| |
| |||||||
Alles rund um Windows: "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
15.10.2012, 20:45
| #1 | |||
 |  Problem: "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden. Hallo liebe Forengemeinde, Ich habe gestern offenbar mehrere dumme fatale Fehler gemacht. Ich liste die Geschehnisse zuerst einmal hier auf: 1. eine uminöse Skype Nachricht erreichte mich gestern von einem Bekannten, in der erschien dass ich irgendwo tolle Bilder in meinem Profil hätte. Darunter ein Link. Naiv wie ich bin, öffne ich diesen und es lädt sich eine Datei herunter, mit Skype Logo. Also öffne ich sie, und zack, da wars zu spät. Sämtliche Skype Kontakte bekamen von mir dieselbe Nachricht mit solchem Link zugeschickt -.- Zitat:
Mit diesem Video konnte ich offenbar etwas erreichen und den Wurm entfernen: Zitat:
Ich habe aus einem Ordner "RECYCLE" alles heraus gelöscht. Man muss sagen, immer wenn ich einen der Ordner öffnete, kam eine Meldung die mir sagte irgendwo dort wäre eine gefährliche Datei (e621ca05.exe) Nach dem löschen des RECYCLE Ordnerinhaltes kam ich dann auf der externen Festplatte "H" nirgends mehr rein. Zitat:
Alles klingt sehr nach diesem Problem: http://www.trojaner-board.de/115010-...estplatte.html Da ich mich nun hilfesuchend an euch Fachmänner wende, habe ich schon fleißig vorgearbeitet, wie es im Threat zuvor gewünscht war, und die Logdateien von Malwarebytes, OTL und CCleaner erstellt. Hier das Ergebnis: Malwarebytes: mbam-log-2012-10-15 (20-52-00).txt HTML-Code: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.15.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hannes :: KIELBASSA [Administrator] 15.10.2012 18:43:09 mbam-log-2012-10-15 (20-52-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 500062 Laufzeit: 2 Stunde(n), 6 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Hannes\AppData\Roaming\1452.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Users\Hannes\AppData\Roaming\2602.exe (Trojan.Ransom.ANC) -> Keine Aktion durchgeführt. C:\Users\Hannes\AppData\Roaming\2E9E.exe (Trojan.Ransom.ANC) -> Keine Aktion durchgeführt. C:\Users\Hannes\AppData\Roaming\3790.exe (Trojan.Ransom.ANC) -> Keine Aktion durchgeführt. C:\Users\Hannes\AppData\Roaming\3FD4.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Users\Hannes\AppData\Roaming\56F0.exe (Trojan.Ransom.ANC) -> Keine Aktion durchgeführt. C:\Users\Hannes\AppData\Roaming\5EAC.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Users\Hannes\AppData\Roaming\C3B6.exe (Trojan.Ransom.ANC) -> Keine Aktion durchgeführt. C:\Users\Hannes\AppData\Roaming\EFC9.exe (Trojan.Ransom.ANC) -> Keine Aktion durchgeführt. C:\Users\Hannes\AppData\Roaming\Vwgkgf.exe.old (Trojan.FakeSkype) -> Keine Aktion durchgeführt. (Ende) OTL OTL.txt HTML-Code: OTL logfile created on: 15.10.2012 20:54:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hannes\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 35,74% Memory free 7,83 Gb Paging File | 5,28 Gb Available in Paging File | 67,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 20,60 Gb Free Space | 17,28% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 146,75 Gb Free Space | 95,38% Space Free | Partition Type: NTFS Drive H: | 298,05 Gb Total Space | 82,68 Gb Free Space | 27,74% Space Free | Partition Type: FAT32 Computer Name: KIELBASSA | User Name: Hannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Hannes\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\ProgramData\DatacardService\DCService.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1031\UmOutlookStrings.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV:[b]64bit:[/b] - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV:[b]64bit:[/b] - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft) SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:[b]64bit:[/b] - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:[b]64bit:[/b] - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.) DRV:[b]64bit:[/b] - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:[b]64bit:[/b] - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.) DRV:[b]64bit:[/b] - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV:[b]64bit:[/b] - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:[b]64bit:[/b] - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:[b]64bit:[/b] - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV:[b]64bit:[/b] - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.) DRV:[b]64bit:[/b] - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (ksaud) -- C:\Windows\SysNative\drivers\ksaud.sys (Creative Technology Ltd.) DRV:[b]64bit:[/b] - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV:[b]64bit:[/b] - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (SaiH0C2D) -- C:\Windows\SysNative\drivers\SaiH0C2D.sys (Saitek) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: fmdownloader@gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..network.proxy.http: "93.123.45.23" FF - prefs.js..network.proxy.http_port: 8008 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.12.31 17:31:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 20:24:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 20:24:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.07 18:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions [2012.10.12 01:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\m17vktlk.default\extensions [2012.09.16 22:31:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\m17vktlk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.12 01:41:01 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\firefox\profiles\m17vktlk.default\extensions\stealthyextension@gmail.com.xpi [2012.10.01 01:08:24 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\firefox\profiles\m17vktlk.