| |
| |||||||
Log-Analyse und Auswertung: Virus/Trojaner: Java:Malware-gen[Trj]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.10.2012, 09:21
| #1 |
| | ![Virus/Trojaner: Java:Malware-gen[Trj] - Standard](images/icons/icon1.gif){kind=icon} Virus/Trojaner: Java:Malware-gen[Trj] Liebe Trojaner-Board-Helfer, Ich habe nach merkwürdigem Verhalten beim Online-banking auf meinem Laptop einen avast! Antivirus Startzeit-Test durchgeführt und dabei folgendes Ergebnis erhalten: (ich habe meinen Namen durch "MEINNAME" ersetzt) avast! Antivirus Startzeit-Überprüfung Dateiname C:\Users\MEINNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4b87730a-18c15777|>I\I.class Schweregrad Hoch Status Bedrohung: Java:Malware-gen[Trj] Aktion In Container verschieben Ergebnis Aktion erfolgreich Daraufhin habe ich auf http://www.trojaner-board.de/125765-...e-gen-trj.html einen Hinweis auf den gleichen Virus/Trojaner gefunden und die dort von kira empfohlenen Schritte durchgeführt: 1. Malwarebytes (Log siehe Anlage) 2. OTL (Logs siehe Anlage) 3. CCleaner - installierte Programme (Log siehe Anlage) 4. Avira Free Antivirus habe ich nicht installiert, sondern Avast!, da gibt es aber sowas wie Funde exportieren nicht glaube ich. Eine weitere Startzeit-Überprüfung war negativ (er meldete mir nur vier beschädigte Ie-AddonIcon-Dateien SkypeToolsbars.msi) Soll ich Avira statt avast! installieren und Schritt 4 auch noch durchführen? Habe ich den Trojaner nun noch auf meinem System, oder ist es wieder sicher? Danke im Voraus und herzlichen Gruß! Geändert von m.a.p. (19.10.2012 um 10:05 Uhr) |
|
19.10.2012, 13:22
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus/Trojaner: Java:Malware-gen[Trj] Die Logs bitte nur in den Anhang (gezippt) legen, wenn sie zu groß sind um direkt gepostet zu werden!
__________________Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher übersichtlicher und man spart sich ne Menge Rumklickerei Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
19.10.2012, 14:22
| #3 |
| | Virus/Trojaner: Java:Malware-gen[Trj] Ich verstehe noch nicht ganz wie und wo man die Logs anders einfügt als im text (ging in meinem Fall nicht, weil der Text dann zuviele Zeichen enthalten hätte) oder als txt-Anhang (ging nicht bei den beiden längeren Logs, zu viel kb).
__________________Ich werde das beim nächsten Problem gerne üben - reicht es bei diesem Mal, dass die 4 Logs allesamt im zip-Ordner liegen, kann mein Falld ennoch bearbeitet werden? Danke und nochmals herzlichen Gruß! |
|
19.10.2012, 15:22
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Trojaner: Java:Malware-gen[Trj] Es wäre schön wenn du die Logs dann einzeln postest - pro Beitrag ein Log, das jeweils in CODE-Tags Zu lange Logs kann man zB über zwei Beiträge verteilt posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.10.2012, 16:55
| #5 |
| | Virus/Trojaner: Java:Malware-gen[Trj]Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.19.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MEINNAME :: MEINNAME-ZENBK [limitiert] Schutz: Aktiviert 19.10.2012 08:29:06 mbam-log-2012-10-19 (08-29-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 416610 Laufzeit: 25 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 19.10.2012 08:59:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MEINNAME\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,93% Memory free 7,81 Gb Paging File | 5,21 Gb Available in Paging File | 66,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 95,39 Gb Total Space | 11,29 Gb Free Space | 11,84% Space Free | Partition Type: NTFS Drive D: | 135,08 Gb Total Space | 40,21 Gb Free Space | 29,76% Space Free | Partition Type: NTFS Computer Name: MEINNAME-ZENBK | User Name: MEINNAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MEINNAME\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.) PRC - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\ismagent.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Scpad\scpVista.exe (Banco Bradesco S.A.) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBContentAnalyzer.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8f0cf05d2b1e46a772312143227cb6ed\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\4278bedb3086448c94c1e7f563325052\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\plugin\libbizlplugin.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\plugin\libpserverplugin.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\sqlite3.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\plugin\libloggerplugin.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\zlib1.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\log4cplus.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\libgsoap.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\QtNetwork4.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\QtXml4.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\featureController.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\eventsSender.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\QtCore4.dll () MOD - D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\DeviceProfile.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (scpVista) -- C:\Program Files (x86)\Scpad\scpVista.exe (Banco Bradesco S.A.) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic) DRV:64bit: - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (assd) -- C:\Windows\SysNative\drivers\assd.sys (ASUS Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (AX88772B) -- C:\Windows\SysNative\drivers\ax88772b.sys (ASIX Electronics Corp.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.) DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.) DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (AiCharger) -- C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV - (ATKWMIACPIIO_) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {DDFCB1B0-F0BD-4BBF-AF02-616044AE55C8} IE - HKCU\..