| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.12.2012, 19:19
| #1 | ||
 |  GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Hi liebes Trojaner-Board! Ich bin neu hier aber ich werd mir Mühe geben ein angenehmer Neuling zu sein  Ich hab auf meinem Rechner gestern so einen GVU-Trojaner gefunden. Hat mir alles gesperrt, aber ich konnte noch das Benutzerkonto wechseln. Vom anderen Konto aus hab ich Malwarebytes drüber gehaun und schwupps wars auf dem anderen Konto wieder weg. Das erschien mir alles zu einfach und deshalb fänd ichs toll wenn mal wer, der ein wenig mehr Ahnung hat als ich sich das ansehen könnte. Danke im Vorraus Habe nachdem ich hier im Forum ein bischen was über diesen Trojaner gelesen habe, aswMBR drüber laufen lassen, habe aber nichts gefixt. Hier der Log: Zitat:
Zitat:
Hoffe ihr könnt mir helfen lg Benni PS: und wenn mir jemand sagen könnte wie ich die logs in so kleine ausfahrbare Boxen packen kann wär ich super dankbar  Geändert von Benkhk (12.12.2012 um 19:24 Uhr) |
|
13.12.2012, 16:25
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Hallo und
__________________ Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
13.12.2012, 18:33
| #3 |
| | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Hallo Cosinus!
__________________Danke für die schnelle Antwort Hier der Log von der Malwarebytes Suche Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.11.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Caro :: CAROSPC [administrator] 11.12.2012 23:42:29 mbam-log-2012-12-11 (23-42-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231880 Time elapsed: 4 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\Benni\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Benni\Downloads\SWTOR_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Benni\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Delete on reboot. C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully. (end) Lg Benni Lg Benni |
|
13.12.2012, 19:26
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.12.2012, 21:20
| #5 |
| | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Ich hab noch mal Avira laufen lassen: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 13. Dezember 2012 18:34
Es wird nach 4556363 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Benni
Computername : CAROSPC
Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 19:11:46
AVSCAN.DLL : 12.1.0.18 65744 Bytes 15.02.2012 19:11:45
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 19:11:46
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 19:18:17
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 00:31:09
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 00:00:11
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 23:15:22
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:26:27
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:59:44
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 09:36:46
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 15:36:21
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 15:36:21
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 15:36:21
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 15:36:21
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 15:36:22
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 15:36:22
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 15:36:22
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 15:36:24
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 10:02:06
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 22:21:17
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 19:36:44
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 22:15:33
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 09:45:11
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 18:56:08
VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 23:51:57
VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 17:10:47
VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 17:10:47
VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 16:21:54
VBASE025.VDF : 7.11.53.170 2048 Bytes 12.12.2012 16:21:54
VBASE026.VDF : 7.11.53.171 2048 Bytes 12.12.2012 16:21:54
VBASE027.VDF : 7.11.53.172 2048 Bytes 12.12.2012 16:21:54
VBASE028.VDF : 7.11.53.173 2048 Bytes 12.12.2012 16:21:54
VBASE029.VDF : 7.11.53.174 2048 Bytes 12.12.2012 16:21:54
VBASE030.VDF : 7.11.53.175 2048 Bytes 12.12.2012 16:21:54
VBASE031.VDF : 7.11.53.190 18432 Bytes 12.12.2012 20:49:32
Engineversion : 8.2.10.216
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 15:03:58
AESCRIPT.DLL : 8.1.4.72 467323 Bytes 07.12.2012 18:56:10
AESCN.DLL : 8.1.9.4 131445 Bytes 18.11.2012 14:30:52
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 00:12:12
AERDL.DLL : 8.2.0.74 643445 Bytes 12.11.2012 19:47:42
AEPACK.DLL : 8.3.0.40 815479 Bytes 12.11.2012 19:47:34
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 07.11.2012 04:24:10
AEHEUR.DLL : 8.1.4.160 5624184 Bytes 07.12.2012 18:56:09
AEHELP.DLL : 8.1.25.2 258423 Bytes 25.10.2012 22:44:13
AEGEN.DLL : 8.1.6.10 438646 Bytes 18.11.2012 14:30:35
AEEXP.DLL : 8.2.0.18 123253 Bytes 07.12.2012 18:56:10
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 15:03:55
AECORE.DLL : 8.1.29.2 201079 Bytes 12.11.2012 19:46:19
AEBB.DLL : 8.1.1.4 53619 Bytes 07.11.2012 04:23:51
AVWINLL.DLL : 12.1.0.17 27344 Bytes 15.12.2011 13:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 15.12.2011 13:59:38
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 19:18:17