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.09.10 20:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.10 20:24:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2011.12.31 17:31:53 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX [2012.09.10 20:24:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 20:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 20:10:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.28 20:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 20:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 20:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 20:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun File not found O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:[b]64bit:[/b] - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Windows\system32\nspj7uz8.dll File not found O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{380389F5-1978-4D2C-A1F6-97676C386414}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDF45EB-8281-455E-BA7F-B7FBF93FE4CB}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE7CF3B-4145-4F90-A36B-2EF8955EFA1C}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFECACB9-5D82-4CB3-99CD-0C1982721848}: DhcpNameServer = 192.168.2.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:[b]64bit:[/b] - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:[b]64bit:[/b] - HKLM IFEO\Utilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation) O27 - HKLM IFEO\Utilman.exe: Debugger - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3402b491-a745-11e1-bf6c-14dae93eef71}\Shell - "" = AutoRun O33 - MountPoints2\{3402b491-a745-11e1-bf6c-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{3402b497-a745-11e1-bf6c-14dae93eef71}\Shell - "" = AutoRun O33 - MountPoints2\{3402b497-a745-11e1-bf6c-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{3905068d-af84-11e1-9356-14dae93eef71}\Shell - "" = AutoRun O33 - MountPoints2\{3905068d-af84-11e1-9356-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5c850714-df5d-11e1-86d0-14dae93eef71}\Shell - "" = AutoRun O33 - MountPoints2\{5c850714-df5d-11e1-86d0-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6818d084-b314-11e1-8293-14dae93eef71}\Shell - "" = AutoRun O33 - MountPoints2\{6818d084-b314-11e1-8293-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ee16af77-3a34-11e1-8e6d-14dae93eef71}\Shell - "" = AutoRun O33 - MountPoints2\{ee16af77-3a34-11e1-8e6d-14dae93eef71}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ee16af84-3a34-11e1-8e6d-14dae93eef71}\Shell - "" = AutoRun O33 - MountPoints2\{ee16af84-3a34-11e1-8e6d-14dae93eef71}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.10.15 20:53:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe [2012.10.15 18:41:47 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes [2012.10.15 18:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.15 18:41:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.15 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.15 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.15 18:34:55 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\maurice [2012.10.15 18:08:11 | 000,000,000 | ---D | C] -- C:\PPF_Scan2 [2012.10.15 13:29:59 | 000,000,000 | ---D | C] -- C:\PPFScan [2012.10.15 10:51:46 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\AVG2013 [2012.10.15 10:47:40 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software [2012.10.15 10:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.10.15 10:47:09 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.10.15 10:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.10.15 10:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012.10.15 10:43:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.10.15 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\MFAData [2012.10.15 10:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.10.15 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\Avg2013 [2012.10.15 02:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla! [2012.10.15 01:46:55 | 001,036,288 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Hannes\AppData\Roaming\Vwgkgf.exe.old [2012.10.15 00:47:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.10.15 00:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.10.15 00:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.10.10 00:06:26 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 00:06:25 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 00:06:24 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 00:06:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 00:06:10 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 00:06:10 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 00:06:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 00:06:08 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 00:06:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 00:06:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 00:06:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 00:06:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 00:06:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 00:06:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 