Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Polizei Virus Österreich, am 31.07.2012

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 31.07.2012, 08:59   #1
johnny-d
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Hallo,

auch mein Notebook wurde nun leider von dem bekannten "Polizei Virus" befallen !
Wie in der Anleitung geschildert, habe ich im abgesicherten Modus einen OTL-Scan gemacht um Ihnen hier die zwei Logfiles im Anhang hochladen zu können.

Hier die OTL und EXTRA direkt als Code:

OTL:
[CODE][OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.07.2012 09:52:05 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Johnny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 5,03 Gb Available Physical Memory | 85,16% Memory free
11,81 Gb Paging File | 11,06 Gb Available in Paging File | 93,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,45 Gb Total Space | 153,05 Gb Free Space | 54,77% Space Free | Partition Type: NTFS
Drive D: | 394,18 Gb Total Space | 238,62 Gb Free Space | 60,54% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: Johnny-ASUS | User Name: Johnny | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 09:18:53 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Johnny\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2011.09.27 16:04:18 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.08.08 07:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.07.27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.07.27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.07.27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.06.03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011.03.04 02:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.01 23:38:24 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2012.06.27 07:46:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 20:37:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:37:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.04 08:17:03 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.18 12:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.10.18 12:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.10.18 12:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.09.09 00:48:30 | 000,092,800 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.11.18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Stopped] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.29 20:31:28 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2012.07.20 11:45:29 | 000,052,832 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.05.21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.05.08 20:37:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:37:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.05.06 13:12:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.10.19 04:56:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.10.19 04:56:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.09.27 16:56:52 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.27 15:25:08 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.09.20 19:56:42 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.29 17:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.09 02:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.08.08 17:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.08.08 17:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.08.04 03:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.02 02:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.08.02 02:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.07.21 13:01:14 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.14 00:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.15 12:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.09.20 19:56:42 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2011.09.07 19:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596
IE - HKLM\..\SearchScopes\{5991C7F0-6CFA-D58B-3201-7C3D08E6D208}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
 
 
 
 
 
 
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1802959\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.23 13:02:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.06.13 20:23:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 07:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.04 15:42:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.23 13:02:02 | 000,000,000 | ---D | M]
 
[2012.02.22 22:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Extensions
[2012.07.12 20:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.07.12 20:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.07.29 09:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions
[2012.07.12 20:03:48 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com
[2012.07.12 20:04:50 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions\OneClickDownload@OneClickDownload.com
[2012.07.12 20:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged
[2012.07.12 20:03:52 | 000,002,327 | ---- | M] () -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\searchplugins\Search.xml
[2012.03.22 19:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.26 16:04:00 | 000,276,167 | ---- | M] () (No name found) -- C:\USERS\Johnny\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\03FZ0B43.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.02.22 22:33:00 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\Johnny\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\03FZ0B43.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.06.27 07:46:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Update] C:\Users\Johnny\AppData\Roaming\deo0_sar.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [Update] C:\Users\Johnny\AppData\Roaming\deo0_sar.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB861BD-D212-4285-91EA-472938063372}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFE1DACC-026E-4510-9BE5-B4ECE6FFEFBD}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.07.31 09:21:20 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Johnny\Desktop\OTL.exe
[2012.07.29 20:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
[2012.07.29 20:31:28 | 000,031,344 | ---- | C] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys
[2012.07.29 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
[2012.07.29 20:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify
[2012.07.29 20:29:19 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\Chris_Pietschmann_(http__
[2012.07.29 20:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
[2012.07.29 20:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router
[2012.07.20 11:45:29 | 000,076,384 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll
[2012.07.20 11:45:29 | 000,067,680 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2012.07.20 11:45:29 | 000,052,832 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys
[2012.07.20 10:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MINDSTORMS NXT 2.0
[2012.07.20 10:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Software
[2012.07.13 15:37:05 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\LEGO Creations
[2012.07.13 15:37:05 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\LEGO Company
[2012.07.13 15:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
[2012.07.13 15:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company
[2012.07.13 15:05:06 | 001,077,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSCOMCTL.OCX
[2012.07.13 15:05:06 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSHFLXGD.OCX
[2012.07.13 15:05:06 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RICHTX32.OCX
[2012.07.13 09:02:59 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\MiKTeX
[2012.07.13 09:02:58 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\MiKTeX
[2012.07.13 08:57:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2012.07.13 08:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeXnicCenter
[2012.07.13 08:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2012.07.13 08:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2012.07.13 08:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.9
[2012.07.12 20:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
[2012.07.12 20:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
[2012.07.12 20:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012.07.10 22:41:58 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Desktop\dani´s galaxy funkt nicht-Dateien
[2012.06.13 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.06.13 20:40:21 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\AVS4YOU
[2012.06.13 20:40:16 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.06.13 20:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.06.13 20:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.06.13 20:40:11 | 000,658,432 | ---- | C] (Borland Corporation) -- C:\Windows\SysWow64\cc3270mt.dll
[2012.06.13 20:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.06.13 20:39:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.06.13 20:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVSAudioConverter
[2012.06.13 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\Freemake
[2012.06.13 20:23:36 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012.06.13 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012.06.13 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012.06.13 20:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2012.06.13 19:59:14 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
[2012.06.13 19:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2012.06.13 17:28:10 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.06.13 17:28:10 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
 