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 19:11:45
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 15.12.2011 13:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 15.12.2011 13:59:50
AVSMTP.DLL : 12.1.0.17 62928 Bytes 15.12.2011 13:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 15.12.2011 13:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 15.12.2011 13:59:58
RCTEXT.DLL : 12.1.0.16 98512 Bytes 15.12.2011 13:59:59
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Donnerstag, 13. Dezember 2012 18:34
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxdnMsdMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CMAWatcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CMA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ezprint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxdnmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2491' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\D\91\D99C9d01
[FUND] Enthält Erkennungsmuster des Exploits EXP/JS.Expack.CW
Beginne mit der Suche in 'D:\' <Data>
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Desinfektion:
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\D\91\D99C9d01
[FUND] Enthält Erkennungsmuster des Exploits EXP/JS.Expack.CW
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '549197ab.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 13. Dezember 2012 21:17
Benötigte Zeit: 1:18:16 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
40524 Verzeichnisse wurden überprüft
843664 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
843663 Dateien ohne Befall
12531 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Lg Benni |
|
14.12.2012, 09:36
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... |
|
14.12.2012, 14:18
| #7 |
| | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... So... hab combofix laufen lassen: Combofix Logfile: Code:
ATTFilter ComboFix 12-12-14.01 - Benni 14.12.2012 14:01:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3949.2412 [GMT 1:00]
ausgeführt von:: c:\users\Benni\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-14 bis 2012-12-14 ))))))))))))))))))))))))))))))
.
.
2012-12-14 13:09 . 2012-12-14 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-14 13:09 . 2012-12-14 13:09 -------- d-----w- c:\users\Caro\AppData\Local\temp
2012-12-13 20:27 . 2012-12-13 20:27 -------- d-----w- c:\users\Caro\AppData\Local\Macromedia
2012-12-13 11:46 . 2012-12-13 11:46 -------- d-----w- c:\users\Benni\AppData\Local\Macromedia
2012-12-13 11:43 . 2012-12-13 11:43 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 15:37 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 15:36 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 15:36 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 15:36 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 15:36 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 15:36 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 15:36 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-11 22:48 . 2012-12-11 22:48 -------- d-----w- c:\users\Caro\AppData\Roaming\CyberLink
2012-12-11 22:48 . 2012-12-11 22:48 -------- d-----w- c:\users\Public\CyberLink
2012-12-11 22:42 . 2012-12-11 22:42 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
2012-11-27 14:55 . 2012-11-27 14:55 -------- d-----w- c:\users\Benni\AppData\Local\Chromium
2012-11-17 21:57 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-17 21:57 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 21:57 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 21:57 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-17 14:31 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 14:31 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 14:31 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-17 14:31 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-17 14:31 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-17 14:31 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 14:31 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 18:45 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 18:45 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 11:43 . 2011-07-27 01:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:56 . 2011-07-14 20:19 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 10:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-12 15:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-29 18:54 . 2011-07-15 01:29 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-07 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"lxdnmon.exe"="c:\program files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"lxdnamon"="c:\program files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe" [2010-02-04 16040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Inhaltsmanager-Assistent für PlayStation(R).lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-7-23 2796000]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2011-09-07 70016]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-11 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"EzPrint"="c:\program files (x86)\Lexmark 2600 Series\ezprint.exe" [2010-02-04 107176]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\8xaak6hx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-14 14:13:39
ComboFix-quarantined-files.txt 2012-12-14 13:13
.
Vor Suchlauf: 14 Verzeichnis(se), 38.938.091.520 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 39.083.048.960 Bytes frei
.
