:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify [2012.07.29 20:29:19 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\Chris_Pietschmann_(http__ [2012.07.29 20:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router [2012.07.29 20:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router [2012.07.20 11:45:29 | 000,076,384 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll [2012.07.20 11:45:29 | 000,067,680 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll [2012.07.20 11:45:29 | 000,052,832 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys [2012.07.20 10:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MINDSTORMS NXT 2.0 [2012.07.20 10:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Software [2012.07.13 15:37:05 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\LEGO Creations [2012.07.13 15:37:05 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\LEGO Company [2012.07.13 15:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company [2012.07.13 15:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company [2012.07.13 15:05:06 | 001,077,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSCOMCTL.OCX [2012.07.13 15:05:06 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSHFLXGD.OCX [2012.07.13 15:05:06 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RICHTX32.OCX [2012.07.13 09:02:59 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\MiKTeX [2012.07.13 09:02:58 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\MiKTeX [2012.07.13 08:57:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll [2012.07.13 08:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeXnicCenter [2012.07.13 08:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 [2012.07.13 08:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX [2012.07.13 08:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.9 [2012.07.12 20:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it [2012.07.12 20:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods [2012.07.12 20:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload [2012.07.10 22:41:58 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Desktop\dani´s galaxy funkt nicht-Dateien [2012.06.13 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012.06.13 20:40:21 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\AVS4YOU [2012.06.13 20:40:16 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.06.13 20:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2012.06.13 20:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.06.13 20:40:11 | 000,658,432 | ---- | C] (Borland Corporation) -- C:\Windows\SysWow64\cc3270mt.dll [2012.06.13 20:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2012.06.13 20:39:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2012.06.13 20:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVSAudioConverter [2012.06.13 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\Freemake [2012.06.13 20:23:36 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2012.06.13 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2012.06.13 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012.06.13 20:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2012.06.13 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo [2012.06.13 19:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo [2012.06.13 17:28:10 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.06.13 17:28:10 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys ========== Files - Modified Within 60 Days ========== [2012.07.31 09:36:51 | 000,000,168 | ---- | M] () -- C:\Users\Johnny\defogger_reenable [2012.07.31 09:34:26 | 000,050,477 | ---- | M] () -- C:\Users\Johnny\Desktop\Defogger.exe [2012.07.31 09:22:12 | 001,643,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.31 09:22:12 | 000,708,032 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.31 09:22:12 | 000,663,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.31 09:22:12 | 000,151,668 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.31 09:22:12 | 000,124,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.31 09:18:53 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Johnny\Desktop\OTL.exe [2012.07.31 09:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.31 09:18:50 | 461,414,399 | -HS- | M] () -- C:\hiberfil.sys [2012.07.31 08:26:33 | 000,002,430 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.07.31 08:26:24 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe [2012.07.31 08:26:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.31 08:24:04 | 000,158,208 | ---- | M] () -- C:\Users\Johnny\AppData\Roaming\deo0_sar.exe [2012.07.31 08:16:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.31 08:01:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.29 20:40:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 20:40:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 20:38:06 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.07.29 20:34:48 | 000,001,591 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.07.29 20:31:33 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Connectify.lnk [2012.07.29 20:31:28 | 000,031,344 | ---- | M] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys [2012.07.29 20:25:52 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2012.07.20 14:16:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf [2012.07.20 11:45:59 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.07.20 11:45:29 | 000,076,384 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll [2012.07.20 11:45:29 | 000,067,680 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll [2012.07.20 11:45:29 | 000,052,832 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys [2012.07.13 07:55:04 | 000,000,538 | ---- | M] () -- C:\Users\Johnny\Documents\3-D Sex and Zen Extreme Ecstasy 3D SBS (2011) [BDRip 1080p][WwW.ZoNaTorrent.CoM].magnet [2012.07.12 21:25:36 | 000,000,657 | ---- | M] () -- C:\Users\Johnny\Documents\Matlab 2012a for Windows 32 & 64 bit ISO License.magnet [2012.07.12 20:03:45 | 000,384,844 | ---- | M] () -- C:\Users\Johnny\AppData\Local\funmoods-speeddial.crx [2012.07.12 20:03:45 | 000,031,465 | ---- | M] () -- C:\Users\Johnny\AppData\Local\funmoods.crx [2012.07.10 22:42:00 | 000,051,827 | ---- | M] () -- C:\Users\Johnny\Desktop\dani´s galaxy funkt nicht.html [2012.06.22 08:33:40 | 000,000,750 | ---- | M] () -- C:\WirelessDiagLog.csv [2012.06.18 14:56:30 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2012.06.05 20:59:03 | 000,000,065 | ---- | M] () -- C:\Users\Johnny\nxj.cache ========== Files Created - No Company Name ========== [2012.07.31 09:36:51 | 000,000,168 | ---- | C] () -- C:\Users\Johnny\defogger_reenable [2012.07.31 09:35:58 | 000,050,477 | ---- | C] () -- C:\Users\Johnny\Desktop\Defogger.exe [2012.07.31 08:24:08 | 000,158,208 | ---- | C] () -- C:\Users\Johnny\AppData\Roaming\deo0_sar.exe [2012.07.29 20:31:33 