========== Files - Modified Within 60 Days ==========
 
[2012.07.31 09:36:51 | 000,000,168 | ---- | M] () -- C:\Users\Johnny\defogger_reenable
[2012.07.31 09:34:26 | 000,050,477 | ---- | M] () -- C:\Users\Johnny\Desktop\Defogger.exe
[2012.07.31 09:22:12 | 001,643,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.31 09:22:12 | 000,708,032 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.31 09:22:12 | 000,663,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.31 09:22:12 | 000,151,668 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.31 09:22:12 | 000,124,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.31 09:18:53 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Johnny\Desktop\OTL.exe
[2012.07.31 09:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 09:18:50 | 461,414,399 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 08:26:33 | 000,002,430 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.07.31 08:26:24 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012.07.31 08:26:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 08:24:04 | 000,158,208 | ---- | M] () -- C:\Users\Johnny\AppData\Roaming\deo0_sar.exe
[2012.07.31 08:16:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 08:01:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 20:40:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 20:40:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 20:38:06 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.07.29 20:34:48 | 000,001,591 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.07.29 20:31:33 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Connectify.lnk
[2012.07.29 20:31:28 | 000,031,344 | ---- | M] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys
[2012.07.29 20:25:52 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2012.07.20 14:16:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2012.07.20 11:45:59 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.07.20 11:45:29 | 000,076,384 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll
[2012.07.20 11:45:29 | 000,067,680 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2012.07.20 11:45:29 | 000,052,832 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys
[2012.07.13 07:55:04 | 000,000,538 | ---- | M] () -- C:\Users\Johnny\Documents\3-D Sex and Zen Extreme Ecstasy 3D SBS (2011) [BDRip 1080p][WwW.ZoNaTorrent.CoM].magnet
[2012.07.12 21:25:36 | 000,000,657 | ---- | M] () -- C:\Users\Johnny\Documents\Matlab 2012a for Windows 32 & 64 bit ISO License.magnet
[2012.07.12 20:03:45 | 000,384,844 | ---- | M] () -- C:\Users\Johnny\AppData\Local\funmoods-speeddial.crx
[2012.07.12 20:03:45 | 000,031,465 | ---- | M] () -- C:\Users\Johnny\AppData\Local\funmoods.crx
[2012.07.10 22:42:00 | 000,051,827 | ---- | M] () -- C:\Users\Johnny\Desktop\dani´s galaxy funkt nicht.html
[2012.06.22 08:33:40 | 000,000,750 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012.06.18 14:56:30 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.06.05 20:59:03 | 000,000,065 | ---- | M] () -- C:\Users\Johnny\nxj.cache
 
========== Files Created - No Company Name ==========
 
[2012.07.31 09:36:51 | 000,000,168 | ---- | C] () -- C:\Users\Johnny\defogger_reenable
[2012.07.31 09:35:58 | 000,050,477 | ---- | C] () -- C:\Users\Johnny\Desktop\Defogger.exe
[2012.07.31 08:24:08 | 000,158,208 | ---- | C] () -- C:\Users\Johnny\AppData\Roaming\deo0_sar.exe
[2012.07.29 20:31:33 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Connectify.lnk
[2012.07.29 20:25:52 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2012.07.20 14:16:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2012.07.20 11:45:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.07.13 07:55:04 | 000,000,538 | ---- | C] () -- C:\Users\Johnny\Documents\3-D Sex and Zen Extreme Ecstasy 3D SBS (2011) [BDRip 1080p][WwW.ZoNaTorrent.CoM].magnet
[2012.07.12 21:25:36 | 000,000,657 | ---- | C] () -- C:\Users\Johnny\Documents\Matlab 2012a for Windows 32 & 64 bit ISO License.magnet
[2012.07.12 20:03:46 | 000,384,844 | ---- | C] () -- C:\Users\Johnny\AppData\Local\funmoods-speeddial.crx
[2012.07.12 20:03:46 | 000,031,465 | ---- | C] () -- C:\Users\Johnny\AppData\Local\funmoods.crx
[2012.07.10 22:41:58 | 000,051,827 | ---- | C] () -- C:\Users\Johnny\Desktop\dani´s galaxy funkt nicht.html
[2012.06.22 08:31:02 | 000,000,750 | ---- | C] () -- C:\WirelessDiagLog.csv
[2012.05.30 19:20:59 | 000,000,065 | ---- | C] () -- C:\Users\Johnny\nxj.cache
[2012.05.06 17:40:35 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012.02.23 18:41:36 | 000,142,486 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.02.23 18:41:36 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2012.02.23 17:41:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.02.23 12:59:02 | 000,197,052 | ---- | C] () -- C:\Windows\hpwins27.dat
[2012.02.23 12:59:02 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2012.02.22 21:35:53 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.01.05 02:27:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.05 02:25:25 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.01.05 02:24:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.01.05 02:24:37 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.01.05 02:24:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.01.05 02:24:37 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.01.05 02:24:36 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.01.05 02:24:36 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.01.05 02:24:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.10.19 06:26:32 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.10.19 06:11:04 | 001,622,690 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.13 08:19:48 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.09.28 08:15:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
 
========== LOP Check ==========
 
[2012.02.22 21:48:44 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\ASUS WebStorage
[2012.07.29 12:23:18 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Azureus
[2012.04.03 12:14:08 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\BlackBean
[2012.02.23 19:37:50 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\DAEMON Tools Lite
[2012.05.06 17:40:47 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\EDrawings
[2012.05.07 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\FreePDF
[2012.05.02 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Leadertech
[2012.07.13 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\LEGO Company
[2012.02.22 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Nuance
[2012.05.06 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\pdfforge
[2012.05.02 16:17:31 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\PTC
[2012.02.27 14:08:46 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Samsung
[2012.03.13 14:12:28 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\SoftGrid Client
[2012.02.22 22:49:26 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\TP
[2012.02.22 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Zeon
[2012.05.18 08:39:09 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 368 bytes -> C:\Users\Johnny\Documents\boot:$WIMMOUNTDATA