- - End Of File - - C2FB7F88821F14E7006C43D679109A18
Vielen Dank schon mal für deine Zeit Du bist ne große Hilfe!Lg Benni |
|
14.12.2012, 15:06
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2012, 16:43
| #9 |
| | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Gut, hab ich gemacht, hier das Logfile: Code:
ATTFilter # AdwCleaner v2.100 - Datei am 14/12/2012 um 16:41:43 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Benni - CAROSPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Benni\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin-2.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Benni\AppData\LocalLow\AskToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\prefs.js
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=");
Profilname : default
Datei : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\8xaak6hx.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1788 octets] - [14/12/2012 16:41:43]
########## EOF - C:\AdwCleaner[R1].txt - [1848 octets] ##########
Benni |
|
16.12.2012, 14:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.12.2012, 21:34
| #11 |
| | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Hallo nochmal Danke das du mir so regelmäßig hilfst! Das Logfile von adwcleaner: Code:
ATTFilter # AdwCleaner v2.101 - Datei am 16/12/2012 um 21:10:15 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Benni - CAROSPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Benni\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin-2.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Benni\AppData\LocalLow\AskToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\prefs.js
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=");
Profilname : default
Datei : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\8xaak6hx.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1790 octets] - [16/12/2012 21:10:15]
########## EOF - C:\AdwCleaner[S1].txt - [1850 octets] ##########
Code:
ATTFilter OTL logfile created on: 12/16/2012 9:13:46 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benni\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.57% Memory free 7.71 Gb Paging File | 6.29 Gb Available in Paging File | 81.52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 35.30 Gb Free Space | 30.32% Space Free | Partition Type: NTFS Drive D: | 327.83 Gb Total Space | 195.70 Gb Free Space | 59.70% Space Free | Partition Type: NTFS Computer Name: CAROSPC | User Name: Benni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Benni\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.) PRC - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\384ca76c4a02cf94dd8f4b2ef89d2ebf\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\474914b7c8b9b5056943488991a57edc\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\391c954f32c93ef679256ecdf316f6fe\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ea10f3231995d893967a191b9d19805\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\10dca0c97b8703d895d026e645b6a1bc\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.core.dll () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.common.dll () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll () MOD - C:\Program Files (x86)\Lexmark 2600 Series\iptk.dll () ========== Services (SafeList) ========== SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( ) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (lxdn_device) -- C:\Windows\SysWOW64\lxdncoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla\components [2012/12/09 00:52:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla\plugins [2012/12/12 17:17:13 | 000,000,000 | ---D | M] [2011/07/15 00:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions [2012/10/25 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\8xaak6hx.default\extensions O1 HOSTS File: ([2012/12/14 14:11:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe () O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [lxdnamon] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe () O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe () O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.6.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12D72C37-AC43-4CDA-9E43-FD15DEA838A2}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3301EAF3-F98D-4520-BB18-7BE343A023D4}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/16 21:03:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe [2012/12/15 00:01:51 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2012/12/14 23:59:28 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncobjapi.dll [2012/12/14 23:59:28 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncobjapi.dll [2012/12/14 23:59:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Register-CimProvider.exe [2012/12/14 23:59:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Register-CimProvider.exe [2012/12/14 23:59:16 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe [2012/12/14 23:59:16 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll [2012/12/14 23:59:16 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll [2012/12/14 23:59:15 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll [2012/12/14 23:59:15 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe [2012/12/14 23:59:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll [2012/12/14 23:59:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll [2012/12/14 23:59:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe [2012/12/14 23:59:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll [2012/12/14 23:59:15 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe [2012/12/14 23:59:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe [2012/12/14 23:59:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe [2012/12/14 23:59:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll [2012/12/14 23:59:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll [2012/12/14 23:59:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll [2012/12/14 23:59:11 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prvdmofcomp.dll [2012/12/14 23:59:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll [2012/12/14 23:59:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll [2012/12/14 23:59:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSModuleDiscoveryProvider.dll [2012/12/14 23:59:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAgent.dll [2012/12/14 23:59:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mi.dll [2012/12/14 23:59:10 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll [2012/12/14 23:59:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mi.dll [2012/12/14 23:59:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prvdmofcomp.dll [2012/12/14 23:59:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PSModuleDiscoveryProvider.dll [2012/12/14 23:59:10 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe [2012/12/14 23:59:10 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe [2012/12/14 23:59:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe [2012/12/14 23:59:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe [2012/12/14 23:59:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAgent.dll [2012/12/14 23:59:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll [2012/12/14 23:59:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll [2012/12/14 23:59:09 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll [2012/12/14 23:59:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll [2012/12/14 23:59:07 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmidcom.dll [2012/12/14 23:59:07 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmitomi.dll [2012/12/14 23:59:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmidcom.dll [2012/12/14 23:59:06 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll [2012/12/14 23:59:06 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll [2012/12/14 23:59:06 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll [2012/12/14 23:59:06 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll [2012/12/14 23:59:06 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\miutils.dll [2012/12/14 23:59:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmitomi.dll [2012/12/14 23:59:06 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll [2012/12/14 23:59:06 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll [2012/12/14 23:59:06 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\miutils.dll [2012/12/14 23:59:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll [2012/12/14 23:59:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll [2012/12/14 23:59:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmGCDeps.dll [2012/12/14 23:59:05 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmGCDeps.dll [2012/12/14 23:59:05 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn2.dll [2012/12/14 23:59:05 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemcomn2.dll [2012/12/14 23:59:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll [2012/12/14 23:59:05 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll [2012/12/14 23:58:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/12/14 23:58:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/12/14 23:58:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012/12/14 23:58:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012/12/14 23:58:27 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012/12/14 23:58:24 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012/12/14 23:58:24 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012/12/14 23:58:24 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012/12/14 23:58:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012/12/14 23:58:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012/12/14 23:58:24 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012/12/14 23:58:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012/12/14 23:58:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012/12/14 23:58:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012/12/14 23:58:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012/12/14 23:58:23 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/12/14 23:58:23 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012/12/14 23:58:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012/12/14 23:58:23 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012/12/14 23:58:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012/12/14 23:58:22 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/12/14 23:58:22 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/12/14 23:58:22 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012/12/14 23:58:22 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/12/14 23:57:40 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/12/14 23:57:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/12/14 23:57:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012/12/14 23:57:38 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012/12/14 16:41:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/12/14 14:13:41 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/12/14 13:58:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/14 13:58:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/14 13:58:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/14 13:58:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/14 13:58:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/13 12:46:44 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Macromedia [2012/12/13 12:43:23 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/12 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Neuer Ordner [2012/12/12 17:17:01 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/12/12 16:55:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/12 16:55:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/12 16:55:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/12 16:55:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/12 16:55:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/12 16:55:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/12 16:55:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/12 16:55:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/12 16:55:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/12 16:55:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/12 16:55:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/12 16:55:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/12 16:55:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/12 16:55:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/12 16:55:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/12 16:37:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/12 16:37:08 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/12 16:37:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/12 16:37:08 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/12 16:37:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/12 16:37:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/12 16:37:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/12 16:37:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/12 