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Connectify.lnk [2012.07.29 20:25:52 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2012.07.20 14:16:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf [2012.07.20 11:45:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.07.13 07:55:04 | 000,000,538 | ---- | C] () -- C:\Users\Johnny\Documents\3-D Sex and Zen Extreme Ecstasy 3D SBS (2011) [BDRip 1080p][WwW.ZoNaTorrent.CoM].magnet [2012.07.12 21:25:36 | 000,000,657 | ---- | C] () -- C:\Users\Johnny\Documents\Matlab 2012a for Windows 32 & 64 bit ISO License.magnet [2012.07.12 20:03:46 | 000,384,844 | ---- | C] () -- C:\Users\Johnny\AppData\Local\funmoods-speeddial.crx [2012.07.12 20:03:46 | 000,031,465 | ---- | C] () -- C:\Users\Johnny\AppData\Local\funmoods.crx [2012.07.10 22:41:58 | 000,051,827 | ---- | C] () -- C:\Users\Johnny\Desktop\dani´s galaxy funkt nicht.html [2012.06.22 08:31:02 | 000,000,750 | ---- | C] () -- C:\WirelessDiagLog.csv [2012.05.30 19:20:59 | 000,000,065 | ---- | C] () -- C:\Users\Johnny\nxj.cache [2012.05.06 17:40:35 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012.02.23 18:41:36 | 000,142,486 | ---- | C] () -- C:\Windows\hpwins26.dat [2012.02.23 18:41:36 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat [2012.02.23 17:41:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.02.23 12:59:02 | 000,197,052 | ---- | C] () -- C:\Windows\hpwins27.dat [2012.02.23 12:59:02 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat [2012.02.22 21:35:53 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.01.05 02:27:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.01.05 02:25:25 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.01.05 02:24:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.01.05 02:24:37 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.01.05 02:24:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.01.05 02:24:37 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.01.05 02:24:36 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.01.05 02:24:36 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.01.05 02:24:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.10.19 06:26:32 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.10.19 06:11:04 | 001,622,690 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.13 08:19:48 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.09.28 08:15:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll ========== LOP Check ========== [2012.02.22 21:48:44 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\ASUS WebStorage [2012.07.29 12:23:18 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Azureus [2012.04.03 12:14:08 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\BlackBean [2012.02.23 19:37:50 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\DAEMON Tools Lite [2012.05.06 17:40:47 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\EDrawings [2012.05.07 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\FreePDF [2012.05.02 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Leadertech [2012.07.13 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\LEGO Company [2012.02.22 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Nuance [2012.05.06 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\pdfforge [2012.05.02 16:17:31 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\PTC [2012.02.27 14:08:46 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Samsung [2012.03.13 14:12:28 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\SoftGrid Client [2012.02.22 22:49:26 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\TP [2012.02.22 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Zeon [2012.05.18 08:39:09 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 368 bytes -> C:\Users\Johnny\Documents\boot:$WIMMOUNTDATA < End of report > ] Extras.txt: [CODE][OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.07.2012 09:25:56 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Johnny\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 5,22 Gb Available Physical Memory | 88,42% Memory free 11,81 Gb Paging File | 11,14 Gb Available in Paging File | 94,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 279,45 Gb Total Space | 153,13 Gb Free Space | 54,80% Space Free | Partition Type: NTFS Drive D: | 394,18 Gb Total Space | 238,62 Gb Free Space | 60,54% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive G: | 7,51 Gb Total Space | 2,63 Gb Free Space | 35,00% Space Free | Partition Type: NTFS Computer Name: Johnny-ASUS | User Name: Johnny | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02776A95-A671-4437-BB03-DABB9E1E963D}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | "{09665EB7-E3F8-4024-9C23-27BCD3B3C99E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0CA6D96D-8BC7-471B-8B9C-750C6A103750}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{1A7EAC65-979E-4072-98EB-7A6E98A36493}" = lport=10243 | protocol=6 | dir=in | app=system | "{1B4F128D-8EC3-4163-A7DD-2F087D8046C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{20ED59CB-5997-479E-B054-F30432ABB8AC}" = rport=137 | protocol=17 | dir=out | app=system | "{210CD088-D0A2-4425-9A2C-C47C2AA0DB7A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{21687C94-2728-4BA4-93DF-A42B16EA4BEF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2310D153-5619-47FB-91A5-66C9579A8E35}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{3CB1AF1F-29E6-459D-9D8B-52CC8D21A317}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | "{40999BEF-8B0A-42F7-A644-22E4E236060B}" = lport=137 | protocol=17 | dir=in | app=system | "{41FCCF86-465B-401B-AEDE-A146E3D0BF5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{58761C6A-4EF7-4C29-9C49-72F7BAEF703E}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{65B1BCB7-B766-4645-BB3B-5F4F3E326B6A}" = lport=138 | protocol=17 | dir=in | app=system | "{6CC7A384-DC44-431B-B8B9-BDC17B5F4AA1}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "{728C3760-A594-4DED-8B6E-8DD1C4E77369}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{77311723-B497-4541-84B7-76EBD3DEF068}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7803A9EA-EC51-4476-995A-89DB09E44CC1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{7A0222AE-3EEE-4A02-BFD7-B2A19E0FB9C3}" = lport=445 | protocol=6 | dir=in | app=system | "{8B2C5FDF-4220-49CB-B593-AD2651C71AE5}" = rport=445 | protocol=6 | dir=out | app=system | "{8C8B5235-4943-40D1-AD64-A9429B873327}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8F3200EF-88E8-4424-A7BB-155DBDEF1A33}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{9CF462DF-95E6-4305-866F-72FA2E6F4C0A}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe | "{9E140F29-F7CE-4F2B-BC2F-A221BC9213F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A10B44D6-815C-4EF4-97C3-FF837BD94AC5}" = rport=138 | protocol=17 | dir=out | app=system | "{AC882C1F-EBF3-48BF-83D5-5954B640008A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B1120A88-C8ED-41D9-90C3-AA7A5630F67F}" = rport=139 | protocol=6 | dir=out | app=system | "{B9432D2C-D034-4BE7-A564-002EEBDD9A88}" = rport=2869 | protocol=6 | dir=out | app=system | "{BB6FC7E9-BDF7-4673-865B-4EEF644043A0}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | "{BD9CB303-7785-4BBA-B79C-2B39BFC87184}" = lport=2869 | protocol=6 | dir=in | app=system | "{C5957981-5689-4336-9CB8-A16EFC5AB79E}" = rport=10243 | protocol=6 | dir=out | app=system | "{C6216C44-CD0C-4141-B106-9A48DFDA4C1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CA83FDBA-7724-4DF9-8446-C21C7A7630CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF4D702F-4056-4EDA-B352-1F7034F12661}" = lport=2869 | protocol=6 | dir=in | app=system | "{E3180847-D216-408D-B3B7-AD90DEE75771}" = lport=139 | protocol=6 | dir=in | app=system | "{E83683FB-59A5-4684-BA6F-C078A6AAA5F0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{EB03A23F-7150-4D40-9CA5-47DFF3A4C3E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F23ACB46-A1A4-4D5B-80B1-516BE19BE1A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D0504F4-FD22-431E-998A-CDC883E3EDE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{100C5DD8-EB06-4708-8A3A-F624171AC594}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1769223A-8704-4DF6-A829-E04E74B9E007}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{190CFA4B-2395-4566-AB28-1091FB5A177E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1AD748D7-C450-4A3D-9D43-2B3509B3963F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{209F67F8-9274-4899-AF62-8973792805E9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{279614F3-D3DC-4C7A-9417-DB9705FA79BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{28C08126-7E76-49E7-B5A0-0F74B153D638}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | "{2F5F064B-3ED2-465C-BFE6-2721930A725D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{33F1F7D7-9D76-4DF9-B1AD-F9A0B7090B14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{375A4B42-0228-430D-AE15-C3FCC0A07BDE}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{40A3D7BE-8678-465B-B0D1-88180B93DE42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{426DC1E7-7253-4276-9EBE-805349ED6C34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{48186F91-04D1-4BEC-97CC-EEA73CE77AE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{4F918FBB-4B91-4545-BF18-435C327FE0EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5056C963-F7B5-447C-ACC1-8487D0306D87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{5504E16F-C49C-4F12-BBBE-C25AE69E5E00}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{58629E3E-7D21-4FC5-8B74-2BCCDB9ECEDF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6067E188-C27C-40AB-8389-0F8787931A6A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{62855932-57B0-4A54-BCC6-4F4BA1D87695}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{635FBD1D-63F9-4374-A0B5-33DBFAE809E5}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{6384F30E-1B50-4917-97BC-D3D2D3FD3473}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{64985CFA-F45A-4E30-A45C-A589C5689B58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6A44B4FA-275D-49AB-B421-CB76A3494B08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{6E296A85-3956-4752-9FEA-40E65BACF25D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{7073BF1F-C399-486D-B0B4-AF765E4E8FDD}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | "{73416B8E-C194-4EBD-BC53-8EDBE39A482A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{742D2D1B-F763-44D2-84CE-0F5640745F75}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) | "{7807E5F3-F296-488E-955F-8CCC2830F1C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{7FA5F9FC-A2CB-4E40-A114-1EE475B785B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{879E72BF-61AA-4B25-A9B0-CD47C993D5CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{88193ADE-F01B-4946-ACCE-6808706AD5BE}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | "{8E0D188F-2182-435B-9EB4-B5CC649E2F3D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{921A167F-94A1-45A0-9889-FCA595A1D7A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{964CBFB8-C811-4E0D-9145-268DA753F3D4}" = protocol=6 | dir=out | app=system | "{9AFE7A49-ACEA-4E0A-AA9D-68848AD73D23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A245AD73-4DCB-4661-BCA8-828536BEC090}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | "{A3D10A0F-6803-48ED-B3E9-E8C0AB7B46C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5645019-78A3-47EA-9151-94FD2743AEF1}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | "{A5B3B568-139A-49B4-85E1-077D31C5E393}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A74CFE5C-0B50-4A4D-B8C7-CE314FC6D408}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A755B2B7-2626-45C2-880B-C47F8A010E12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{A9B5F34A-7E43-4357-93EE-5E29E1710B1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{AC7BA865-1F8D-4040-8BF0-8CB5F0A4D4D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{ACD244F1-C3DF-477D-AABC-CE144251E189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B2C13D44-50EF-49D3-8812-CFE813C0151A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{B4C606D4-D183-49EE-962E-907EA42E8E0B}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe | "{B6111225-5018-43EC-B319-29C531AF7CF2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BD58A205-4E97-455F-A8A5-EC9164ADE49D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BF53FAC9-3AA1-4CA7-B89D-513359511A8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C18048B6-6B21-454E-A5A6-91579BBF79AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{C46BC635-BC6E-4FEA-8BDB-6FB250BEBA62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CCBC01E3-3080-4ABF-B290-E42AA6BD1221}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | "{D3DE9C33-3325-42CD-A62F-CCE162919736}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D5483BD1-DA5E-4611-93AA-854857432A2F}" = dir=out | app=c:\windows\system32\svchost.exe | "{D8C4ED7B-8978-4806-AC4B-BC881B367716}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{DA6AD6BC-4CE1-4050-AAD2-6927A1DF337F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DBB0FFAA-DA51-44CF-8236-58138E85A850}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{DC0D7C0D-DCA2-40EF-8433-C007AA4F9B0F}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | "{DC71FBED-4827-4340-AAC5-1DEA9DA8D75B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E31385DF-DE7D-42D9-9729-A693A61C36BE}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{E8E23B35-FF8B-4663-A7C2-0E8260713836}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | "{E94AD1CB-6BA7-44B0-A1B5-5AB85D499274}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EA874F92-3705-4373-B746-2EAC3C5D5630}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{EC73A0AB-3F44-4D3B-B963-B9AB3DD95E7E}" = dir=in | app=c:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe | "{F5069BD0-6F8D-471A-91F4-02A3C90531F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{F7F08280-19BC-4BB3-AC0E-5008E5F96848}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FDD8AB72-01F8-4477-B802-87C88FD906F3}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | "{FDD96A5B-D830-49E1-B8D6-3C634B41B339}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "TCP Query User{05148EB2-0A9B-4C90-96B6-3BE741F38AB1}C:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\pro_comm_msg.exe | "TCP Query User{0BDB9768-11E9-44D5-8AFF-0B7F093C5856}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "TCP Query User{478542B4-6A27-4691-BF3A-30A06704DC95}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{59A4139A-F61B-4D8C-B321-B478065DBDE6}C:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\xtop.exe | "TCP Query User{7062FA7F-786E-47C0-8664-1C0C7AE1E75B}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "TCP Query User{836DB014-1058-49B8-9C05-62E853A814F3}C:\program files\ptc\creo elements\pro5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\bin\proe.exe | "TCP Query User{A3F015D3-5839-4C31-B5B7-CC9B1E59757C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{AC7E5C09-7AB7-40D7-BE90-9060007FDEA0}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{AF426936-D222-4C87-85AF-B542880BD069}C:\program files\ptc\creo elements\pro5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\nms\nmsd.exe | "TCP Query User{BC5E540B-A5EA-4B88-817D-56ECA6F1DFB0}C:\program files\matlab\r2012a\bin\win64\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2012a\bin\win64\matlab.exe | "UDP Query User{2F7B46E1-AA67-41A8-B26E-16709BFE6C64}C:\program files\ptc\creo elements\pro5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\nms\nmsd.exe | "UDP Query User{30695E70-CBB2-4B75-BE88-02D739618A7B}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "UDP Query User{3C95A88F-F216-4FED-8342-39ABF3296877}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{465F701A-624D-4522-9AAA-CE210B0B4F8B}C:\program files\matlab\r2012a\bin\win64\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2012a\bin\win64\matlab.exe | "UDP Query User{86F8F17D-7105-4F0B-B5ED-68CB7F3784C7}C:\program files\ptc\creo elements\pro5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\bin\proe.exe | "UDP Query User{97FF0997-9DF9-4A83-AB07-34E07B372A2D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{A70A07F0-9F38-402B-9969-9E08AEDEA85A}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "UDP Query User{B66C24CF-48F9-4193-A239-7512B731E69B}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{C44226FF-190A-4631-9CB1-D1BFA7407B48}C:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\xtop.exe | "UDP Query User{F9008894-6272-4482-A09D-82E9D759924B}C:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\pro_comm_msg.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software "{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid "{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety "{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety "{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C3A5D69-BA3F-C1B6-2BE2-1FC74AEF5603}" = AMD AVIVO64 Codecs "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety "{54467C1D-3CF7-A3B2-A72D-C97515E6603A}" = ccc-utility64 "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{7E5A1435-D1AD-49E2-AB89-31BD7BB350CF}" = ProductView Express 9.1 "{80015C1E-CF30-474A-AA70-F48CF5BB7AC5}" = SolidWorks eDrawings 2012 x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{92015CBE-D397-C3EA-99FC-B03051DE69A4}" = AMD Catalyst Install Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AE1D4582-D449-495C-9DC6-B92E16C7DB63}" = LEGO MINDSTORMS NXT Driver for x64 "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety "{B38968E0-778F-47C3-8781-BAD4E497801C}" = HP Officejet 4500 G510g-m "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DCC7ADF1-1C02-4FAC-AC5F-E9424A0F1C68}" = Creo Thumbnail Viewer 1.0 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "A-WIN-Extras 8.0.0 1802959_is1" = Mathematica Extras 8.0 (1802959) "Connectify" = Connectify "Creo Elements/Pro Release 5.0 Datecode M110" = Creo Elements/Pro Release 5.0 Datecode M110 "GPL Ghostscript 9.04" = GPL Ghostscript "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Matlab R2012a" = MATLAB R2012a "MediaInfo" = MediaInfo 0.7.58 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "MiKTeX 2.9" = MiKTeX 2.9 "M-WIN-L 8.0.0 1803527_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.0 1803527) "ProInst" = Intel PROSet Wireless "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Shop for HP Supplies" = Shop for HP Supplies "sp6" = Logitech SetPoint 6.32 "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 2.1.0-git-20120217-1212 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02CA72F4-D62F-B098-8E03-2CA3726DADD8}" = Catalyst Control Center Profiles Mobile "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{07AB0247-FEF5-425F-BF51-1F51354DA983}" = SBK®2011 FIM Superbike World Championship "{08C6EABF-9B49-E8A2-6CD7-67A8DFB2B3F5}" = CCC Help Czech "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19E8B5A1-7CE3-2890-B601-AD1894D4E8B5}" = CCC Help Hungarian "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2222706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 SDK "{233E81F1-83AB-18D9-4BF1-3B375AE4D11E}" = Catalyst Control Center Graphics Previews Common "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{253252E2-EFAE-4AA8-96B6-0828619E536C}_is1" = leJOS NXJ 0.9.1beta-2 "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{32A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{363FCBCD-2900-91A5-11A3-3B54C646E1F4}" = CCC Help Norwegian "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F0F7284-6243-A036-0E32-EA5145F24B08}" = CCC Help Chinese Standard "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4614C36E-AABF-42AD-9419-0B8051547B96}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{505A4995-6975-D40F-DF63-37E95919BD06}" = Catalyst Control Center Localization All "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5994B82C-F940-F603-5523-80533CBB6A3E}" = CCC Help Swedish "{5B2374E3-0589-D4B8-7235-4CC581827531}" = CCC Help Spanish "{5B7EDCF8-E6AD-4E99-972C-34BF1F07B349}" = LEGO MINDSTORMS NXT Software v2.0 "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5F595606-213F-135C-F632-3D563A8B2F2C}" = CCC Help Greek "{61ED9291-BCF4-72DB-86E0-346234D7FF0D}" = CCC Help Polish "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation "{7DC60B84-3CD0-1458-BA7C-B48C5F876963}" = Catalyst Control Center "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E7A5A7D-1045-4075-9808-60C0DE69D38A}" = 4500G510gm_web "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{9135FAAF-1FA7-3188-A03A-F1D93E9C25E4}" = CCC Help Italian "{92447039-DC7B-46BF-9D1D-2B92FA89F914}" = SBK®2011 