< End of report >
         
--- --- ---
]


Extras.txt:
[CODE][OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.07.2012 09:25:56 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Johnny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 5,22 Gb Available Physical Memory | 88,42% Memory free
11,81 Gb Paging File | 11,14 Gb Available in Paging File | 94,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,45 Gb Total Space | 153,13 Gb Free Space | 54,80% Space Free | Partition Type: NTFS
Drive D: | 394,18 Gb Total Space | 238,62 Gb Free Space | 60,54% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 7,51 Gb Total Space | 2,63 Gb Free Space | 35,00% Space Free | Partition Type: NTFS
 
Computer Name: Johnny-ASUS | User Name: Johnny | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02776A95-A671-4437-BB03-DABB9E1E963D}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | 
"{09665EB7-E3F8-4024-9C23-27BCD3B3C99E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0CA6D96D-8BC7-471B-8B9C-750C6A103750}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | 
"{1A7EAC65-979E-4072-98EB-7A6E98A36493}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1B4F128D-8EC3-4163-A7DD-2F087D8046C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{20ED59CB-5997-479E-B054-F30432ABB8AC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{210CD088-D0A2-4425-9A2C-C47C2AA0DB7A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{21687C94-2728-4BA4-93DF-A42B16EA4BEF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2310D153-5619-47FB-91A5-66C9579A8E35}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | 
"{3CB1AF1F-29E6-459D-9D8B-52CC8D21A317}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | 
"{40999BEF-8B0A-42F7-A644-22E4E236060B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{41FCCF86-465B-401B-AEDE-A146E3D0BF5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{58761C6A-4EF7-4C29-9C49-72F7BAEF703E}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | 
"{65B1BCB7-B766-4645-BB3B-5F4F3E326B6A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6CC7A384-DC44-431B-B8B9-BDC17B5F4AA1}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
"{728C3760-A594-4DED-8B6E-8DD1C4E77369}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{77311723-B497-4541-84B7-76EBD3DEF068}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7803A9EA-EC51-4476-995A-89DB09E44CC1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{7A0222AE-3EEE-4A02-BFD7-B2A19E0FB9C3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8B2C5FDF-4220-49CB-B593-AD2651C71AE5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8C8B5235-4943-40D1-AD64-A9429B873327}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8F3200EF-88E8-4424-A7BB-155DBDEF1A33}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | 
"{9CF462DF-95E6-4305-866F-72FA2E6F4C0A}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe | 
"{9E140F29-F7CE-4F2B-BC2F-A221BC9213F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A10B44D6-815C-4EF4-97C3-FF837BD94AC5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AC882C1F-EBF3-48BF-83D5-5954B640008A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B1120A88-C8ED-41D9-90C3-AA7A5630F67F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B9432D2C-D034-4BE7-A564-002EEBDD9A88}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{BB6FC7E9-BDF7-4673-865B-4EEF644043A0}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe | 
"{BD9CB303-7785-4BBA-B79C-2B39BFC87184}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5957981-5689-4336-9CB8-A16EFC5AB79E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C6216C44-CD0C-4141-B106-9A48DFDA4C1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA83FDBA-7724-4DF9-8446-C21C7A7630CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF4D702F-4056-4EDA-B352-1F7034F12661}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E3180847-D216-408D-B3B7-AD90DEE75771}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E83683FB-59A5-4684-BA6F-C078A6AAA5F0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{EB03A23F-7150-4D40-9CA5-47DFF3A4C3E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F23ACB46-A1A4-4D5B-80B1-516BE19BE1A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D0504F4-FD22-431E-998A-CDC883E3EDE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{100C5DD8-EB06-4708-8A3A-F624171AC594}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1769223A-8704-4DF6-A829-E04E74B9E007}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{190CFA4B-2395-4566-AB28-1091FB5A177E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1AD748D7-C450-4A3D-9D43-2B3509B3963F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{209F67F8-9274-4899-AF62-8973792805E9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{279614F3-D3DC-4C7A-9417-DB9705FA79BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{28C08126-7E76-49E7-B5A0-0F74B153D638}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{2F5F064B-3ED2-465C-BFE6-2721930A725D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{33F1F7D7-9D76-4DF9-B1AD-F9A0B7090B14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{375A4B42-0228-430D-AE15-C3FCC0A07BDE}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{40A3D7BE-8678-465B-B0D1-88180B93DE42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{426DC1E7-7253-4276-9EBE-805349ED6C34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{48186F91-04D1-4BEC-97CC-EEA73CE77AE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{4F918FBB-4B91-4545-BF18-435C327FE0EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5056C963-F7B5-447C-ACC1-8487D0306D87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{5504E16F-C49C-4F12-BBBE-C25AE69E5E00}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{58629E3E-7D21-4FC5-8B74-2BCCDB9ECEDF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6067E188-C27C-40AB-8389-0F8787931A6A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{62855932-57B0-4A54-BCC6-4F4BA1D87695}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{635FBD1D-63F9-4374-A0B5-33DBFAE809E5}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{6384F30E-1B50-4917-97BC-D3D2D3FD3473}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{64985CFA-F45A-4E30-A45C-A589C5689B58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6A44B4FA-275D-49AB-B421-CB76A3494B08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{6E296A85-3956-4752-9FEA-40E65BACF25D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{7073BF1F-C399-486D-B0B4-AF765E4E8FDD}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{73416B8E-C194-4EBD-BC53-8EDBE39A482A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{742D2D1B-F763-44D2-84CE-0F5640745F75}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) | 