00:06:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 00:06:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 00:06:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 00:06:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 00:06:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 00:06:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 00:06:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 00:06:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 00:06:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 00:06:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 00:06:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 00:06:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 00:06:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 00:06:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 00:06:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 00:06:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 00:06:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 00:06:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 00:06:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 00:06:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 00:06:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 00:06:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 00:06:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 00:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 00:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 00:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 00:06:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 00:05:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 00:05:34 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 00:05:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.07 11:30:47 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\Pascal [2012.10.06 20:33:36 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\Luis [2012.10.05 21:45:09 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\GoforFiles [2012.10.05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012.10.02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2012.09.26 14:12:37 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.25 18:56:12 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Documents\Native Instruments [2012.09.25 18:37:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7707EA53-E29B-48FC-B28B-C8EE171EA0EB} [2012.09.25 18:35:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2012.09.25 18:35:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133} [2012.09.25 18:35:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14} [2012.09.25 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments [2012.09.25 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2012.09.25 18:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments [2012.09.25 18:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments [2012.09.24 15:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.24 15:51:20 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.09.24 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.24 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.09.24 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.24 15:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.09.24 07:58:54 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\ElevatedDiagnostics [2012.09.24 01:00:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.24 01:00:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.24 01:00:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.24 01:00:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.24 01:00:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.24 01:00:32 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.24 01:00:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.24 01:00:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.24 01:00:32 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.24 01:00:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.24 01:00:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.24 01:00:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.24 01:00:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.24 01:00:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.24 01:00:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.21 03:46:04 | 000,200,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2012.09.21 03:46:00 | 000,225,120 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys [2012.09.21 03:45:50 | 000,061,792 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.10.15 20:53:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe [2012.10.15 20:12:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.15 18:41:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.15 13:29:38 | 006,170,946 | ---- | M] () -- C:\PPFScan.zip [2012.10.15 13:18:41 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.15 13:18:41 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.15 13:10:42 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.10.15 13:10:35 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2012.10.15 13:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.15 13:10:28 | 3152,203,776 | -HS- | M] () -- C:\hiberfil.sys [2012.10.15 10:53:28 | 000,001,391 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.10.15 10:53:27 | 000,002,250 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.10.15 10:47:40 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.10.15 