\SearchScopes\{D213953F-C617-412C-863F-6759F524B56C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=503A1A1A-995D-4724-B458-00FD5F47A603&apn_sauid=5C68B6F9-65E6-47D4-8378-31EB0EB1FCDE IE - HKCU\..\SearchScopes\{DDFCB1B0-F0BD-4BBF-AF02-616044AE55C8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_deDE499 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\npAppUp.dll (Intel) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.10.19 06:36:18 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MEINNAME\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: AppUp (Enabled) = D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\npAppUp.dll CHR - Extension: avast! WebRep = C:\Users\MEINNAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: Skype Click to Call = C:\Users\MEINNAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll (Banco Bradesco S.A.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Intel AppUp(SM) center] D:\Program Files (x86)\Notebooksbilliger\IntelAppStore\bin\ismagent.lnk () O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\MEINNAME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\MEINNAME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} https://cpne.bradesco.com.br/certifexp.cab (ValidaUsuario Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92AE5D6B-F477-4A67-80FA-FFE30EDE4DE5}: DhcpNameServer = 192.168.23.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC45D8D3-1BED-49E9-AB20-EAB8740CA9B2}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2a013e50-83b1-11e1-9543-e0b9a5d3be83}\Shell - "" = AutoRun O33 - MountPoints2\{2a013e50-83b1-11e1-9543-e0b9a5d3be83}\Shell\AutoRun\command - "" = E:\Install.exe O33 - MountPoints2\{5d8ab4ef-edf4-11e1-ba38-e0b9a5d3be83}\Shell - "" = AutoRun O33 - MountPoints2\{5d8ab4ef-edf4-11e1-ba38-e0b9a5d3be83}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{e50c45e2-7ce4-11e1-a9e1-e0b9a5d1c2ac}\Shell - "" = AutoRun O33 - MountPoints2\{e50c45e2-7ce4-11e1-a9e1-e0b9a5d1c2ac}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.19 08:26:53 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Malwarebytes [2012.10.19 08:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.19 08:26:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.19 08:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.19 08:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.19 01:03:07 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Sony PMB [2012.10.19 01:03:05 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Sony Corporation [2012.10.19 00:48:04 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2012.10.19 00:48:04 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2012.10.19 00:48:03 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2012.10.19 00:48:03 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2012.10.19 00:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB [2012.10.19 00:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012.10.19 00:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012.10.13 15:54:23 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\PDF24 [2012.10.10 14:03:34 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 14:03:33 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 14:03:32 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 14:03:22 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 14:03:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 14:03:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 14:03:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 14:03:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 14:03:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 14:03:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 14:03:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 14:03:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 14:03:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 14:03:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 14:03:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:03:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:03:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:03:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:03:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 14:03:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:03:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:03:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:03:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:03:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:03:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:03:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:03:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:03:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:03:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:03:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:03:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:03:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:03:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:03:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:03:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:03:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:03:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:03:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:03:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:03:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:03:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:03:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:03:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:03:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 14:02:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 14:02:04 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 14:02:03 