"{7807E5F3-F296-488E-955F-8CCC2830F1C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{7FA5F9FC-A2CB-4E40-A114-1EE475B785B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{879E72BF-61AA-4B25-A9B0-CD47C993D5CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{88193ADE-F01B-4946-ACCE-6808706AD5BE}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | 
"{8E0D188F-2182-435B-9EB4-B5CC649E2F3D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{921A167F-94A1-45A0-9889-FCA595A1D7A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{964CBFB8-C811-4E0D-9145-268DA753F3D4}" = protocol=6 | dir=out | app=system | 
"{9AFE7A49-ACEA-4E0A-AA9D-68848AD73D23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A245AD73-4DCB-4661-BCA8-828536BEC090}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | 
"{A3D10A0F-6803-48ED-B3E9-E8C0AB7B46C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5645019-78A3-47EA-9151-94FD2743AEF1}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | 
"{A5B3B568-139A-49B4-85E1-077D31C5E393}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A74CFE5C-0B50-4A4D-B8C7-CE314FC6D408}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A755B2B7-2626-45C2-880B-C47F8A010E12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{A9B5F34A-7E43-4357-93EE-5E29E1710B1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{AC7BA865-1F8D-4040-8BF0-8CB5F0A4D4D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{ACD244F1-C3DF-477D-AABC-CE144251E189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2C13D44-50EF-49D3-8812-CFE813C0151A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{B4C606D4-D183-49EE-962E-907EA42E8E0B}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe | 
"{B6111225-5018-43EC-B319-29C531AF7CF2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BD58A205-4E97-455F-A8A5-EC9164ADE49D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BF53FAC9-3AA1-4CA7-B89D-513359511A8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C18048B6-6B21-454E-A5A6-91579BBF79AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{C46BC635-BC6E-4FEA-8BDB-6FB250BEBA62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CCBC01E3-3080-4ABF-B290-E42AA6BD1221}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{D3DE9C33-3325-42CD-A62F-CCE162919736}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5483BD1-DA5E-4611-93AA-854857432A2F}" = dir=out | app=c:\windows\system32\svchost.exe | 
"{D8C4ED7B-8978-4806-AC4B-BC881B367716}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{DA6AD6BC-4CE1-4050-AAD2-6927A1DF337F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DBB0FFAA-DA51-44CF-8236-58138E85A850}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{DC0D7C0D-DCA2-40EF-8433-C007AA4F9B0F}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | 
"{DC71FBED-4827-4340-AAC5-1DEA9DA8D75B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E31385DF-DE7D-42D9-9729-A693A61C36BE}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{E8E23B35-FF8B-4663-A7C2-0E8260713836}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | 
"{E94AD1CB-6BA7-44B0-A1B5-5AB85D499274}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EA874F92-3705-4373-B746-2EAC3C5D5630}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{EC73A0AB-3F44-4D3B-B963-B9AB3DD95E7E}" = dir=in | app=c:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe | 
"{F5069BD0-6F8D-471A-91F4-02A3C90531F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{F7F08280-19BC-4BB3-AC0E-5008E5F96848}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FDD8AB72-01F8-4477-B802-87C88FD906F3}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | 
"{FDD96A5B-D830-49E1-B8D6-3C634B41B339}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"TCP Query User{05148EB2-0A9B-4C90-96B6-3BE741F38AB1}C:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\pro_comm_msg.exe | 
"TCP Query User{0BDB9768-11E9-44D5-8AFF-0B7F093C5856}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
"TCP Query User{478542B4-6A27-4691-BF3A-30A06704DC95}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{59A4139A-F61B-4D8C-B321-B478065DBDE6}C:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\xtop.exe | 
"TCP Query User{7062FA7F-786E-47C0-8664-1C0C7AE1E75B}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"TCP Query User{836DB014-1058-49B8-9C05-62E853A814F3}C:\program files\ptc\creo elements\pro5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\bin\proe.exe | 
"TCP Query User{A3F015D3-5839-4C31-B5B7-CC9B1E59757C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{AC7E5C09-7AB7-40D7-BE90-9060007FDEA0}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"TCP Query User{AF426936-D222-4C87-85AF-B542880BD069}C:\program files\ptc\creo elements\pro5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\nms\nmsd.exe | 
"TCP Query User{BC5E540B-A5EA-4B88-817D-56ECA6F1DFB0}C:\program files\matlab\r2012a\bin\win64\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2012a\bin\win64\matlab.exe | 
"UDP Query User{2F7B46E1-AA67-41A8-B26E-16709BFE6C64}C:\program files\ptc\creo elements\pro5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\nms\nmsd.exe | 
"UDP Query User{30695E70-CBB2-4B75-BE88-02D739618A7B}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"UDP Query User{3C95A88F-F216-4FED-8342-39ABF3296877}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{465F701A-624D-4522-9AAA-CE210B0B4F8B}C:\program files\matlab\r2012a\bin\win64\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2012a\bin\win64\matlab.exe | 
"UDP Query User{86F8F17D-7105-4F0B-B5ED-68CB7F3784C7}C:\program files\ptc\creo elements\pro5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\bin\proe.exe | 
"UDP Query User{97FF0997-9DF9-4A83-AB07-34E07B372A2D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{A70A07F0-9F38-402B-9969-9E08AEDEA85A}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