16:37:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/12 16:37:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/12 16:37:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/12 16:37:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/12 16:37:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/12 16:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/12 16:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 16:37:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/12 16:37:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/12 16:36:47 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/12 16:36:47 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/12 16:36:46 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/12 16:36:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/12 16:36:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/12 16:36:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/12 00:11:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Benni\Desktop\TDSSKiller.exe [2012/12/12 00:10:44 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Benni\Desktop\aswMBR.exe [2012/11/30 05:00:08 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Daten [2012/11/27 15:55:41 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Chromium [2012/11/17 22:57:23 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/17 22:57:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/17 15:31:39 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/17 15:31:37 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/17 15:31:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/17 15:31:36 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/16 21:17:32 | 001,642,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/16 21:17:32 | 000,707,566 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/12/16 21:17:32 | 000,661,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/16 21:17:32 | 000,153,126 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/12/16 21:17:32 | 000,125,334 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/16 21:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/16 21:11:10 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys [2012/12/16 21:05:14 | 000,547,175 | ---- | M] () -- C:\Users\Benni\Desktop\adwcleaner.exe [2012/12/16 21:03:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe [2012/12/15 12:03:29 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/15 12:03:29 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/14 14:11:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/12/13 20:10:36 | 000,002,096 | ---- | M] () -- C:\Users\Benni\Desktop\Avira Free Antivirus Profil Aktive Prozesse.LNK [2012/12/13 12:43:23 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/13 12:43:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/12 18:57:28 | 000,000,512 | ---- | M] () -- C:\Users\Benni\Desktop\MBR.dat [2012/12/12 17:31:03 | 000,327,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/12 00:11:17 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Benni\Desktop\aswMBR.exe [2012/11/30 04:58:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/16 21:05:14 | 000,547,175 | ---- | C] () -- C:\Users\Benni\Desktop\adwcleaner.exe [2012/12/14 23:59:16 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2012/12/14 23:59:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2012/12/14 23:59:14 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2012/12/14 23:59:12 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof [2012/12/14 23:59:07 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2012/12/14 13:58:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/14 13:58:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/14 13:58:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/14 13:58:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/14 13:58:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/13 20:10:36 | 000,002,096 | ---- | C] () -- C:\Users\Benni\Desktop\Avira Free Antivirus Profil Aktive Prozesse.LNK [2012/12/12 18:21:30 | 000,000,512 | ---- | C] () -- C:\Users\Benni\Desktop\MBR.dat [2012/11/17 22:57:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/17 15:31:36 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/05/12 01:19:31 | 000,011,304 | ---- | C] () -- C:\Users\Benni\gsview64.ini [2012/04/24 08:44:38 | 004,384,590 | ---- | C] () -- C:\Users\Benni\24.04.2012 09;44;30.BMP [2012/04/24 08:44:30 | 004,380,654 | ---- | C] () -- C:\Users\Benni\24.04.2012 09;44;00.BMP [2012/04/24 08:27:59 | 000,064,200 | ---- | C] () -- C:\Users\Benni\studbeschUDE.pdf [2012/04/24 08:26:55 | 000,114,484 | ---- | C] () -- C:\Users\Benni\Dispo Julia.pdf [2012/04/24 08:26:55 | 000,111,899 | ---- | C] () -- C:\Users\Benni\OBV Julia.pdf [2012/04/24 08:26:55 | 000,071,373 | ---- | C] () -- C:\Users\Benni\Schufa Julia.pdf [2012/03/21 23:22:08 | 000,000,297 | -H-- | C] () -- C:\ProgramData\wb764821reg.bin [2012/02/04 18:21:04 | 000,150,806 | ---- | C] () -- C:\Users\Benni\charakterblatt.pdf [2012/01/30 10:33:40 | 000,027,124 | ---- | C] () -- C:\Users\Benni\Abschlussklausuren_WiSe_11_12_Stand_20_01_2012.pdf [2011/12/21 08:10:27 | 000,000,093 | ---- | C] () -- C:\Users\Benni\AppData\Local\fusioncache.dat [2011/12/21 08:09:29 | 001,620,114 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/07/25 13:04:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011/07/25 13:04:13 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2011/07/15 00:05:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/07/14 19:53:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011/07/14 19:17:27 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll [2011/07/14 19:17:26 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll [2011/07/14 19:17:26 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll [2011/07/14 19:17:26 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll [2011/07/14 19:17:26 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll [2011/07/14 19:17:25 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll [2011/07/14 19:17:25 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll [2011/07/14 19:17:25 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll [2011/07/14 19:17:24 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll [2011/07/14 19:17:24 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll [2011/07/14 19:17:24 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe [2011/07/14 19:17:23 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll [2011/07/14 19:17:23 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe [2011/07/14 19:17:23 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll [2011/07/14 19:17:22 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe [2011/07/14 18:06:16 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011/02/17 02:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/02/17 02:16:37 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 12/16/2012 9:13:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benni\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.57% Memory free