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.09.28 22:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.09.28 22:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24 [2012.09.26 09:12:08 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.23 09:06:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.23 09:06:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.23 09:06:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.23 09:06:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.23 09:06:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.23 09:06:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.23 09:06:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.23 09:06:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.23 09:06:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.23 09:06:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.23 09:06:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.23 09:06:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.23 09:06:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.23 09:06:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.23 09:06:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.20 00:46:32 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Steuern Wien [2012.09.19 10:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DrTaxAT [2012.09.19 10:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DrTaxAT ========== Files - Modified Within 30 Days ========== [2012.10.19 08:26:38 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 08:26:38 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 08:26:12 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.19 08:26:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.19 08:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.19 08:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.19 08:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.19 01:08:14 | 002,546,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.19 01:08:14 | 000,744,146 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012.10.19 01:08:14 | 000,711,830 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.19 01:08:14 | 000,666,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.19 01:08:14 | 000,152,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.19 01:08:14 | 000,150,308 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012.10.19 01:08:14 | 000,125,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.19 01:01:24 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys [2012.10.19 00:44:39 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\PMB-Hilfe.lnk [2012.10.19 00:44:39 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\PMB Launcher.lnk [2012.10.19 00:44:39 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\PMB.lnk [2012.10.18 21:13:06 | 000,001,342 | ---- | M] () -- C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.10.12 04:30:00 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.10.09 19:13:31 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 19:13:31 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.28 22:38:26 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.09.28 22:38:26 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.09.28 01:36:28 | 000,207,748 | ---- | M] () -- C:\Users\MEINNAME\Desktop\prod art br_invoice201200058.pdf [2012.09.19 10:00:34 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Dr. Tax Österreich.lnk ========== Files Created - No Company Name ========== [2012.10.19 08:26:12 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.19 00:44:39 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\PMB-Hilfe.lnk [2012.10.19 00:44:39 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\PMB Launcher.lnk [2012.10.19 00:44:39 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk [2012.10.19 00:44:39 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\PMB.lnk [2012.09.28 22:38:26 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.09.28 22:38:26 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.09.28 01:36:28 | 000,207,748 | ---- | C] () -- C:\Users\MEINNAME\Desktop\prod art br_invoice201200058.pdf [2012.09.19 10:00:34 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Dr. Tax Österreich.lnk [2012.05.03 20:45:59 | 000,000,048 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.03.13 09:21:16 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2012.03.12 21:04:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2011.11.03 19:09:24 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.11.03 19:09:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.11.03 19:09:16 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.10.20 08:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.10.20 08:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.10.19 06:26:32 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.10.19 06:11:04 | 009,431,368 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.12 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\ASUS WebStorage [2012.05.05 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Dropbox [2012.04.18 13:35:17 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\DVDVideoSoft [2012.04.18 13:33:30 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.13 01:22:17 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Garmin [2012.05.25 16:44:06 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Nokia [2012.03.12 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Nuance [2012.05.25 16:42:54 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\PC Suite [2012.03.12 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FEF919E6 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.10.2012 08:59:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MEINNAME\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,93% Memory free