10:41:04 | 000,006,904 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012.10.15 01:46:58 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\56F0.exe [2012.10.15 01:46:55 | 001,036,288 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Hannes\AppData\Roaming\Vwgkgf.exe.old [2012.10.15 01:39:47 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\C3B6.exe [2012.10.15 00:56:33 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\2E9E.exe [2012.10.15 00:47:33 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.10.15 00:34:26 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\EFC9.exe [2012.10.15 00:16:11 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\3790.exe [2012.10.14 23:54:15 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\2602.exe [2012.10.14 22:38:02 | 000,091,136 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\5EAC.exe [2012.10.14 22:20:15 | 000,091,136 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\1452.exe [2012.10.14 22:02:57 | 000,091,136 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\3FD4.exe [2012.10.12 21:32:10 | 003,255,641 | ---- | M] () -- C:\Users\Hannes\Desktop\Linkin Park - Castle of Glass.mp3 [2012.10.09 00:12:38 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 00:12:38 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.05 16:50:32 | 000,054,039 | ---- | M] () -- C:\Users\Hannes\.recently-used.xbel [2012.10.05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2012.10.02 17:35:17 | 001,531,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.02 17:35:17 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.02 17:35:17 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.02 17:35:17 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.02 17:35:17 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2012.10.01 21:56:54 | 000,015,477 | ---- | M] () -- C:\Users\Hannes\Desktop\relativ.odt [2012.09.29 17:17:29 | 000,283,745 | ---- | M] () -- C:\Users\Hannes\Desktop\screen_aragon.jpg [2012.09.28 22:15:46 | 000,000,023 | ---- | M] () -- C:\Windows\Telemax.cfg [2012.09.26 23:50:45 | 003,257,187 | ---- | M] () -- C:\Users\Hannes\Desktop\Filterfunk - S.O.S. (Message in a bottle).mp3 [2012.09.26 22:14:17 | 000,949,574 | ---- | M] () -- C:\Users\Hannes\Desktop\darkangel.bmp [2012.09.26 21:21:29 | 004,596,611 | ---- | M] () -- C:\Users\Hannes\Desktop\O Holy Night.mp3 [2012.09.26 18:14:00 | 000,072,320 | ---- | M] () -- C:\Users\Hannes\Desktop\screen.jpg [2012.09.24 15:51:26 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys [2012.09.21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys [2012.09.16 21:13:24 | 000,161,389 | ---- | M] () -- C:\Users\Hannes\Desktop\IMG_0735.JPG [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.10.15 18:41:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.15 13:29:30 | 006,170,946 | ---- | C] () -- C:\PPFScan.zip [2012.10.15 10:47:40 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.10.15 03:58:59 | 000,006,904 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012.10.15 01:46:58 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\56F0.exe [2012.10.15 01:39:47 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\C3B6.exe [2012.10.15 00:56:33 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\2E9E.exe [2012.10.15 00:47:33 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.10.15 00:34:26 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\EFC9.exe [2012.10.15 00:16:11 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\3790.exe [2012.10.14 23:54:15 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\2602.exe [2012.10.14 22:38:02 | 000,091,136 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\5EAC.exe [2012.10.14 22:20:15 | 000,091,136 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\1452.exe [2012.10.14 22:02:57 | 000,091,136 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\3FD4.exe [2012.10.12 21:32:02 | 003,255,641 | ---- | C] () -- C:\Users\Hannes\Desktop\Linkin Park - Castle of Glass.mp3 [2012.10.05 16:50:32 | 000,054,039 | ---- | C] () -- C:\Users\Hannes\.recently-used.xbel [2012.10.01 21:56:53 | 000,015,477 | ---- | C] () -- C:\Users\Hannes\Desktop\relativ.odt [2012.09.29 17:17:28 | 000,283,745 | ---- | C] () -- C:\Users\Hannes\Desktop\screen_aragon.jpg [2012.09.26 23:50:39 | 003,257,187 | ---- | C] () -- C:\Users\Hannes\Desktop\Filterfunk - S.O.S. (Message in a bottle).mp3 [2012.09.26 22:14:17 | 000,949,574 | ---- | C] () -- C:\Users\Hannes\Desktop\darkangel.bmp [2012.09.26 21:21:24 | 004,596,611 | ---- | C] () -- C:\Users\Hannes\Desktop\O Holy Night.mp3 [2012.09.26 18:14:00 | 000,072,320 | ---- | C] () -- C:\Users\Hannes\Desktop\screen.jpg [2012.09.24 15:51:26 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.16 22:30:39 | 000,161,389 | ---- | C] () -- C:\Users\Hannes\Desktop\IMG_0735.JPG [2012.01.01 18:36:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfSB1090.ini [2012.01.01 18:36:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfSB0910.ini [2012.01.01 18:36:16 | 000,001,302 | ---- | C] () -- C:\ProgramData\CfSB0300.ini [2012.01.01 18:36:16 | 000,001,282 | ---- | C] () -- C:\ProgramData\CfSB0471.ini [2012.01.01 18:36:16 | 000,001,208 | ---- | C] () -- C:\ProgramData\CfSB0490.ini [2012.01.01 18:36:16 | 000,001,027 | ---- | C] () -- C:\ProgramData\CfSB0560.ini [2012.01.01 18:36:16 | 000,001,026 | ---- | C] () -- C:\ProgramData\CfSB0271.ini [2012.01.01 18:36:16 | 000,001,026 | ---- | C] () -- C:\ProgramData\CfSB0270.ini [2011.12.28 21:58:49 | 000,001,320 | ---- | C] () -- C:\Users\Hannes\.xmlcopyeditor [2011.12.26 11:57:01 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.25 23:18:29 | 000,000,023 | ---- | C] () -- C:\Windows\AIM_LANGUAGE.INI [2011.12.25 23:18:26 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll [2011.08.01 22:10:25 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.08.01 22:10:21 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2011.08.01 22:10:21 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2011.08.01 22:05:52 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.05.31 05:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.05.31 05:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.05.31 05:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [color=#E56717]========== ZeroAccess Check ==========[/color] [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:FB1B13D8 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F < End of report > OTL Extras.txt HTML-Code: OTL Extras logfile created on: 15.10.2012 20:54:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hannes\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 35,74% Memory free 7,83 Gb Paging File | 5,28 Gb Available in Paging File | 67,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 20,60 Gb Free Space | 17,28% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 146,75 Gb Free Space | 95,38% Space Free | Partition Type: NTFS Drive H: | 298,05 Gb Total Space | 82,68 Gb Free Space | 27,74% Space Free | Partition Type: FAT32 Computer Name: KIELBASSA | User Name: Hannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02E5E742-D00B-4259-8E89-9BF482C8DBF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0B7BFF64-3321-43B1-8BFE-E949F463E639}" = lport=80 | protocol=6 | dir=in | name=portzilla | "{27A70AA2-AE8D-424D-BB32-59B75D7AA743}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4B8414AB-EF87-4E87-B3E2-4E81A555F27A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{62D68600-1566-4841-AE9D-CDCD79264BF1}" = rport=10243 | protocol=6 | dir=out | app=system | "{68E3C505-DBD8-4ABD-BD9B-307B67CDDA17}" = lport=2869 | protocol=6 | dir=in | app=system | "{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7C3206FD-EF3A-4F20-B19E-D1C7B2D38422}" = lport=10243 | protocol=6 | dir=in | app=system | "{96E50826-5763-4F7C-9C3F-9EEAA7880D91}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{A73D21E0-2A37-468B-97E6-CCE261297780}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C86F11C7-45B8-4DDB-978E-2E5F4FF477D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C91B9424-3A89-4E46-8581-56AF7087F375}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CC69F13F-4366-4DA8-9385-A4FBF1D54E83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FEDD84E8-E22C-4819-BB18-0EA1EBC1377D}" = rport=80 | protocol=6 | dir=out | name=portzilla | "{FF2CAC67-8E03-4636-B952-2BFF2F07BCF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04B0C917-8D07-47E5-BC8D-379C4DCFD5BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0613819D-12FE-4E9C-9471-40185B98059F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{0ABE4624-AD5B-4249-A542-5CA3926E309B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1433ADA2-5900-4529-A8B8-BDABA9FF56B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{19831690-6C12-470D-AF79-DF09F5938958}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1A711653-AE56-4781-9B0F-E08B09ABD42E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1AAB0ED7-75FF-46BB-B86A-BF16DF392D3D}" = protocol=6 | dir=out | app=system | "{1F613550-42D9-4B65-A07C-86440D1333AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1FF77936-77CF-42A2-BF97-CA738C5D7FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2849F3ED-C5B4-414D-903D-F9833D2BAB9B}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\motogp 08\launcher.exe | "{3029D8D4-16CD-4D65-B89D-2B6D12C2C0F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3085D343-B749-47AC-BC41-EC81513C65C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3980DD5D-579A-47BD-9E26-4E303859C4BA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{3FBFE550-A11C-46E4-A1C8-6B23A5EB565E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5841D293-622C-461D-B4B5-B089FA18A0DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\freier91\counter-strike\hl.exe | "{5A2874A7-F5F3-4133-B2F0-6F09012AF484}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{626A9366-99C4-4370-9970-6004C527F266}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7042B5DD-FCF7-4731-A77C-61CFC6C8FD0F}" = dir=out | app=%programfiles% (x86)\filezilla ftp client\filezilla.exe | "{724A9711-6C51-4A1C-A358-92A73BF57A76}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{724C1C73-245D-4F1B-B19C-86FCBA4A2BFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{758728D5-C5CD-464C-B66D-E7740F502283}" = protocol=6 | dir=in | app=c:\users\hannes\appdata\roaming\dropbox\bin\dropbox.exe | "{788C5CAA-B865-4D8E-8B54-E45787B909CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7BE2B377-5C9D-4F36-BF1C-7E9F4BB51134}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{97449A8C-7EC4-44BF-9F56-1D0071CE1DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\motogp 08\launcher.exe | "{ABC2B705-8F11-416A-A629-E121D1C2E909}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{B3056D4E-492B-430D-B0E6-28F298D46CF0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{B4A98FA2-DE77-4A70-B880-28A2E56D6AB8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B7B9CD1C-619B-412D-BB9A-40C428342C77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BCB306BF-A1E6-46C9-BF12-74E490AF5FCE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BFAEA048-8DC6-4306-A8E5-9A2698B02DF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C78E86E7-C625-4D69-95AD-6ECDEF8E2AEB}" = protocol=17 | dir=in | app=c:\users\hannes\appdata\roaming\dropbox\bin\dropbox.exe | "{D1C61C95-F41C-4F17-B1D5-8D3AEBEF1E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{D1FA73CF-28C2-446C-9260-9F7D61D61203}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{DBF68FFD-AA31-4319-AA59-DACF981C8B4F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DEC855E7-8328-4E89-86C0-8951C38CAE00}" = dir=in | app=%programfiles% (x86)\filezilla ftp client\filezilla.exe | "{E1961299-8F53-46B7-AFDD-AA09357440A5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E44ED274-BEB0-4DDF-BFAB-D13C0AB11737}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E79E9A00-4AB7-4604-867A-BB1F26BB0129}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FA66990D-F63D-4A36-9F07-D958E0541714}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "TCP Query User{420D6895-171E-474D-B920-453B7FAB1A02}C:\users\hannes\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hannes\appdata\local\akamai\netsession_win.exe | "TCP Query User{57068E5D-248C-4A5F-9E03-77C1133D7E47}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{C21A39D4-FCBD-4FCA-AC24-30017B62E2C2}C:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe | "TCP Query User{C68E6C17-D94E-45E0-9D36-20810F50298C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{103709F8-69C3-4171-BE49-536D3AA992C4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "UDP Query User{4FE2528B-EB7E-4F70-835F-CDD1CA63AF76}C:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe | "UDP Query User{A9AC11CC-1A01-4E09-BF78-63461976A65B}C:\users\hannes\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hannes\appdata\local\akamai\netsession_win.exe | "UDP Query User{B8460581-260A-4A16-B6F8-2E9BC8F37C5A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety "{2C43E67B-0CDC-48BE-A374-23BEB0E48A72}" = AVG 2013 "{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety "{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety "{92C0E71C-5917-4FF2-9A5E-8BB0E85E0625}" = AVG 2013 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2 "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety "AVG" = AVG 2013 "Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BDA825AD-D60B-4935-9590-B0F1AC2E0D22}" = MotoGP 08 "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{C09EDA0B-0F8A-4F02-8922-43247E695F0F}" = RACE STUDIO 2 "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1345EF1-9655-47C0-BB35-6DC2BD0A2826}" = Trapcode Particular 32 bit "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "5513-1208-7298-9440" = JDownloader 0.9 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4 "Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.3.5 "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic "Audacity_is1" = Audacity 2.0 "Bookworm Deluxe" = Bookworm Deluxe "Cooking Dash" = Cooking Dash "FileZilla Client" = FileZilla Client 3.5.3 "FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "FormatFactory" = FormatFactory 2.90 "Free Audio Converter_is1" = Free Audio Converter version 5.0.4.1228 "Freemake Video Downloader_is1" = Freemake Video Downloader "Governor of Poker" = Governor of Poker "Hotel Dash Suite Success" = Hotel Dash Suite Success "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{D1345EF1-9655-47C0-BB35-6DC2BD0A2826}" = Trapcode Particular 32 bit "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "IrfanView" = IrfanView (remove only) "Jewel Quest 3" = Jewel Quest 3 "Luxor 3" = Luxor 3 "Mahjongg dimensions" = Mahjongg dimensions "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor 2" = Native Instruments Traktor 2 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Pamela" = Pamela Pro 4.8 "Plants vs Zombies" = Plants vs Zombies "PSPad editor_is1" = PSPad editor "RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X "SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1 "Steam App 10" = Counter-Strike "Steam App 220" = Half-Life 2 "Telekom Internet Manager" = Telekom Internet Manager "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 2.0.2 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = WinRAR "World of Goo" = World of Goo [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "TeamSpeak 3 Client" = TeamSpeak 3 Client [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 29.05.2012 16:02:13 | Computer Name = Kielbassa | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 29.05.2012 16:02:53 | Computer Name = Kielbassa | Source = MsiInstaller | ID = 10005 Description = Error - 29.05.2012 16:04:32 | Computer Name = Kielbassa | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 29.05.2012 16:12:43 | Computer Name = Kielbassa | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 30.05.2012 03:32:49 | Computer Name = Kielbassa | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 30.05.2012 03:34:06 | Computer Name = Kielbassa | Source = MsiInstaller | ID = 10005 Description = Error - 30.05.2012 03:35:12 | Computer Name = Kielbassa | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 30.05.2012 03:43:10 | Computer Name = Kielbassa | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 30.05.2012 23:48:40 | Computer Name = Kielbassa | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 