FIM Superbike World Championship "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A138F658-D69C-E4B5-3E88-FD0D35B8648A}" = CCC Help Dutch "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B43DC77D-577A-49BD-AE9D-99497C9E71FB}" = Catalyst Control Center - Branding "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B7E2386E-869F-EFAD-8C58-B60D463AF599}" = CCC Help Turkish "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C211509D-0405-98A7-80DA-17F147C7EC3D}" = CCC Help Korean "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2156D27-B4A2-D130-BFA7-8C62ACD579DD}" = CCC Help French "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help_Web "{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E15ACAA4-40DC-DBAE-5969-72865AE1F1A3}" = PX Profile Update "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E1D8C2DC-7335-BFF4-BB01-08952DACCE7B}" = CCC Help English "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E3618E3B-9E86-AE4F-DF6A-695CBC8E5348}" = Catalyst Control Center InstallProxy "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E68F98C3-6E2E-04A7-CF3C-869A8A08321C}" = CCC Help Portuguese "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EEBFA06C-8FF8-9716-93DF-DC24E22A0ACB}" = CCC Help Russian "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F44C3156-554C-B107-9A32-D5939A8F45F4}" = CCC Help Finnish "{F4613A0E-C301-CC91-3169-D65E3EB6353A}" = CCC Help Danish "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F7082FDA-193B-ED77-2195-B23B9CAAD0B5}" = CCC Help German "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F8967C9A-49F4-1520-F4A2-DC0E86D2D65B}" = CCC Help Thai "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F8D5FBF7-6826-6406-303C-F2C06789BD3C}" = CCC Help Chinese Traditional "{F9408107-4DCC-A7B1-AD90-E938F77EDCDA}" = CCC Help Japanese "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "1ClickDownload" = 1ClickDownloader "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "AsusScr_K3 Series_ENG" = AsusScr_K3 Series_ENG "Avira AntiVir Desktop" = Avira Free Antivirus "AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2 "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2 "FreePDF_XP" = FreePDF (Remove only) "funmoods" = Funmoods Web Search "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "New LEGO Digital Designer" = LEGO Digital Designer "ProInst" = Intel PROSet Wireless "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Kies Air Discovery Service" = Kies Air Discovery Service ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.06.2012 05:09:45 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2012 Error - 29.06.2012 05:09:45 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2012 Error - 29.06.2012 08:08:20 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 29.06.2012 08:08:20 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1014 Error - 29.06.2012 08:08:20 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1014 Error - 29.06.2012 08:08:21 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 29.06.2012 08:08:21 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2013 Error - 29.06.2012 08:08:21 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2013 Error - 29.06.2012 08:08:22 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 29.06.2012 08:08:22 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3011 Error - 29.06.2012 08:08:22 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3011 [ System Events ] Error - 09.07.2012 01:34:47 | Computer Name = Johnny-Asus | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 09.07.2012 01:34:47 | Computer Name = Johnny-Asus | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 10.07.2012 03:04:36 | Computer Name = Johnny-Asus | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?09.?07.?2012 um 16:18:47 unerwartet heruntergefahren. Error - 10.07.2012 14:53:28 | Computer Name = Johnny-Asus | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.2 mit dem Computer mit der Netzwerkhardwareadresse E8-5B-5B-3F-E7-A9 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error - 10.07.2012 16:05:55 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 12.07.2012 13:05:29 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 14.07.2012 06:19:54 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 17.07.2012 13:21:54 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 18.07.2012 02:05:47 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 19.07.2012 02:08:58 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. < End of report > ] BITTE können Sie mir helfen diesen Trojaner wieder los zu werden, brauche das Notebook und vor allem meine Daten für die Bachelorarbeit! Vielen Dank im voraus, und schönen Tag noch!! Geändert von johnny-d (31.07.2012 um 09:05 Uhr) |
31.07.2012, 09:29 | #2 |
/// Helfer-Team | Polizei Virus Österreich, am 31.07.2012Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 IE - HKLM\..\SearchScopes\{5991C7F0-6CFA-D58B-3201-7C3D08E6D208}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Update] C:\Users\Johnny\AppData\Roaming\deo0_sar.exe () O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [Update] C:\Users\Johnny\AppData\Roaming\deo0_sar.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 [2012.07.31 08:24:04 | 000,158,208 | ---- | M] () -- C:\Users\Johnny\AppData\Roaming\deo0_sar.exe @Alternate Data Stream - 368 bytes -> C:\Users\Johnny\Documents\boot:$WIMMOUNTDATA [2012.07.12 20:03:48 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com [2012.07.12 20:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged [2012.07.12 20:03:52 | 000,002,327 | ---- | M] () -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\searchplugins\Search.xml [2012.07.12 20:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods [2012.07.31 08:26:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.31 08:16:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.31 08:01:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
31.07.2012, 09:45 | #3 |
| Polizei Virus Österreich, am 31.07.2012 Hier ist das neue Logfile:
__________________[CODE][All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5991C7F0-6CFA-D58B-3201-7C3D08E6D208}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5991C7F0-6CFA-D58B-3201-7C3D08E6D208}\ not found. HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "chrome://speeddial/content/speeddial.xul" removed from browser.startup.homepage Prefs.js: "Search" removed from browser.search.defaultenginename Prefs.js: "Google" removed from browser.search.selectedEngine 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully. File C:\Users\Johnny\AppData\Roaming\deo0_sar.exe not found. Registry value HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Run\\KiesHelper deleted successfully. Registry value HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully. File C:\Users\Johnny\AppData\Roaming\deo0_sar.exe not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully. Registry value HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\Users\Johnny\AppData\Roaming\deo0_sar.exe not found. Unable to delete ADS C:\Users\Johnny\Documents\boot:$WIMMOUNTDATA . Folder C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com\ not found. Folder C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged\ not found. File C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\searchplugins\Search.xml not found. C:\Program Files (x86)\Funmoods\1.5.23.22\bh folder moved successfully. C:\Program Files (x86)\Funmoods\1.5.23.22 folder moved successfully. C:\Program Files (x86)\Funmoods folder moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Windows\MusiccityDownload.exe moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten. C:\Users\David\Desktop\cmd.bat deleted successfully. C:\Users\David\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: David ->Temp folder emptied: 3559438944 bytes ->Temporary Internet Files folder emptied: 23332928 bytes ->Java cache emptied: 5704049 bytes ->FireFox cache emptied: 310197447 bytes ->Flash cache emptied: 3734 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 245290700 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 26311240152 bytes Total Files Cleaned = 29.044,00 mb [EMPTYFLASH] User: All Users User: David ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.55.0 log created on 07312012_103525 Files\Folders moved on Reboot... C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... ] Vielen Dank, schon jetzt für die wahnsinnig schnelle Antwort! Super! Kann jetzt schon wieder im Normalen Modus starten, klasse! Soll ich anschliesend auser einem Scan mit Malwarebytes noch was anderes machen? Nochmals DANKE!! |
31.07.2012, 09:46 | #4 |
/// Helfer-Team | Polizei Virus Österreich, am 31.07.2012 Sehr gut! Ja, im normalen Modus starten! 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
31.07.2012, 14:28 | #5 |
| Polizei Virus Österreich, am 31.07.2012 Hallo, hier die anderen Logfiles! mbam-log-2012-07-31 (10-51-24): [CODE][/Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.31.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 David :: DAVID-ASUS [Administrator] 31.07.2012 10:51:24 mbam-log-2012-07-31 (10-51-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 648073 Laufzeit: 1 Stunde(n), 34 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 25 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 11 C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Programme\Wolfram Mathematica 8\keygen\Windows\5.2.0 AGAiN\Keymaker.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Programme\Wolfram Mathematica 8\keygen\Windows\7.0.0 EDGE\keygen.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\David\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\David\AppData\Roaming\deo0_sar.exe (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ] mbam-log-2012-07-31 (15-20-58) [CODE][/Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.31.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 David :: DAVID-ASUS [Administrator] 31.07.2012 10:51:24 mbam-log-2012-07-31 (15-20-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 648073 Laufzeit: 1 Stunde(n), 34 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 25 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 11 C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. D:\Programme\Wolfram Mathematica 8\keygen\Windows\5.2.0 AGAiN\Keymaker.exe (Malware.Gen) -> Keine Aktion durchgeführt. D:\Programme\Wolfram Mathematica 8\keygen\Windows\7.0.0 EDGE\keygen.exe (Trojan.Agent) -> Keine Aktion durchgeführt. C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\David\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\David\AppData\Roaming\deo0_sar.exe (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. (Ende) ] AdwCleaner[R1] [CODE][/C# AdwCleaner v1.703 - Logfile created 07/31/2012 at 15:24:40 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : David - DAVID-ASUS # Running from : C:\Users\David\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\David\AppData\Roaming\pdfforge Folder Found : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com File Found : C:\Users\David\AppData\Local\funmoods-speeddial.crx ***** [Registry] ***** Key Found : HKCU\Software\Ask.com.tmp Key Found : HKCU\Software\SweetIm Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\DT Soft Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Found : HKLM\SOFTWARE\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods Key Found : HKLM\SOFTWARE\SweetIM [x64] Key Found : HKCU\Software\Ask.com.tmp [x64] Key Found : HKCU\Software\SweetIm [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE [x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\prefs.js Found : user_pref("extensions.funmoods.aflt", "nv1"); Found : user_pref("extensions.funmoods.autoRvrt", false); Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr"); Found : user_pref("extensions.funmoods.cntry", "AT"); Found : user_pref("extensions.funmoods.dfltLng", ""); Found : user_pref("extensions.funmoods.dfltSrch", true); Found : user_pref("extensions.funmoods.dfltlng", "en"); Found : user_pref("extensions.funmoods.dfltsrch", "false"); Found : user_pref("extensions.funmoods.dnsErr", true); Found : user_pref("extensions.funmoods.envrmnt", "production"); Found : user_pref("extensions.funmoods.excTlbr", false); Found : user_pref("extensions.funmoods.hdrMd5", "6EB8ABF692A8689F954D76E71379956B"); Found : user_pref("extensions.funmoods.hmpg", true); Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...] Found : user_pref("extensions.funmoods.hrdid", "C860000A53F9DBB0"); Found : user_pref("extensions.funmoods.id", "C860000A53F9DBB0"); Found : user_pref("extensions.funmoods.instlDay", "15533"); Found : user_pref("extensions.funmoods.instlRef", "nv1"); Found : user_pref("extensions.funmoods.instlday", "15533"); Found : user_pref("extensions.funmoods.instlref", "nv1"); Found : user_pref("extensions.funmoods.isdcmntcmplt", true); Found : user_pref("extensions.funmoods.keywordurl", ""); Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:3:44"); Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Found : user_pref("extensions.funmoods.newTab", true); Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...] Found : user_pref("extensions.funmoods.newtab", true); Found : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...] Found : user_pref("extensions.funmoods.prdct", "funmoods"); Found : user_pref("extensions.funmoods.prtnrId", "funmoods"); Found : user_pref("extensions.funmoods.prtnrid", "funmoods"); Found : user_pref("extensions.funmoods.savedVrsnTs", "1"); Found : user_pref("extensions.funmoods.sg", "none"); Found : user_pref("extensions.funmoods.smplGrp", "none"); Found : user_pref("extensions.funmoods.smplgrp", "none"); Found : user_pref("extensions.funmoods.srch", ""); Found : user_pref("extensions.funmoods.srchPrvdr", "Search"); Found : user_pref("extensions.funmoods.srchprvdr", "Search"); Found : user_pref("extensions.funmoods.tlbrId", "base"); Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...] Found : user_pref("extensions.funmoods.tlbrid", "base"); Found : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...] Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:3:44"); Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Found : user_pref("extensions.funmoods.vrsnts", "1.5.23.2220:3:44"); Found : user_pref("extensions.funmoods_i.newTab", true); Found : user_pref("extensions.funmoods_i.smplGrp", "none"); Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:3:44"); ************************* AdwCleaner[R1].txt - [9972 octets] - [31/07/2012 15:24:40] ########## EOF - C:\AdwCleaner[R1].txt - [10100 octets] ########## ] Vielen, vielen DANK!! Wünsche Ihnen noch einen schönen Tag! |