7,81 Gb Paging File | 5,21 Gb Available in Paging File | 66,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,39 Gb Total Space | 11,29 Gb Free Space | 11,84% Space Free | Partition Type: NTFS
Drive D: | 135,08 Gb Total Space | 40,21 Gb Free Space | 29,76% Space Free | Partition Type: NTFS
Computer Name: MEINNAME-ZENBK | User Name: MEINNAME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068B7C79-0948-480A-A3AE-0CAE6804B4AA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{199B9CDD-5E30-4C75-905E-5011D6B22061}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{246C8C58-CEBC-4BBB-A6ED-E74C73245639}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{259B7D30-FE6F-4968-A71C-BB71789DA13E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A9656A4-CC6E-4B27-959C-7231CC950943}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DDA2A40-48D0-44F7-A3E3-618AC7AEEFB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47C41C50-BA55-4442-BA8B-4D6FC5CE64C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D53F8F5-552A-4A2F-9080-2009A13B0DF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CDBD7E2-70FA-4044-84BE-AE1C284DB9C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64CA3F77-76F2-4651-BA87-F443DDF1A24E}" = lport=445 | protocol=6 | dir=in | app=system |
"{71066EF5-D136-45E6-B4D2-7FEFFA760941}" = lport=139 | protocol=6 | dir=in | app=system |
"{728C3760-A594-4DED-8B6E-8DD1C4E77369}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{85D8BB60-07A4-45A4-A1CC-6D0328325B30}" = rport=138 | protocol=17 | dir=out | app=system |
"{95B37FD8-F1B8-446F-A083-22FD31B7FBA5}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B643C5C-BDBD-4B92-B6E8-094D23BB0F11}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4242499-BA97-44F1-AAB1-E86EA72C99AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AB1647B3-0F68-4BF3-AE86-61A2CD277526}" = rport=139 | protocol=6 | dir=out | app=system |
"{AC882C1F-EBF3-48BF-83D5-5954B640008A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B5501158-CB82-4C69-B183-49A998084CF7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9695A5E-7270-4842-B757-30397DB90BB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3E35AC6-5F87-457A-A099-35EBCD8A6A2E}" = rport=445 | protocol=6 | dir=out | app=system |
"{DCB995FB-7A80-4716-9787-77307746E00B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE33A2A2-B909-435A-B560-6FFFF8DDB51C}" = rport=137 | protocol=17 | dir=out | app=system |
"{E83683FB-59A5-4684-BA6F-C078A6AAA5F0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{E99FD857-A97A-4B5F-B722-A56588025368}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDF82658-433C-4DB3-9B79-4239C3B64893}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFA96CE2-C32E-4906-82D6-EBD009D86062}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088E3FBA-364A-4332-A092-0C36A9F52199}" = protocol=6 | dir=out | app=system |
"{209F67F8-9274-4899-AF62-8973792805E9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{396C47E4-344B-43C2-A3EA-51CBBF7EC992}" = protocol=6 | dir=in | app=c:\users\MEINNAME\appdata\roaming\dropbox\bin\dropbox.exe |
"{399FB2B2-F51D-42FA-BE98-EC955A39454D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48502269-1191-4492-A4AD-CF89378BED6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48DC9478-D629-4445-AD67-66F49117C5E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5653C166-ECD6-43C4-BDE6-ADB5D1F145A9}" = protocol=17 | dir=in | app=c:\users\MEINNAME\appdata\roaming\dropbox\bin\dropbox.exe |
"{57F6C0C4-2D41-428C-9782-725985184899}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58629E3E-7D21-4FC5-8B74-2BCCDB9ECEDF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5B88E353-A322-44EC-8887-C358D78CC44D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61BF4E50-629B-4977-A4B7-FCC3DB5422EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67BC62A7-6A47-4254-ACBC-4B84823FC186}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{71C263C5-2A23-44C4-AB37-E42C32C7039C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EDE53B3-0A21-4D42-8620-E623A40AF945}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{823EB92D-41B5-4233-B39D-07380A8CCB2A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{952224B1-6713-44B7-8B01-71A01BD23004}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A6FEEC6-ADA7-4295-9AFA-DB7407AB44DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B191976-389A-4DDA-A6F4-597758464A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9F2E2EA3-BB09-4D41-B4E3-C57E650AEE74}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AEA260DA-C1B8-42A0-A321-FE6C8180D932}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B93D5284-5BE6-468A-A305-F53771D80308}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA26B76B-15A5-47C7-98C2-D62C44DCD57A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE6D9007-C489-4074-AB92-7DD1F3B52E68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6FC0C07-A38A-48CD-9D25-81B536CFE5FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E80B4FEC-98FE-4981-AFD2-E94D0FFAF870}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F2170F26-268E-42E5-A855-2C753E6FC1D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FDD96A5B-D830-49E1-B8D6-3C634B41B339}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{6C0991A4-11C8-454B-807D-D86D0466767F}C:\users\MEINNAME\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\MEINNAME\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{CE202920-4E57-4BED-86F0-EF3782F280E9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{28DD5652-6660-43ED-90BF-89F10489F841}C:\users\MEINNAME\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\MEINNAME\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{343C5510-0B88-4AFB-999F-8D3AB95C564C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety
"{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety
"{4A5AC986-912D-4B40-BF2C-7A159923632D}" = Fresco Logic USB3.0 Host Controller
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5961659-16A2-47A7-BB7B-7B951F2B0BB3}" = PC Connectivity Solution 64-bit components
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Elantech" = ETDWare PS/2-X64 10.5.9.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{07B22FB1-6A1E-41E7-8323-A9CA716026ED}" = bob internet
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0015-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0416-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010
"{90140000-0017-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{6C75963E-0204-4FC1-A602-F55CBC2E81A6}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.pt-br_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OMUI.pt-br_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0416-1000-0000000FF1CE}_Office14.OMUI.pt-br_{FE39121C-B405-4AAA-806C-A99042BE9219}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-002C-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{13291F79-D997-49AD-9F31-5FAEE1F0FCF5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{2134F8C8-2AD8-44EE-B86B-1B577FBD8D0E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0416-0000-0000000FF1CE}" = Microsoft Office O MUI (Portuguese (Brazil)) 2010
"{90140000-0100-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{21FFBBD1-85F0-4734-92DB-A83B47EB8FF2}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0416-0000-0000000FF1CE}" = Microsoft Office X MUI (Portuguese (Brazil)) 2010
"{90140000-0101-0416-0000-0000000FF1CE}_Office14.OMUI.pt-br_{28050685-4D52-4E3A-BA9E-36DA4119115D}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2DB883F-1AF3-4BE6-BE04-710D9C556C44}" = ASUS PowerWiz
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}" = ASUS PWR Option
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AnyDVD" = AnyDVD
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"avast" = avast! Free Antivirus
"bob internet" = bob internet
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"DrTaxATInstaller2" = Dr. Tax Österreich
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.19.412
"Game Park Console" = Game Park Console
"Google Chrome" = Google Chrome
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"Intel AppUp(SM) center 36118" = Intel AppUp(SM) center
"LinkedIn Outlook Connector" = LinkedIn Outlook Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Office14.OMUI.pt-br" = Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil)
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.09.2012 13:00:01 | Computer Name = MEINNAME-Zenbk | Source = Windows Backup | ID = 4103
Description =
Error - 18.09.2012 14:28:19 | Computer Name = MEINNAME-Zenbk | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2970 Startzeit: 01cd95cac07987e5 Endzeit: 55 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 24.09.2012 02:22:41 | Computer Name = MEINNAME-Zenbk | Source = Windows Backup | ID = 4103
Description =
Error - 30.09.2012 13:00:00 | Computer Name = MEINNAME-Zenbk | Source = Windows Backup | ID = 4103
Description =
Error - 07.10.2012 13:00:00 | Computer Name = MEINNAME-Zenbk | Source = Windows Backup | ID = 4103
Description =
Error - 15.10.2012 02:33:36 | Computer Name = MEINNAME-Zenbk | Source = Windows Backup | ID = 4103
Description =
Error - 15.10.2012 05:37:32 | Computer Name = MEINNAME-Zenbk | Source = Outlook | ID = 27
Description = MAPISendMail: Failed to submit message. Attachments to the message
exceeded the size limit set by your Administrator.
Error - 15.10.2012 05:37:50 | Computer Name = MEINNAME-Zenbk | Source = Outlook | ID = 27
Description = MAPISendMail: Failed to submit message. Attachments to the message
exceeded the size limit set by your Administrator.
Error - 15.10.2012 05:38:28 | Computer Name = MEINNAME-Zenbk | Source = Outlook | ID = 27
Description = MAPISendMail: Failed to submit message. Attachments to the message
exceeded the size limit set by your Administrator.
Error - 15.10.2012 05:39:13 | Computer Name = MEINNAME-Zenbk | Source = Outlook | ID = 27
Description = MAPISendMail: Failed to submit message. Attachments to the message
exceeded the size limit set by your Administrator.
Error - 16.10.2012 14:15:31 | Computer Name = MEINNAME-Zenbk | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1adc Startzeit: 01cdabb42b99e72a Endzeit: 35 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
[ Media Center Events ]
Error - 27.08.2012 01:49:39 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 07:49:18 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 27.08.2012 01:50:21 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 07:50:00 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 27.08.2012 01:50:43 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 07:50:42 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 27.08.2012 02:50:49 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 08:50:49 - Fehler beim Herstellen der Internetverbindung. 08:50:49
- Serververbindung konnte nicht hergestellt werden..
Error - 27.08.2012 02:50:56 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 08:50:54 - Fehler beim Herstellen der Internetverbindung. 08:50:54
- Serververbindung konnte nicht hergestellt werden..
Error - 02.09.2012 06:55:27 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 12:55:27 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 02.09.2012 06:56:30 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 12:56:09 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 02.09.2012 06:56:54 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 12:56:51 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 06.10.2012 05:45:45 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 11:45:45 - Fehler beim Herstellen der Internetverbindung. 11:45:45
- Serververbindung konnte nicht hergestellt werden..