7.71 Gb Paging File | 6.29 Gb Available in Paging File | 81.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 35.30 Gb Free Space | 30.32% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 195.70 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
Computer Name: CAROSPC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030EDBDD-A010-4B7B-A58D-7BE1047F7495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{03267E6B-C575-4281-893B-972B7D637BEC}" = lport=445 | protocol=6 | dir=in | app=system |
"{0A59AE65-FF01-4831-B6DD-565CC9EA5502}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CC5FF0A-E7F4-4336-9243-23BA5DE83434}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24CC9489-2617-4DCA-A0F6-77E3985F65FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{298BBABA-E552-478C-9BB5-9317098CFB7D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29C441CE-947C-4B04-BFF9-A7E5C6390C95}" = rport=137 | protocol=17 | dir=out | app=system |
"{2BC21A29-F3C3-4225-BEE1-4ADF1F26C464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E334304-5E2F-4EF2-8C32-BC7CAA90A50A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{45399A07-9F26-431D-9725-C4351D9529A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{48EE7934-9F80-4564-A748-BF6B06EE0BE1}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{4ED58E37-E8A7-4CE7-BB9F-424A2EB3EDAB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5A5DD1D1-C49A-48E0-B797-08B5A5673007}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5F7CBE69-CB86-4399-B2B1-F5F72A429E93}" = lport=6112 | protocol=6 | dir=in | name=guild wars port |
"{61112CC9-B530-4C16-9EED-381C8310B2C3}" = lport=80 | protocol=6 | dir=in | name=guild wars port 2 |
"{6312EFAB-FEDD-4A84-9DDB-0E4887C4CA4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63902689-266B-4135-B33A-B87C78866230}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{84898C70-E6E1-4A7B-967B-F4DEB609A3DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8BC2417A-EA48-4264-B0D8-C2189067A9F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CC74A26-CD8B-4D5A-8086-113FFC251ACF}" = lport=138 | protocol=17 | dir=in | app=system |
"{97FD8AAB-2030-45CE-B06E-7F7D478E8331}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98675E31-E1D1-44E5-9A40-0EC599B69AF2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{98717726-4488-43F0-AF06-3F99478BC257}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{9A1ECAD6-DC3B-44FF-BBE4-9D1624B8E316}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E755F2F-21F7-44EC-B5B7-4A459956C72C}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE1781C2-DAA6-432A-AA79-CEF8EFE1CE73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2A328D4-F5F5-49A9-9FB5-B839DF50D018}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEF2D0DF-E062-46AA-9E26-209EEA46F9A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0B57638-B45C-4A07-BF7E-8C5A9B91EF65}" = lport=139 | protocol=6 | dir=in | app=system |
"{CCC99F0E-6C1B-4C3D-AC03-ED0D4F19B7B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF03EFA6-DA0C-4CBB-9644-DF7B27D0EE56}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD2D0695-01A8-4F2D-A74C-9646CA3DC5E3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F5960634-436D-4113-8436-7D910B1D02F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F833D51F-E752-48CF-9B44-CDDDD8D9FCD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD7D2E60-F952-4509-BA18-4C2EB6360CAF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE0CE854-29CB-4EA4-BAD0-62C23A34E716}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE36F149-0E35-4346-9B1D-34CEE6ACEE8D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002A5155-5E01-49EB-A47D-85A501FDBA16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{03E5EC65-B238-4F38-AC78-3493CC8A7EDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0AC4A29E-05C1-4A8B-AA9F-3D33783901C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AE33BE0-94F3-4472-A2D0-11A005BEC846}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0D3FBCF1-5DA0-48E2-871B-A1DAC39A0803}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0D7ACDFB-D873-46B2-8B49-A5918357F570}" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"{17DDB4AD-C874-4C0F-9733-A95DCEF80FB1}" = protocol=6 | dir=in | app=c:\programme\icq7.5\icq.exe |
"{26E0EF51-CA72-4DF3-A173-A83930E47732}" = protocol=6 | dir=in | app=d:\age of conan\ageofconan.exe |
"{29DBF4AB-1AAD-40C8-A8E4-20F231AD3586}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe |
"{2D592F2B-F45C-4AAE-B5B7-57DD1591A4D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F27BD88-D469-4B8F-975C-DECC937E0E94}" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"{31CA389E-E9A4-4A83-969D-C473E99F330B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{34E04FE2-FDA2-48C1-A7ED-4A094B4203BA}" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"{364046AE-FD54-4226-84E9-2DFDB63D3164}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe |
"{3E450806-5D37-43D6-A1EF-4CBF878E96FF}" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"{3E9D8153-469A-4797-8685-50A7D9BCCB19}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"{407CC31D-7F3A-4CF4-86F7-C75F99864955}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4200286B-0617-49D5-8299-9C8A7FBEC243}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{427B3229-5B0E-4864-A920-295622C33D66}" = protocol=17 | dir=in | app=c:\programme\icq7.5\icq.exe |
"{430D21D5-058C-47C1-900E-6A607C063A10}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe |
"{51C4AB89-BC9E-4DBD-832A-FF9D06404703}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"{51EE3C12-8A45-433A-96F6-19BEB67FC15E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{551F43D5-2145-461A-878F-48FDE37FB417}" = protocol=17 | dir=in | app=c:\programme\icq7.5\icq.exe |
"{5941F2A3-7744-48F0-8C91-EF2AD6FCB03B}" = protocol=17 | dir=in | app=d:\age of conan\ageofconan.exe |
"{5FA1AE5E-5291-4F5C-8907-823EDA1079AE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{618562C9-2514-4645-9C42-C6684433685B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{643885A5-24FF-4B6E-81B3-8B7516D59A1C}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\frun.exe |