30.05.2012 23:49:16 | Computer Name = Kielbassa | Source = MsiInstaller | ID = 10005 Description = [ System Events ] Error - 20.04.2012 06:38:35 | Computer Name = Kielbassa | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 20.04.2012 08:30:57 | Computer Name = Kielbassa | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 20.04.2012 08:42:30 | Computer Name = Kielbassa | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 20.04.2012 08:55:06 | Computer Name = Kielbassa | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 20.04.2012 08:56:48 | Computer Name = Kielbassa | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 20.04.2012 09:00:15 | Computer Name = Kielbassa | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 07.05.2012 14:03:01 | Computer Name = Kielbassa | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht. Error - 07.05.2012 14:03:01 | Computer Name = Kielbassa | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 15.05.2012 17:05:19 | Computer Name = Kielbassa | Source = Service Control Manager | ID = 7043 Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error - 30.05.2012 03:37:47 | Computer Name = Kielbassa | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 109.42.32.26 mit dem Computer mit der Netzwerkhardwareadresse 02-50-F3-00-00-00 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. < End of report > |
|
15.10.2012, 20:46
| #2 |
| | "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden. Anleitung / HilfeCCleaner install.txt HTML-Code: 7-Zip 9.20 29.03.2012 Adobe After Effects CS4 Adobe Systems Incorporated 15.01.2012 1,09GB 9 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.10.2012 6,00MB 11.4.402.287 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.10.2012 6,00MB 11.4.402.287 Alcor Micro USB Card Reader Alcor Micro Corp. 01.08.2011 2,89MB 1.8.17.26026 Any DVD Converter Professional 4.3.5 Any-DVD-Converter.com 13.03.2012 102MB Apple Application Support Apple Inc. 24.09.2012 64,5MB 2.2.2 Apple Mobile Device Support Apple Inc. 24.09.2012 23,7MB 6.0.0.59 Apple Software Update Apple Inc. 24.01.2012 2,38MB 2.1.3.127 ASUS AI Recovery ASUS 01.08.2011 6,95MB 1.0.13 ASUS FancyStart ASUSTeK Computer Inc. 26.12.2011 12,0MB 1.1.0 ASUS LifeFrame3 ASUS 26.12.2011 30,2MB 3.0.21 ASUS Live Update ASUS 01.08.2011 2.5.9 ASUS Power4Gear Hybrid ASUS 01.08.2011 13,2MB 1.1.43 ASUS SmartLogon ASUS 26.12.2011 11,1MB 1.0.0011 ASUS Splendid Video Enhancement Technology ASUS 14.01.2012 24,4MB 1.02.0031 ASUS Virtual Camera asus 26.12.2011 3,13MB 1.0.21 ASUS WebStorage eCareme Technologies, Inc. 01.08.2011 3.0.84.161 AsusScr_K3 Series_ENG_Basic ASUS 01.08.2011 58,6MB 1.0.0001 AsusVibe2.0 ASUSTEK 01.08.2011 2.0.4.617 ATK Package ASUS 01.08.2011 12,0MB 1.0.0008 Audacity 2.0 Audacity Team 18.03.2012 42,1MB AVG 2013 AVG Technologies 15.10.2012 2013.0.2740 Bonjour Apple Inc. 24.01.2012 2,00MB 3.0.0.10 Bookworm Deluxe Oberon Media Inc. 01.08.2011 CCleaner Piriform 24.09.2012 3.23 Cisco EAP-FAST Module Cisco Systems, Inc. 01.08.2011 1,55MB 2.2.14 Cisco LEAP Module Cisco Systems, Inc. 01.08.2011 644KB 1.0.19 Cisco PEAP Module Cisco Systems, Inc. 01.08.2011 1,23MB 1.1.6 Control ActiveX de Windows Live Mesh para conexiones remotas Microsoft Corporation 12.04.2011 5,37MB 15.4.5722.2 Controlo ActiveX do Windows Live Mesh para Ligações Remotas Microsoft Corporation 12.04.2011 5,38MB 15.4.5722.2 Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 12.04.2011 5,37MB 15.4.5722.2 Cooking Dash Oberon Media Inc. 01.08.2011 Counter-Strike Valve 22.02.2012 Counter-Strike 1.6 22.02.2012 1.00.0000 CyberLink LabelPrint CyberLink Corp. 01.08.2011 137MB 2.5.1908 CyberLink Power2Go CyberLink Corp. 01.08.2011 110MB 6.1.3602c Dropbox Dropbox, Inc. 13.06.2012 1.4.7 ETDWare PS/2-X64 8.0.5.0_WHQL ELAN Microelectronic Corp. 01.08.2011 8.0.5.0 Fast Boot ASUS 01.08.2011 1,46MB 1.0.8 FileZilla Client 3.5.3 FileZilla Project 14.01.2012 16,3MB 3.5.3 Firebird SQL Server - MAGIX Edition MAGIX AG 15.08.2012 10,1MB 2.1.27.0 FormatFactory 2.90 Free Time 06.04.2012 2.90 Free Audio Converter version 5.0.4.1228 DVDVideoSoft Ltd. 19.02.2012 57,3MB Freemake Video Downloader Ellora Assets Corporation 31.12.2011 32,4MB 3.0.0 GIMP 2.6.11 The GIMP Team 27.12.2011 107MB 2.6.11 Google Toolbar for Internet Explorer Google Inc. 01.08.2011 Governor of Poker Oberon Media Inc. 01.08.2011 Half-Life 2 Valve 26.12.2011 Hotel Dash Suite Success Oberon Media Inc. 01.08.2011 Intel(R) Control Center Intel Corporation 01.08.2011 1.2.1.1007 Intel(R) Management Engine Components Intel Corporation 01.08.2011 7.0.0.1118 Intel(R) Processor Graphics Intel Corporation 01.08.2011 8.15.10.2291 IrfanView (remove only) Irfan Skiljan 30.01.2012 1,50MB 4.32 iTunes Apple Inc. 24.09.2012 182MB 10.7.0.21 Java(TM) 6 Update 35 Oracle 05.09.2012 95,7MB 6.0.350 Jewel Quest 3 Oberon Media Inc. 01.08.2011 Luxor 3 Oberon Media Inc. 01.08.2011 MAGIX Screenshare MAGIX AG 15.08.2012 1,43MB 4.3.6.1987 MAGIX Speed burnR (MSI) MAGIX AG 15.08.2012 53,0MB 7.0.2.6 Mahjongg dimensions Oberon Media Inc. 01.08.2011 Malwarebytes Anti-Malware Version 1.65.0.1400 Malwarebytes Corporation 15.10.2012 19,3MB 1.65.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 28.12.