Error - 06.10.2012 05:45:52 | Computer Name = MEINNAME-Zenbk | Source = MCUpdate | ID = 0
Description = 11:45:50 - Fehler beim Herstellen der Internetverbindung. 11:45:50
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 20.08.2012 18:11:07 | Computer Name = MEINNAME-Zenbk | Source = bowser | ID = 8003
Description =
Error - 20.08.2012 18:23:08 | Computer Name = MEINNAME-Zenbk | Source = bowser | ID = 8003
Description =
Error - 20.08.2012 18:35:16 | Computer Name = MEINNAME-Zenbk | Source = bowser | ID = 8003
Description =
Error - 21.08.2012 03:34:39 | Computer Name = MEINNAME-Zenbk | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 193.208.12.209 registriert werden. Der Computer mit IP-Adresse 193.208.12.236
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 21.08.2012 03:39:49 | Computer Name = MEINNAME-Zenbk | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 193.208.12.209 registriert werden. Der Computer mit IP-Adresse 193.208.12.236
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 21.08.2012 03:56:16 | Computer Name = MEINNAME-Zenbk | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 21.08.2012 15:58:25 | Computer Name = MEINNAME-Zenbk | Source = bowser | ID = 8003
Description =
Error - 21.08.2012 22:36:19 | Computer Name = MEINNAME-Zenbk | Source = bowser | ID = 8003
Description =
Error - 22.08.2012 11:30:10 | Computer Name = MEINNAME-Zenbk | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 22.08.2012 11:48:04 | Computer Name = MEINNAME-Zenbk | Source = BROWSER | ID = 8032
Description =
< End of report >
|
|
19.10.2012, 16:59
| #6 |
| | Virus/Trojaner: Java:Malware-gen[Trj]Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 22.03.2012 3.1.0.4880 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 29.12.2011 10.0.32.18 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.10.2012 6,00MB 11.4.402.287 Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 16.08.2012 122MB 10.1.4 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 12.03.2012 11.6.4.634 Adobe SVG Viewer 3.0 Adobe Systems, Inc. 13.03.2012 3.0 AnyDVD SlySoft 03.05.2012 7.0.4.0 Ask Toolbar Ask.com 29.08.2012 4,82MB 1.15.2.0 Ask Toolbar Updater Ask.com 29.08.2012 1.2.1.23037 ASUS AI Recovery ASUS 22.03.2012 9,10MB 1.0.24 ASUS FaceLogon ASUS 05.05.2012 11,9MB 1.0.0014 ASUS LifeFrame3 ASUS 05.05.2012 37,7MB 3.0.29 ASUS Live Update ASUS 17.09.2012 6,81MB 3.1.9 ASUS Power4Gear Hybrid ASUS 05.05.2012 16,4MB 1.2.1 ASUS PowerWiz ASUS 17.03.2012 6,90MB 1.0.6 ASUS PWR Option ASUS 22.03.2012 14,3MB 1.0.9 ASUS Secure Delete ASUS 17.03.2012 6,39MB 1.00.0009 ASUS Tutor ASUS 17.03.2012 20,0MB 1.0.2 ASUS USB Charger Plus ASUS 05.05.2012 6,97MB 2.0.8 ASUS WebStorage eCareme Technologies, Inc. 29.12.2011 3.0.108.222 AsusVibe2.0 ASUSTEK 29.12.2011 2.0.7.142 ATK Package ASUS 05.05.2012 13,0MB 1.0.0015 avast! Free Antivirus AVAST Software 25.08.2012 7.0.1466.0 AX88772B Windows 7 Drivers ASIX Electronics Corporation 28.12.2011 5,52MB 1.0.1.1 Bing Bar Microsoft Corporation 18.10.2011 24,4MB 7.0.610.0 Bluetooth Win7 Suite (64) Atheros Communications 28.12.2011 119MB 7.4.0.90 bob internet A1 Telekom Austria AG 02.04.2012 38,4MB 1.9.0.0 Bubbletown Oberon Media 29.12.2011 CCleaner Piriform 24.09.2012 3.23 CloneDVD2 Elaborate Bytes 03.05.2012 2.9.3.0 CloneDVDmobile SlySoft 03.05.2012 1.8.0.0 Control ActiveX de Windows Live Mesh para conexiones remotas Microsoft Corporation 18.10.2011 5,37MB 15.4.5722.2 Controlo ActiveX do Windows Live Mesh para Ligações Remotas Microsoft Corporation 18.10.2011 5,38MB 15.4.5722.2 Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 18.10.2011 5,37MB 15.4.5722.2 Deadtime Stories Oberon Media 29.12.2011 Dr. Tax Österreich Ringler Informatik AG 19.09.2012 1.2.9 Dream Day First Home Oberon Media 29.12.2011 Dream Vacation Solitaire Oberon Media 29.12.2011 Dropbox Dropbox, Inc. 03.05.2012 1.4.0 ETDWare PS/2-X64 