31.07.2012, 14:31 | #6 |
/// Helfer-Team | Polizei Virus Österreich, am 31.07.2012 Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Polizei Virus Österreich, am 31.07.2012 |
31.07.2012, 16:27 | #7 |
| Polizei Virus Österreich, am 31.07.2012 Hallo, hier dann die nächsten Logfiles: [CODE][/CODE Emsisoft Anti-Malware - Version 6.6 Letztes Update: 31.07.2012 15:50:46 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 31.07.2012 15:50:56 D:\Programme\Windows 7 Professional (32 Bit)\Windows 7 Activation\Windows 7 Activation.exe gefunden: Trojan.Win32.Jorik.ShakBla.OJ!E1 D:\Programme\NERO.8\Toolbar.exe gefunden: Adware.Win32.AskTBar!E1 D:\Bilder\Wallpaper widescreen 1080\Beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Beautiful_Blue_Mountains_Landscape_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Beer_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Blue_is_the_answer_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Chevrolet_Camaro_SS_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Exotic_Paradise_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Hay_Field_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Golf_Course_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Green_Lime_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Hong_Kong_Night_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Ice_Cola_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Interesting_3d_shapes_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Island_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Maldives_Entertainment_Center_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Koh_Tao_beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Red_&_White_Abstract_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Palm_Tree_Sunset_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Palm_Tree_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Sexy_girl_on_the_beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Shores_Of_Fire_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Splash_1680 x 1050 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\The_Maldives_1680 x 1050 widescreen(2).jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\The_Maldives_1680 x 1050 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Wooden_Boat_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Wizard_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Beautiful_Blue_Mountains_Landscape_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Beer_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Blue_is_the_answer_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Chevrolet_Camaro_SS_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Exotic_Paradise_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Golf_Course_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Hay_Field_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Hong_Kong_Night_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Green_Lime_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Ice_Cola_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Interesting_3d_shapes_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Island_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Koh_Tao_beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Maldives_Entertainment_Center_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Palm_Tree_Sunset_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Palm_Tree_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Sexy_girl_on_the_beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Red_&_White_Abstract_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Shores_Of_Fire_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\The_Maldives_1680 x 1050 widescreen(2).jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Splash_1680 x 1050 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\The_Maldives_1680 x 1050 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Wizard_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Wooden_Boat_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2 Gescannt 901147 Gefunden 52 Scan Ende: 31.07.2012 17:11:39 Scan Zeit: 1:20:43 D:\Bilder\Wallpaper widescreen 1080\Beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Beautiful_Blue_Mountains_Landscape_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Beer_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Blue_is_the_answer_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Chevrolet_Camaro_SS_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Exotic_Paradise_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Hay_Field_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Golf_Course_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Green_Lime_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Hong_Kong_Night_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Ice_Cola_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Interesting_3d_shapes_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Island_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Maldives_Entertainment_Center_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Koh_Tao_beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Red_&_White_Abstract_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Palm_Tree_Sunset_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Palm_Tree_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Sexy_girl_on_the_beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Shores_Of_Fire_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Splash_1680 x 1050 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\The_Maldives_1680 x 1050 widescreen(2).jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\The_Maldives_1680 x 1050 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Wooden_Boat_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Wallpaper widescreen 