"UDP Query User{B66C24CF-48F9-4193-A239-7512B731E69B}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"UDP Query User{C44226FF-190A-4631-9CB1-D1BFA7407B48}C:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\xtop.exe | 
"UDP Query User{F9008894-6272-4482-A09D-82E9D759924B}C:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo elements\pro5.0\x86e_win64\obj\pro_comm_msg.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C3A5D69-BA3F-C1B6-2BE2-1FC74AEF5603}" = AMD AVIVO64 Codecs
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{54467C1D-3CF7-A3B2-A72D-C97515E6603A}" = ccc-utility64
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E5A1435-D1AD-49E2-AB89-31BD7BB350CF}" = ProductView Express 9.1
"{80015C1E-CF30-474A-AA70-F48CF5BB7AC5}" = SolidWorks eDrawings 2012 x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92015CBE-D397-C3EA-99FC-B03051DE69A4}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE1D4582-D449-495C-9DC6-B92E16C7DB63}" = LEGO MINDSTORMS NXT Driver for x64
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety
"{B38968E0-778F-47C3-8781-BAD4E497801C}" = HP Officejet 4500 G510g-m
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DCC7ADF1-1C02-4FAC-AC5F-E9424A0F1C68}" = Creo Thumbnail Viewer 1.0
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"A-WIN-Extras 8.0.0 1802959_is1" = Mathematica Extras 8.0 (1802959)
"Connectify" = Connectify
"Creo Elements/Pro Release 5.0 Datecode M110" = Creo Elements/Pro Release 5.0 Datecode M110
"GPL Ghostscript 9.04" = GPL Ghostscript
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Matlab R2012a" = MATLAB R2012a
"MediaInfo" = MediaInfo 0.7.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiKTeX 2.9" = MiKTeX 2.9
"M-WIN-L 8.0.0 1803527_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.0 1803527)
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.1.0-git-20120217-1212
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02CA72F4-D62F-B098-8E03-2CA3726DADD8}" = Catalyst Control Center Profiles Mobile
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{07AB0247-FEF5-425F-BF51-1F51354DA983}" = SBK®2011 FIM Superbike World Championship
"{08C6EABF-9B49-E8A2-6CD7-67A8DFB2B3F5}" = CCC Help Czech
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E8B5A1-7CE3-2890-B601-AD1894D4E8B5}" = CCC Help Hungarian
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2222706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 SDK
"{233E81F1-83AB-18D9-4BF1-3B375AE4D11E}" = Catalyst Control Center Graphics Previews Common
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{253252E2-EFAE-4AA8-96B6-0828619E536C}_is1" = leJOS NXJ 0.9.1beta-2
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{363FCBCD-2900-91A5-11A3-3B54C646E1F4}" = CCC Help Norwegian
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F0F7284-6243-A036-0E32-EA5145F24B08}" = CCC Help Chinese Standard
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4614C36E-AABF-42AD-9419-0B8051547B96}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{505A4995-6975-D40F-DF63-37E95919BD06}" = Catalyst Control Center Localization All
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5994B82C-F940-F603-5523-80533CBB6A3E}" = CCC Help Swedish
"{5B2374E3-0589-D4B8-7235-4CC581827531}" = CCC Help Spanish
"{5B7EDCF8-E6AD-4E99-972C-34BF1F07B349}" = LEGO MINDSTORMS NXT Software v2.0
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F595606-213F-135C-F632-3D563A8B2F2C}" = CCC Help Greek
"{61ED9291-BCF4-72DB-86E0-346234D7FF0D}" = CCC Help Polish
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7DC60B84-3CD0-1458-BA7C-B48C5F876963}" = Catalyst Control Center
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E7A5A7D-1045-4075-9808-60C0DE69D38A}" = 4500G510gm_web
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9135FAAF-1FA7-3188-A03A-F1D93E9C25E4}" = CCC Help Italian
"{92447039-DC7B-46BF-9D1D-2B92FA89F914}" = SBK®2011 FIM Superbike World Championship
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A138F658-D69C-E4B5-3E88-FD0D35B8648A}" = CCC Help Dutch
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B43DC77D-577A-49BD-AE9D-99497C9E71FB}" = Catalyst Control Center - Branding
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7E2386E-869F-EFAD-8C58-B60D463AF599}" = CCC Help Turkish
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C211509D-0405-98A7-80DA-17F147C7EC3D}" = CCC Help Korean
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2156D27-B4A2-D130-BFA7-8C62ACD579DD}" = CCC Help French
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help_Web
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15ACAA4-40DC-DBAE-5969-72865AE1F1A3}" = PX Profile Update
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E1D8C2DC-7335-BFF4-BB01-08952DACCE7B}" = CCC Help English
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3618E3B-9E86-AE4F-DF6A-695CBC8E5348}" = Catalyst Control Center InstallProxy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E68F98C3-6E2E-04A7-CF3C-869A8A08321C}" = CCC Help Portuguese
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEBFA06C-8FF8-9716-93DF-DC24E22A0ACB}" = CCC Help Russian
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F44C3156-554C-B107-9A32-D5939A8F45F4}" = CCC Help Finnish
"{F4613A0E-C301-CC91-3169-D65E3EB6353A}" = CCC Help Danish
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7082FDA-193B-ED77-2195-B23B9CAAD0B5}" = CCC Help German
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8967C9A-49F4-1520-F4A2-DC0E86D2D65B}" = CCC Help Thai
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8D5FBF7-6826-6406-303C-F2C06789BD3C}" = CCC Help Chinese Traditional
"{F9408107-4DCC-A7B1-AD90-E938F77EDCDA}" = CCC Help Japanese
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"1ClickDownload" = 1ClickDownloader
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K3 Series_ENG" = AsusScr_K3 Series_ENG
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"FreePDF_XP" = FreePDF (Remove only)
"funmoods" = Funmoods Web Search
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"ProInst" = Intel PROSet Wireless
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kies Air Discovery Service" = Kies Air Discovery Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2012 05:09:45 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2012
 