10.5.9.0 ELAN Microelectronic Corp. 05.05.2012 10.5.9.0 Farm Frenzy 3 - Madagascar Oberon Media 29.12.2011 Free YouTube to iPod Converter version 3.10.19.412 DVDVideoSoft Ltd. 18.04.2012 76,0MB 3.10.19.412 Fresco Logic USB3.0 Host Controller Fresco Logic Inc. 05.05.2012 5,06MB 3.5.30.0 Galapago Oberon Media 29.12.2011 Game Park Console Oberon Media Inc. 29.12.2011 1.2.4.431 Garmin Communicator Plugin x64 Garmin Ltd or its subsidiaries 13.08.2012 22,7MB 4.0.3 Garmin Lifetime Updater Garmin 13.08.2012 43,0MB 2.1.11 Garmin USB Drivers Garmin Ltd or its subsidiaries 12.08.2012 573KB 2.3.1.0 Garmin WebUpdater Garmin Ltd or its subsidiaries 12.08.2012 15,7MB 2.5.6 Go Go Gourmet Chef of the Year Oberon Media 29.12.2011 Google Chrome Google Inc. 12.03.2012 22.0.1229.94 Google Toolbar for Internet Explorer Google Inc. 24.09.2012 7.4.3230.2052 InstantOn for NB ASUS 05.05.2012 6,87MB 2.2.0 Intel AppUp(SM) center Notebooksbilliger 22.03.2012 36118 Intel(R) Control Center Intel Corporation 29.12.2011 1.2.1.1007 Intel(R) Management Engine Components Intel Corporation 29.12.2011 7.0.0.1144 Intel(R) Processor Graphics Intel Corporation 17.03.2012 8.15.10.2559 Intel(R) Turbo Boost Technology Monitor 2.0 Intel 28.12.2011 11,7MB 2.1.23.0 Java(TM) 6 Update 35 Oracle 28.08.2012 95,6MB 6.0.350 LinkedIn Outlook Connector LinkedIn 07.04.2012 1.1.10.0 Mahjong Memoirs Oberon Media 29.12.2011 Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 19.10.2012 19,4MB 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.10.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 19.10.2011 51,9MB 4.0.30319 Microsoft Office Home and Business 2010 Microsoft Corporation 15.03.2012 14.0.6029.1000 Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) Microsoft Corporation 16.03.2012 14.0.6029.1000 Microsoft Office Outlook Connector Microsoft Corporation 13.07.2012 3,38MB 14.0.6123.5001 Microsoft Outlook Social Connector Provider for Facebook 32-bit Microsoft Corporation 07.04.2012 218KB 14.0.6114.5003 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Corporation 28.06.2012 1,38MB 14.0.5120.5000 Microsoft Silverlight Microsoft Corporation 21.05.2012 50,6MB 5.1.10411.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 18.10.2011 1,69MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13.03.2012 290KB 8.0.61001 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 13.03.2012 562KB 8.0.61000 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 28.12.2011 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 13.03.2012 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.12.2011 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 15.03.2012 222KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 13.03.2012 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 29.03.2012 4,53MB 10.0.30319 Nuance PDF Reader Nuance Communications, Inc. 18.10.2011 47,8MB 6.00.0041 PDF24 Creator 4.9.0 PDF24.org 28.09.2012 33,9MB Plants vs Zombies Oberon Media 29.12.2011 PMB Sony Corporation 19.10.2012 260MB 5.2.00.03250 Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 17.03.2012 9.2 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.05.2012 6.0.1.6577 Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 28.12.2011 6.1.7600.10010 Skype Click to Call Skype Technologies S.A. 08.06.2012 10,6MB 5.10.9560 Skype™ 5.10 Skype Technologies S.A. 19.07.2012 19,4MB 5.10.116 Trend Micro Titanium Internet Security Trend Micro Inc. 18.10.2011 210MB 3.0 Turbo Fiesta Oberon Media 29.12.2011 VLC media player 2.0.1 VideoLAN 20.03.2012 2.0.1 Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Garmin 12.08.2012 04/19/2012 2.3.1.0 Windows Live Essentials Microsoft Corporation 28.06.2012 15.4.3555.0308 Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 18.10.2011 5,37MB 15.4.5722.2 Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 18.10.2011 5,37MB 15.4.5722.2 