"{65AE8F89-1C2A-4B47-B841-1553538946D7}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{6745BDF1-F794-4A03-AE08-20E39B1A8AE6}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnamon.exe |
"{68F9F02E-8B56-4FBD-875B-7D3C27BFF1F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B9638CB-83CB-4851-8595-CFF655BF2570}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{796D9052-4DCF-4022-A281-6ACDFE5EAD36}" = protocol=6 | dir=in | app=d:\age of conan\conanpatcher.exe |
"{804E33AF-31A0-44E3-9EB5-8AF45118A3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{85340105-ABBA-4CE1-944F-FD3C70E5B658}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{856978CB-D3A7-4644-A484-15A703ECA0ED}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{88CCD9B2-3D60-4B2D-8BC5-EE9094FB07EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{8970EF0B-5A4A-4953-B456-26EFA7B72477}" = protocol=6 | dir=in | app=c:\programme\icq7.5\icq.exe |
"{947CA469-79D7-4D36-B217-1C2BE96F0113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95100AE9-FF06-4FFA-A572-9D627B52618D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{96A807DD-126D-464A-A5DE-6F42A14FC5A0}" = protocol=17 | dir=in | app=d:\age of conan\conanpatcher.exe |
"{9F1DA2FF-D81D-42FD-BEC5-6B28F82756D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{A1BCD055-C431-4BA3-8BBD-F368DC03C1AE}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdntime.exe |
"{A7CFE010-81B1-4D0A-A06B-42AA3EABF2B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A877763B-7EF3-4C6D-87EA-5D4FAF91C582}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{B225034A-8900-4DFF-989B-CDE0B2E5AA56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B63E16D4-848C-43D2-8623-B7372CC904BE}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnamon.exe |
"{BE981FA8-B76B-49DA-BE28-28757817FA37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BEBA321C-3CC2-4B5B-8FF2-8AE94EFB0678}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\frun.exe |
"{C0AE2113-DEFD-4926-A331-1C3805CF8742}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C33F007A-5931-4AD1-9AAD-9C37D971740D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C6717B72-ECAD-452F-A1E9-2D71992C471B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe |
"{CA804F1B-3DB6-4EA2-A36E-927728D450CD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D012D7F9-0C48-49FD-9517-D6652F36DDC3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D07E34F6-33F7-4E64-AC78-1D5633F54116}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D08B299E-865C-4215-A04C-64E3552787CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9881B96-8FBB-4E44-8800-BF99CF303624}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4941BF1-316F-4A89-94A1-8F80B0876AC4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E9059FBD-58BC-4D6E-9F68-D6C8498B0818}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB18B8B7-477B-45A3-9650-5ACAAD3A83E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB6F5191-BCBA-4B7D-B640-DEC84B91CB8B}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{ED1B8027-E40F-4B79-9F07-CD09B73B86BF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{EE137AEE-CCA9-4380-B22F-1EE06338386C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{F64F04E5-D3E1-4736-8E30-85B692251AC8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{F77B4C4B-472D-46F6-BB10-9BB6A1C65556}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FA329B8D-C95F-45DA-AD13-21EC3AE1319D}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdntime.exe |
"{FA86863F-A687-4C4D-AD8F-DA69EE98EF61}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{FBC63369-6C4C-45B1-BFD9-7698B85AA3F6}" = protocol=6 | dir=out | app=system |
"{FEB72D96-BC99-4D6C-AD98-BE6AAD195D43}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"TCP Query User{1E375CEB-D053-4AF6-899E-569F2B560B64}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"TCP Query User{2BADE5DC-D2F3-404C-B4E2-B3ED4E704053}C:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=6 | dir=in | app=c:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe |
"TCP Query User{4651A64E-92C3-4663-B7B6-85E949EE8D0D}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"TCP Query User{46F99958-F380-405D-B5DE-A678CC6A1F87}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{5A3CF9A4-DCC4-4D5E-8790-11F6A257C592}C:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe |
"TCP Query User{BEB755DC-78FF-4074-8746-C0AAB44A571C}D:\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=d:\age of conan\ageofconan.exe |
"TCP Query User{CAB08706-B9E7-4EE6-95E1-220DEFF80D55}D:\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"TCP Query User{E4BC9E91-2806-4F30-9E31-BC6754F865C5}C:\programme\mozilla\plugin-container.exe" = protocol=6 | dir=in | app=c:\programme\mozilla\plugin-container.exe |
"TCP Query User{EA2BAB5C-904F-45B9-889E-F22241943156}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"TCP Query User{F31F7E03-BDA0-45E6-8C63-DF253446B061}D:\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\age of conan\conanpatcher.exe |
"TCP Query User{F7615E10-84A2-48E5-AFAA-06F6B9803511}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"UDP Query User{12C98D6F-F701-4EDC-80EB-6F62E536A976}D:\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"UDP Query User{20E357A4-EF0D-4B9D-A221-E9BC44534237}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"UDP Query User{6FE14D52-5738-4B42-9072-3F6A9F223CFE}C:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=17 | dir=in | app=c:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe |
"UDP Query User{97E2EF08-0593-4C75-AD95-727BBE4134BF}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{97F64765-9A66-482C-A074-D76583627416}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"UDP Query User{A18BCDC5-D04A-46FF-9CBB-E7573C6B6F82}D:\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\age of conan\conanpatcher.exe |
"UDP Query User{AE32B9FC-1D73-4488-8016-99F9D7F9D37B}D:\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=d:\age of conan\ageofconan.exe |
"UDP Query User{B5629D33-1BDC-49B3-BD75-8E0085188B8E}C:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{F40E4509-980C-4396-888F-F580C7694E97}C:\programme\mozilla\plugin-container.exe" = protocol=17 | dir=in | app=c:\programme\mozilla\plugin-container.exe |
"UDP Query User{F8B42ACE-0E88-49EC-9E42-ABBBFB09F075}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{FB79F0E7-B1C2-4774-B04F-6752FF29F848}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FB874A-A992-4ED6-9522-6EFF78ADDDCB}_is1" = Das große DGS Wörterbuch Update 1.0.2.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DC8FA1C1-BE26-4889-85F1-A98AE6E37979}" = Inhaltsmanager-Assistent für PlayStation(R)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Conan_is1" = Age of Conan: Unchained