Error - 29.06.2012 05:09:45 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012
 
Error - 29.06.2012 08:08:20 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.06.2012 08:08:20 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 29.06.2012 08:08:20 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 29.06.2012 08:08:21 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.06.2012 08:08:21 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2013
 
Error - 29.06.2012 08:08:21 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error - 29.06.2012 08:08:22 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.06.2012 08:08:22 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011
 
Error - 29.06.2012 08:08:22 | Computer Name = Johnny-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
 
[ System Events ]
Error - 09.07.2012 01:34:47 | Computer Name = Johnny-Asus | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.07.2012 01:34:47 | Computer Name = Johnny-Asus | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 10.07.2012 03:04:36 | Computer Name = Johnny-Asus | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?07.?2012 um 16:18:47 unerwartet heruntergefahren.
 
Error - 10.07.2012 14:53:28 | Computer Name = Johnny-Asus | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.2 mit 
dem Computer mit der  Netzwerkhardwareadresse E8-5B-5B-3F-E7-A9 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 10.07.2012 16:05:55 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 12.07.2012 13:05:29 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 14.07.2012 06:19:54 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 17.07.2012 13:21:54 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 18.07.2012 02:05:47 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 19.07.2012 02:08:58 | Computer Name = Johnny-Asus | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
 
< End of report >
         
--- --- ---
]


BITTE können Sie mir helfen diesen Trojaner wieder los zu werden, brauche das Notebook und vor allem meine Daten für die Bachelorarbeit!

Vielen Dank im voraus,
und schönen Tag noch!!

Geändert von johnny-d (31.07.2012 um 09:05 Uhr)

Alt 31.07.2012, 09:29   #2
t'john
/// Helfer-Team
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 
IE - HKLM\..\SearchScopes\{5991C7F0-6CFA-D58B-3201-7C3D08E6D208}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox 
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" 
FF - prefs.js..browser.search.defaultenginename: "Search" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [Update] C:\Users\Johnny\AppData\Roaming\deo0_sar.exe () 
O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found 
O4 - HKU\S-1-5-21-972475053-585952779-2059876441-1001..\Run: [Update] C:\Users\Johnny\AppData\Roaming\deo0_sar.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O7 - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 
O7 - HKU\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 


[2012.07.31 08:24:04 | 000,158,208 | ---- | M] () -- C:\Users\Johnny\AppData\Roaming\deo0_sar.exe 

@Alternate Data Stream - 368 bytes -> C:\Users\Johnny\Documents\boot:$WIMMOUNTDATA 
[2012.07.12 20:03:48 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com 
[2012.07.12 20:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged 
[2012.07.12 20:03:52 | 000,002,327 | ---- | M] () -- C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\searchplugins\Search.xml 
[2012.07.12 20:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods 
[2012.07.31 08:26:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.31 08:16:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.31 08:01:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 31.07.2012, 09:45   #3
johnny-d
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Hier ist das neue Logfile:

[CODE][All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5991C7F0-6CFA-D58B-3201-7C3D08E6D208}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5991C7F0-6CFA-D58B-3201-7C3D08E6D208}\ not found.
HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "chrome://speeddial/content/speeddial.xul" removed from browser.startup.homepage
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "Google" removed from browser.search.selectedEngine
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully.
File C:\Users\Johnny\AppData\Roaming\deo0_sar.exe not found.
Registry value HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Run\\KiesHelper deleted successfully.
Registry value HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully.
File C:\Users\Johnny\AppData\Roaming\deo0_sar.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-972475053-585952779-2059876441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\Users\Johnny\AppData\Roaming\deo0_sar.exe not found.
Unable to delete ADS C:\Users\Johnny\Documents\boot:$WIMMOUNTDATA .
Folder C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com\ not found.
Folder C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged\ not found.
File C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\searchplugins\Search.xml not found.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh folder moved successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22 folder moved successfully.
C:\Program Files (x86)\Funmoods folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\David\Desktop\cmd.bat deleted successfully.
C:\Users\David\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 3559438944 bytes
->Temporary Internet Files folder emptied: 23332928 bytes
->Java cache emptied: 5704049 bytes
->FireFox cache emptied: 310197447 bytes
->Flash cache emptied: 3734 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 245290700 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 26311240152 bytes

Total Files Cleaned = 29.044,00 mb


[EMPTYFLASH]

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07312012_103525

Files\Folders moved on Reboot...
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
]

Vielen Dank, schon jetzt für die wahnsinnig schnelle Antwort! Super!
Kann jetzt schon wieder im Normalen Modus starten, klasse!

Soll ich anschliesend auser einem Scan mit Malwarebytes noch was anderes machen?

Nochmals DANKE!!
__________________

Alt 31.07.2012, 09:46   #4
t'john
/// Helfer-Team
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Sehr gut!

Ja, im normalen Modus starten!

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 14:28   #5
johnny-d
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Hallo,

hier die anderen Logfiles!

mbam-log-2012-07-31 (10-51-24):
[CODE][/Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-ASUS [Administrator]

31.07.2012 10:51:24
mbam-log-2012-07-31 (10-51-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 648073
Laufzeit: 1 Stunde(n), 34 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 25
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 11
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Programme\Wolfram Mathematica 8\keygen\Windows\5.2.0 AGAiN\Keymaker.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Programme\Wolfram Mathematica 8\keygen\Windows\7.0.0 EDGE\keygen.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\David\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\David\AppData\Roaming\deo0_sar.exe (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
]

mbam-log-2012-07-31 (15-20-58)
[CODE][/Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-ASUS [Administrator]

31.07.2012 10:51:24
mbam-log-2012-07-31 (15-20-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 648073
Laufzeit: 1 Stunde(n), 34 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 25
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 11
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07312012_103525\C_Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
D:\Programme\Wolfram Mathematica 8\keygen\Windows\5.2.0 AGAiN\Keymaker.exe (Malware.Gen) -> Keine Aktion durchgeführt.
D:\Programme\Wolfram Mathematica 8\keygen\Windows\7.0.0 EDGE\keygen.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\David\AppData\Roaming\deo0_sar.exe (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.