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 28.12.2011 2,93MB 4.0.30319 Microsoft Flight Simulator X: Acceleration Microsoft Game Studios 05.01.2012 10.0.61637.0 Microsoft Office 2010 Microsoft Corporation 12.04.2011 6,31MB 14.0.4763.1000 Microsoft Office Klick-und-Los 2010 Microsoft Corporation 26.12.2011 14.0.4763.1000 Microsoft Office Professional Plus 2010 Microsoft Corporation 29.12.2011 14.0.6029.1000 Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 26.12.2011 14.0.4763.1000 Microsoft Silverlight Microsoft Corporation 15.05.2012 80,3MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 12.04.2011 1,69MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.01.2012 250KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.12.2011 300KB 8.0.56336 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 27.12.2011 572KB 8.0.61000 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 27.05.2012 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 28.05.2012 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2012 11,1MB 10.0.40219 Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Corporation 17.01.2012 211MB 9.0.30729 Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU Microsoft Corporation 16.01.2012 95,7MB 9.0.30729 Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft Corporation 16.01.2012 152KB 9.0.30729 Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU Microsoft Corporation 16.01.2012 226KB 9.0.30729 MotoGP 08 Capcom 28.12.2011 1.00.0000 Mozilla Firefox 15.0 (x86 de) Mozilla 30.08.2012 38,4MB 15.0 Mozilla Firefox 15.0.1 (x86 de) Mozilla 11.09.2012 38,4MB 15.0.1 Mozilla Maintenance Service Mozilla 11.09.2012 327KB 15.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 06.01.2012 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 06.01.2012 1,34MB 4.20.9876.0 MSXML 4.0 SP2 Parser und SDK Microsoft Corporation 04.01.2012 1,23MB 4.20.9818.0 Native Instruments Controller Editor 25.09.2012 Native Instruments Controller Editor Native Instruments 25.09.2012 Native Instruments Service Center 25.09.2012 Native Instruments Service Center Native Instruments 25.09.2012 Native Instruments Traktor 2 25.09.2012 Native Instruments Traktor 2 Native Instruments 25.09.2012 Nuance PDF Reader Nuance Communications, Inc. 12.04.2011 47,8MB 6.00.0041 Pamela Pro 4.8 Scendix Software-Vertriebsges. mbH 27.02.2012 4.8 PDFCreator Frank Heindörfer, Philip Chinery 23.02.2012 1.2.3 Plants vs Zombies Oberon Media Inc. 01.08.2011 PSPad editor Jan Fiala 16.01.2012 13,7MB RACE STUDIO 2 AIM 25.12.2011 2.38.11 BETA Ralink RT2860 Wireless LAN Card Ralink 01.08.2011 1.5.9.0 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 01.08.2011 6.0.1.6324 Skype™ 5.10 Skype Technologies S.A. 15.10.2012 19,4MB 5.10.116 Steam Valve 26.12.2011 10,6MB 1.0.0.0 syncables desktop SE syncables 12.04.2011 163MB 5.5.746.11492 TeamSpeak 3 Client TeamSpeak Systems GmbH 05.09.2012 3.0.8.1 Telekom Internet Manager Huawei Technologies Co.,Ltd 08.01.2012 11.301.05.05.748 Trapcode Particular 32 bit Red Giant Software 02.02.2012 18,2MB 2.1.1 Trend Micro Titanium Internet Security Trend Micro Inc. 12.04.2011 210MB 3.0 Virtual DJ - Atomix Productions 11.01.2012 Visual Studio 2010 x64 Redistributables AVG Technologies 15.10.2012 12,4MB 13.0.0.1 VLC media player 2.0.2 VideoLAN 19.07.2012 2.0.2 Vodafone Mobile Connect Lite Vodafone 06.06.2012 19,1MB 9.4.3.17550 Windows Live Essentials Microsoft Corporation 12.04.2011 15.4.3508.1109 Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 12.04.2011 5,37MB 15.4.5722.2 Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 12.04.2011 5,37MB 15.4.5722.2 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 12.04.2011 5,38MB 15.4.5722.2 WinFlash ASUS 26.12.2011 856KB 2.31.1 WinPcap 4.1.2 CACE Technologies 31.12.2011 4.1.0.2001 WinRAR 26.12.2011 Wireless Console 3 ASUS 01.08.2011 2,44MB 3.0.19 World of Goo Oberon Media Inc. 01.08.2011 Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις Microsoft Corporation 12.04.2011 5,38MB 15.4.5722.2 Элемент управления Windows Live Mesh ActiveX для удаленных подключений Microsoft Corporation 12.04.2011 5,37MB 15.4.5722.2 פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים Microsoft Corporation 12.04.2011 5,37MB 15.4.5722.2 عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة Microsoft Corporation 12.04.2011 5,37MB 15.4.5722.2 適用遠端連線的 Windows Live Mesh ActiveX 控制項 Microsoft Corporation 12.04.2011 5,56MB 15.4.5722.2 Über Eure Hilfe würde ich mich sehr freuen  Ich bin sehr unglücklich darüber, und mit Sicherheit war mit das ne Lehre *grummel* Vielen Dank vorab, und sorry für die Arbeit (schlechtes Gewissen) Liebe Grüße, Hannes |
|
15.10.2012, 20:56
| #3 |
| /// caddy ☀    | "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden. Details Hallo Damien91 und
__________________ wenn du deinen PC auf Malware untersuchen lassen möchtest, befindest du dich leider im falschen Unterforum. Bitte lies folgende verlinkte Anleitung vollständig durch => Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? und erstelle anschließend dort => Plagegeister aller Art und deren Bekämpfung ein neues Thema. P.S. Bitte die Logfiles als Anhang posten und nicht nochmal antworten. Threads mit Antworten werden als bereits in Arbeit angesehen und eventuell übersehen. Gruß cad
__________________ |
|
| Themen zu "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden. |
| 7-zip, adobe after effects, akamai, audacity, avg, bho, bonjour, defender, document, entfernen, fehler, festplatte, firefox, flash player, format, home, install.exe, jdownloader, logfile, microsoft office starter 2010, mozilla, msiinstaller, plug-in, port, problem, realtek, registry, rundll, scan, software, svchost.exe, t-mobile, teamspeak, third party, trojan.ransom.anc, udp, visual studio, wurm |
Linear-Darstellung