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 18.10.2011 5,38MB 15.4.5722.2 WinFlash ASUS 02.05.2012 881KB 2.41.0 Wireless Console 3 ASUS 05.05.2012 9,11MB 3.0.27 World of Goo Oberon Media 29.12.2011 Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις Microsoft Corporation 18.10.2011 5,38MB 15.4.5722.2 Элемент управления Windows Live Mesh ActiveX для удаленных подключений Microsoft Corporation 18.10.2011 5,37MB 15.4.5722.2 פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים Microsoft Corporation 18.10.2011 5,37MB 15.4.5722.2 عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة Microsoft Corporation 18.10.2011 5,37MB 15.4.5722.2 適用遠端連線的 Windows Live Mesh ActiveX 控制項 Microsoft Corporation 18.10.2011 5,56MB 15.4.5722.2 |
|
21.10.2012, 10:34
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Trojaner: Java:Malware-gen[Trj] Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.10.2012, 11:38
| #8 |
| | Virus/Trojaner: Java:Malware-gen[Trj] Nein ich habe mir Malwarebytes erst jetzt runtergeladen, es gibt keine vorherigen Scans. |
|
21.10.2012, 12:41
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Trojaner: Java:Malware-gen[Trj]ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 19:51
| #10 |
| | Virus/Trojaner: Java:Malware-gen[Trj]Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
|
|
23.10.2012, 15:47
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Trojaner: Java:Malware-gen[Trj] ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2012, 22:22
| #12 |
| | Virus/Trojaner: Java:Malware-gen[Trj] Jetzt habe ich immer Malwarebytes-Bockierungen einer ausgehenden Verbindung beim Hochfahren des Computer, dies Logs von heute sind z.B.: Code:
ATTFilter 2012/10/24 15:40:56 +0200 MATTHIAS-ZENBK Matthias MESSAGE Starting protection
2012/10/24 15:40:56 +0200 MEINNAME-ZENBK Meinname MESSAGE Protection started successfully
2012/10/24 15:40:56 +0200 MEINNAME-ZENBK Meinname MESSAGE Starting IP protection
2012/10/24 15:41:03 +0200 MEINNAME-ZENBK Meinname MESSAGE IP Protection started successfully
2012/10/24 17:01:29 +0200 MEINNAME-ZENBK Meinname IP-BLOCK 89.28.47.73 (Type: outgoing, Port: 44017, Process: skype.exe)
2012/10/24 23:17:41 +0200 MEINNAME-ZENBK Meinname IP-BLOCK 89.28.105.180 (Type: outgoing, Port: 49892, Process: skype.exe)
2012/10/24 23:17:41 +0200 MEINNAME-ZENBK Meinname IP-BLOCK 89.28.105.180 (Type: outgoing, Port: 49893, Process: skype.exe)
2012/10/24 23:17:41 +0200 MEINNAME-ZENBK Meinname IP-BLOCK 89.28.105.180 (Type: outgoing, Port: 49894, Process: skype.exe)
2012/10/24 23:17:41 +0200 MEINNAME-ZENBK Meinname IP-BLOCK 89.28.105.180 (Type: outgoing, Port: 49896, Process: avastsvc.exe)
2012/10/24 23:18:29 +0200 MEINNAME-ZENBK Meinname IP-BLOCK 89.28.105.180 (Type: outgoing, Port: 49920, Process: skype.exe)
2012/10/24 23:18:29 +0200 MEINNAME-ZENBK Meinname IP-BLOCK 89.28.105.180 (Type: outgoing, Port: 49922, Process: skype.exe)
2012/10/24 23:18:29 +0200 MEINNAME-ZENBK Meinname IP-BLOCK 89.28.105.180 (Type: outgoing, Port: 49923, Process: skype.exe)
2012/10/24 23:18:37 +0200 MEINNAME-ZENBK Meinname IP-BLOCK 89.28.105.180 (Type: outgoing, Port: 49925, Process: avastsvc.exe)
|
|
25.10.2012, 10:25
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Trojaner: Java:Malware-gen[Trj] Ok, ich schlage vor, wir machen ESET ganz zum Schluss als Komtrollscan nochmal. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus/Trojaner: Java:Malware-gen[Trj] |
| anlage, antivirus, appdata, avast, avira, cache, ccleaner, durchgeführt, e-banking, ergebnis, ersetzt, folge, folgendes, free, herzlichen, hinweis, installieren, installierte, java, laptop, log, malwarebytes, namen, nicht installiert, online-banking, programme, rojaner gefunden, system, verhalten |
![Virus/Trojaner: Java:Malware-gen[Trj]](iconimages/log-analyse-auswertung/virus-trojaner-java-malware-gen-trj_ltr.gif)
Linear-Darstellung