(Ende)
]

AdwCleaner[R1]
[CODE][/C# AdwCleaner v1.703 - Logfile created 07/31/2012 at 15:24:40
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : David - DAVID-ASUS
# Running from : C:\Users\David\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\David\AppData\Roaming\pdfforge
Folder Found : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com
File Found : C:\Users\David\AppData\Local\funmoods-speeddial.crx

***** [Registry] *****

Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods
Key Found : HKLM\SOFTWARE\SweetIM
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\prefs.js

Found : user_pref("extensions.funmoods.aflt", "nv1");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Found : user_pref("extensions.funmoods.cntry", "AT");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dfltlng", "en");
Found : user_pref("extensions.funmoods.dfltsrch", "false");
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "6EB8ABF692A8689F954D76E71379956B");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Found : user_pref("extensions.funmoods.hrdid", "C860000A53F9DBB0");
Found : user_pref("extensions.funmoods.id", "C860000A53F9DBB0");
Found : user_pref("extensions.funmoods.instlDay", "15533");
Found : user_pref("extensions.funmoods.instlRef", "nv1");
Found : user_pref("extensions.funmoods.instlday", "15533");
Found : user_pref("extensions.funmoods.instlref", "nv1");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.keywordurl", "");
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:3:44");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Found : user_pref("extensions.funmoods.newtab", true);
Found : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.prtnrid", "funmoods");
Found : user_pref("extensions.funmoods.savedVrsnTs", "1");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.smplgrp", "none");
Found : user_pref("extensions.funmoods.srch", "");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.srchprvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Found : user_pref("extensions.funmoods.tlbrid", "base");
Found : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:3:44");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnts", "1.5.23.2220:3:44");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:3:44");

*************************

AdwCleaner[R1].txt - [9972 octets] - [31/07/2012 15:24:40]

########## EOF - C:\AdwCleaner[R1].txt - [10100 octets] ##########
]


Vielen, vielen DANK!!
Wünsche Ihnen noch einen schönen Tag!


Alt 31.07.2012, 14:31   #6
t'john
/// Helfer-Team
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> Polizei Virus Österreich, am 31.07.2012

Alt 31.07.2012, 16:27   #7
johnny-d
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Hallo,

hier dann die nächsten Logfiles:

[CODE][/CODE
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 31.07.2012 15:50:46

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 31.07.2012 15:50:56

D:\Programme\Windows 7 Professional (32 Bit)\Windows 7 Activation\Windows 7 Activation.exe gefunden: Trojan.Win32.Jorik.ShakBla.OJ!E1
D:\Programme\NERO.8\Toolbar.exe gefunden: Adware.Win32.AskTBar!E1
D:\Bilder\Wallpaper widescreen 1080\Beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Beautiful_Blue_Mountains_Landscape_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Beer_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Blue_is_the_answer_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Chevrolet_Camaro_SS_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Exotic_Paradise_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Hay_Field_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Golf_Course_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Green_Lime_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Hong_Kong_Night_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Ice_Cola_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Interesting_3d_shapes_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Island_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Maldives_Entertainment_Center_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Koh_Tao_beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Red_&_White_Abstract_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Palm_Tree_Sunset_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Palm_Tree_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Sexy_girl_on_the_beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Shores_Of_Fire_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Splash_1680 x 1050 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\The_Maldives_1680 x 1050 widescreen(2).jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\The_Maldives_1680 x 1050 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Wooden_Boat_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Wizard_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Beautiful_Blue_Mountains_Landscape_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Beer_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Blue_is_the_answer_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Chevrolet_Camaro_SS_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Exotic_Paradise_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Golf_Course_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Hay_Field_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Hong_Kong_Night_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Green_Lime_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Ice_Cola_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Interesting_3d_shapes_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Island_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Koh_Tao_beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Maldives_Entertainment_Center_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Palm_Tree_Sunset_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Palm_Tree_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Sexy_girl_on_the_beach_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Red_&_White_Abstract_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Shores_Of_Fire_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\The_Maldives_1680 x 1050 widescreen(2).jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Splash_1680 x 1050 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\The_Maldives_1680 x 1050 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Wizard_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Wooden_Boat_1440 x 900 widescreen.jpg gefunden: Trojan.Win32.Jpgiframe!E2

Gescannt 901147
Gefunden 52

Scan Ende: 31.07.2012 17:11:39
Scan Zeit: 1:20:43

D:\Bilder\Wallpaper widescreen 1080\Beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Beautiful_Blue_Mountains_Landscape_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Beer_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Blue_is_the_answer_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Chevrolet_Camaro_SS_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Exotic_Paradise_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Hay_Field_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Golf_Course_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Green_Lime_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Hong_Kong_Night_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Ice_Cola_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Interesting_3d_shapes_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Island_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Maldives_Entertainment_Center_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Koh_Tao_beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Red_&_White_Abstract_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Palm_Tree_Sunset_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Palm_Tree_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Sexy_girl_on_the_beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Shores_Of_Fire_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Splash_1680 x 1050 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\The_Maldives_1680 x 1050 widescreen(2).jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\The_Maldives_1680 x 1050 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Wooden_Boat_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Wallpaper widescreen 1080\Wizard_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Beautiful_Blue_Mountains_Landscape_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Beer_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Blue_is_the_answer_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Chevrolet_Camaro_SS_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Exotic_Paradise_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Golf_Course_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Hay_Field_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Hong_Kong_Night_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Green_Lime_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Ice_Cola_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Interesting_3d_shapes_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Island_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Koh_Tao_beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Maldives_Entertainment_Center_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Palm_Tree_Sunset_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Palm_Tree_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Sexy_girl_on_the_beach_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Red_&_White_Abstract_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Shores_Of_Fire_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\The_Maldives_1680 x 1050 widescreen(2).jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Splash_1680 x 1050 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\The_Maldives_1680 x 1050 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Wizard_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Bilder\Sample Pictures\Wooden_Boat_1440 x 900 widescreen.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
D:\Programme\NERO.8\Toolbar.exe Quarantäne Adware.Win32.AskTBar!E1
D:\Programme\Windows 7 Professional (32 Bit)\Windows 7 Activation\Windows 7 Activation.exe Quarantäne Trojan.Win32.Jorik.ShakBla.OJ!E1