1080\Wizard_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Beautiful_Blue_Mountains_Landscape_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Beer_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Blue_is_the_answer_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Chevrolet_Camaro_SS_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Exotic_Paradise_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Golf_Course_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Hay_Field_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Hong_Kong_Night_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Green_Lime_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Ice_Cola_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Interesting_3d_shapes_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Island_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Koh_Tao_beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Maldives_Entertainment_Center_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Palm_Tree_Sunset_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Palm_Tree_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Sexy_girl_on_the_beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Red_&_White_Abstract_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Shores_Of_Fire_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\The_Maldives_1680 x 1050 widescreen(2).jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Splash_1680 x 1050 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\The_Maldives_1680 x 1050 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Wizard_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Bilder\Sample Pictures\Wooden_Boat_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2 D:\Programme\NERO.8\Toolbar.exe Quarantäne Adware.Win32.AskTBar!E1 D:\Programme\Windows 7 Professional (32 Bit)\Windows 7 Activation\Windows 7 Activation.exe Quarantäne Trojan.Win32.Jorik.ShakBla.OJ!E1 Quarantäne 52 ] [CODE][/CODE # AdwCleaner v1.703 - Logfile created 07/31/2012 at 15:25:16 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : David - DAVID-ASUS # Running from : C:\Users\David\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\David\AppData\Roaming\pdfforge Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com File Deleted : C:\Users\David\AppData\Local\funmoods-speeddial.crx ***** [Registry] ***** Key Deleted : HKCU\Software\Ask.com.tmp Key Deleted : HKCU\Software\SweetIm Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\DT Soft Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods Key Deleted : HKLM\SOFTWARE\SweetIM [x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\prefs.js C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\user.js ... Deleted ! Deleted : user_pref("extensions.funmoods.aflt", "nv1"); Deleted : user_pref("extensions.funmoods.autoRvrt", false); Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr"); Deleted : user_pref("extensions.funmoods.cntry", "AT"); Deleted : user_pref("extensions.funmoods.dfltLng", ""); Deleted : user_pref("extensions.funmoods.dfltSrch", true); Deleted : user_pref("extensions.funmoods.dfltlng", "en"); Deleted : user_pref("extensions.funmoods.dfltsrch", "false"); Deleted : user_pref("extensions.funmoods.dnsErr", true); Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Deleted : user_pref("extensions.funmoods.excTlbr", false); Deleted : user_pref("extensions.funmoods.hdrMd5", "6EB8ABF692A8689F954D76E71379956B"); Deleted : user_pref("extensions.funmoods.hmpg", true); Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...] Deleted : user_pref("extensions.funmoods.hrdid", "C860000A53F9DBB0"); Deleted : user_pref("extensions.funmoods.id", "C860000A53F9DBB0"); Deleted : user_pref("extensions.funmoods.instlDay", "15533"); Deleted : user_pref("extensions.funmoods.instlRef", "nv1"); Deleted : user_pref("extensions.funmoods.instlday", "15533"); Deleted : user_pref("extensions.funmoods.instlref", "nv1"); Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Deleted : user_pref("extensions.funmoods.keywordurl", ""); Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:3:44"); Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Deleted : user_pref("extensions.funmoods.newTab", true); Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...] Deleted : user_pref("extensions.funmoods.newtab", true); Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...] Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods"); Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1"); Deleted : user_pref("extensions.funmoods.sg", "none"); Deleted : user_pref("extensions.funmoods.smplGrp", "none"); Deleted : user_pref("extensions.funmoods.smplgrp", "none"); Deleted : user_pref("extensions.funmoods.srch", ""); Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search"); Deleted : user_pref("extensions.funmoods.srchprvdr", "Search"); Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...] Deleted : user_pref("extensions.funmoods.tlbrid", "base"); Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...] Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:3:44"); Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2220:3:44"); Deleted : user_pref("extensions.funmoods_i.newTab", true); Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:3:44"); ************************* AdwCleaner[R1].txt - [10040 octets] - [31/07/2012 15:24:40] AdwCleaner[R2].txt - [10102 octets] - [31/07/2012 15:25:11] AdwCleaner[S1].txt - [9410 octets] - [31/07/2012 15:25:16] ########## EOF - C:\AdwCleaner[S1].txt - [9538 octets] ########## ] Vielen Dank!! |
31.07.2012, 16:52 | #8 |
/// Helfer-Team | Polizei Virus Österreich, am 31.07.2012 Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
01.08.2012, 20:39 | #9 |
| Polizei Virus Österreich, am 31.07.2012 Hier die nächsten Logs... [CODE][/ ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7fdc823b708ec444bf72b1a72b6aee53 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-01 07:36:08 # local_time=2012-08-01 09:36:08 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1792 16777215 100 0 13906408 13906408 0 0 # compatibility_mode=5893 16776573 100 94 531609 95472968 0 0 # compatibility_mode=8192 67108863 100 0 96 96 0 0 # scanned=254353 # found=0 # cleaned=0 # scan_time=6649 ] Beste Grüße |
02.08.2012, 03:55 | #10 |
/// Helfer-Team | Polizei Virus Österreich, am 31.07.2012 Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
21.08.2012, 03:33 | #11 |
/// Helfer-Team | Polizei Virus Österreich, am 31.07.2012 Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu Polizei Virus Österreich, am 31.07.2012 |
7-zip, abgesicherte, abgesicherten, abgesicherten modus, anhang, anleitung, befallen, bekannte, brauche, daten, deo0_sar.exe, ebook, ecstasy, focus, galaxy, gfnexsrv.exe, google earth, hochladen, igdpmd64.sys, install.exe, ip-adresse, leitung, libusb0.sys, logfiles, modus, notebook, officejet, oneclickdownloader, otl-scan, plug-in, polizei, polizei virus, schöne, schönen, troja, trojaner, usb 2.0, usb 3.0, virus, win64, Österreich |