Quarantäne 52
]

[CODE][/CODE
# AdwCleaner v1.703 - Logfile created 07/31/2012 at 15:25:16
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : David - DAVID-ASUS
# Running from : C:\Users\David\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\David\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\extensions\ffxtlbr@funmoods.com
File Deleted : C:\Users\David\AppData\Local\funmoods-speeddial.crx

***** [Registry] *****

Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods
Key Deleted : HKLM\SOFTWARE\SweetIM
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtD0AyDtA0Fzy0D0B0BtDtN0D0Tzu0CtCzyyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=24866596 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\prefs.js

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\03fz0b43.default\user.js ... Deleted !

Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "AT");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", "false");
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "6EB8ABF692A8689F954D76E71379956B");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.hrdid", "C860000A53F9DBB0");
Deleted : user_pref("extensions.funmoods.id", "C860000A53F9DBB0");
Deleted : user_pref("extensions.funmoods.instlDay", "15533");
Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Deleted : user_pref("extensions.funmoods.instlday", "15533");
Deleted : user_pref("extensions.funmoods.instlref", "nv1");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:3:44");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:3:44");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2220:3:44");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:3:44");

*************************

AdwCleaner[R1].txt - [10040 octets] - [31/07/2012 15:24:40]
AdwCleaner[R2].txt - [10102 octets] - [31/07/2012 15:25:11]
AdwCleaner[S1].txt - [9410 octets] - [31/07/2012 15:25:16]

########## EOF - C:\AdwCleaner[S1].txt - [9538 octets] ##########

]

Vielen Dank!!

Alt 31.07.2012, 16:52   #8
t'john
/// Helfer-Team
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.08.2012, 20:39   #9
johnny-d
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Hier die nächsten Logs...

[CODE][/
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7fdc823b708ec444bf72b1a72b6aee53
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-01 07:36:08
# local_time=2012-08-01 09:36:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 13906408 13906408 0 0
# compatibility_mode=5893 16776573 100 94 531609 95472968 0 0
# compatibility_mode=8192 67108863 100 0 96 96 0 0
# scanned=254353
# found=0
# cleaned=0
# scan_time=6649
]

Beste Grüße

Alt 02.08.2012, 03:55   #10
t'john
/// Helfer-Team
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.08.2012, 03:33   #11
t'john
/// Helfer-Team
 
Polizei Virus Österreich, am 31.07.2012 - Standard

Polizei Virus Österreich, am 31.07.2012



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Polizei Virus Österreich, am 31.07.2012
7-zip, abgesicherte, abgesicherten, abgesicherten modus, anhang, anleitung, befallen, bekannte, brauche, daten, deo0_sar.exe, ebook, ecstasy, focus, galaxy, gfnexsrv.exe, google earth, hochladen, igdpmd64.sys, install.exe, ip-adresse, leitung, libusb0.sys, logfiles, modus, notebook, officejet, oneclickdownloader, otl-scan, plug-in, polizei, polizei virus, schöne, schönen, troja, trojaner, usb 2.0, usb 3.0, virus, win64, Österreich




Ähnliche Themen: Polizei Virus Österreich, am 31.07.2012


  1. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (24)
  2. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (4)
  3. Polizei Virus Österreich vom 23.10.12
    Log-Analyse und Auswertung - 25.10.2012 (1)
  4. Polizei Virus Österreich
    Log-Analyse und Auswertung - 13.10.2012 (2)
  5. Österreich Polizei Virus
    Log-Analyse und Auswertung - 05.10.2012 (4)
  6. polizei virus österreich
    Log-Analyse und Auswertung - 22.09.2012 (1)
  7. Polizei Virus Österreich
    Log-Analyse und Auswertung - 16.09.2012 (32)
  8. Polizei Virus Österreich
    Log-Analyse und Auswertung - 14.09.2012 (13)
  9. Polizei Virus Österreich
    Log-Analyse und Auswertung - 07.09.2012 (22)
  10. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (3)
  11. Polizei Virus - 100 EUR Österreich
    Log-Analyse und Auswertung - 25.08.2012 (5)
  12. Polizei Virus Österreich
    Log-Analyse und Auswertung - 19.08.2012 (4)
  13. Polizei Virus Österreich
    Log-Analyse und Auswertung - 14.08.2012 (13)
  14. Polizei-Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (26)
  15. Polizei 5.2 Virus Österreich
    Log-Analyse und Auswertung - 26.07.2012 (2)
  16. Polizei Virus Österreich vom 23. Juli 2012
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (23)
  17. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)

Zum Thema Polizei Virus Österreich, am 31.07.2012 - Hallo, auch mein Notebook wurde nun leider von dem bekannten "Polizei Virus" befallen ! Wie in der Anleitung geschildert, habe ich im abgesicherten Modus einen OTL-Scan gemacht um Ihnen hier - Polizei Virus Österreich, am 31.07.2012...
Archiv
Du betrachtest: Polizei Virus Österreich, am 31.07.2012 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.