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 2.6.65 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 23310" = The Last Remnant
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Vampire Editor" = Vampire Editor
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/17/2012 12:04:17 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/17/2012 9:21:10 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/19/2012 1:54:55 AM | Computer Name = CarosPC | Source = RasClient | ID = 20227
Description =
Error - 10/24/2012 10:32:30 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/24/2012 7:02:59 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/25/2012 8:34:48 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/28/2012 1:57:24 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/29/2012 4:46:53 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/29/2012 7:31:11 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11/3/2012 6:51:43 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11/3/2012 11:01:16 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 12/12/2012 12:00:36 PM | Computer Name = CarosPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2779030)
Error - 12/12/2012 12:00:36 PM | Computer Name = CarosPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 12/14/2012 4:26:16 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7034
Description = Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 12/14/2012 9:05:18 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 12/14/2012 9:08:34 AM | Computer Name = CarosPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 12/14/2012 9:11:05 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
lg Benni |
|
17.12.2012, 18:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...Fixen mit OTL
Code:
ATTFilter :Files
C:\ProgramData\wb764821reg.bin
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.12.2012, 21:45
| #13 |
| | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Hi! Während OTL lief, hat sich der Rechner aufgehängt, ich hab dann irgendwann über den Taskmanager OTL beendet, dann hat der Rechner sofort neu gestartet. Als er wieder hoch gefahren war, hat OTL aber was ausgespuckt: Code:
ATTFilter All processes killed
========== FILES ==========
C:\ProgramData\wb764821reg.bin moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Benni\Desktop\cmd.bat deleted successfully.
C:\Users\Benni\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Benni
->Temp folder emptied: 40137 bytes
->Temporary Internet Files folder emptied: 11485846 bytes
->Java cache emptied: 19748256 bytes
->FireFox cache emptied: 818398171 bytes
->Flash cache emptied: 5238 bytes
User: Caro
->Temp folder emptied: 300716 bytes
->Temporary Internet Files folder emptied: 6839191 bytes
->Java cache emptied: 4358 bytes
->FireFox cache emptied: 243798995 bytes
->Flash cache emptied: 58269 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7032 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,050.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12172012_213123
Files\Folders moved on Reboot...
C:\Users\Benni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\_CACHE_CLEAN_ moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 lg Benni |
|
17.12.2012, 23:41
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Scheint ok zu sein...Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2012, 15:38
| #15 |
| | GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... Ok, da bin ich schon Mal ein wenig beruhigt Die Logs von OTL: Code:
ATTFilter OTL logfile created on: 12/18/2012 2:38:25 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benni\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 69.03% Memory free 7.71 Gb Paging File | 6.21 Gb Available in Paging File | 80.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 35.24 Gb Free Space | 30.26% Space Free | Partition Type: NTFS Drive D: | 327.83 Gb Total Space | 195.70 Gb Free Space | 59.70% Space Free | Partition Type: NTFS Computer Name: CAROSPC | User Name: Benni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Benni\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.) PRC - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\384ca76c4a02cf94dd8f4b2ef89d2ebf\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\474914b7c8b9b5056943488991a57edc\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\391c954f32c93ef679256ecdf316f6fe\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ea10f3231995d893967a191b9d19805\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\10dca0c97b8703d895d026e645b6a1bc\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.core.dll () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.common.dll () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll () MOD - C:\Program Files (x86)\Lexmark 2600 Series\iptk.dll () ========== Services (SafeList) ========== SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( ) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (lxdn_device) -- C:\Windows\SysWOW64\lxdncoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla\components [2012/12/09 00:52:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla\plugins [2012/12/12 17:17:13 | 000,000,000 | ---D | M] [2011/07/15 00:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions [2012/10/25 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\8xaak6hx.default\extensions O1 HOSTS File: ([2012/12/17 21:34:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe () O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [lxdnamon] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe () O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe () O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.6.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12D72C37-AC43-4CDA-9E43-FD15DEA838A2}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3301EAF3-F98D-4520-BB18-7BE343A023D4}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/17 21:31:23 | 000,000,000 | ---D | C] -- C:\_OTL [2012/12/17 21:29:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe [2012/12/16 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Logfiles Suche [2012/12/15 00:01:51 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2012/12/14 23:59:28 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncobjapi.dll [2012/12/14 23:59:28 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncobjapi.dll [2012/12/14 23:59:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Register-CimProvider.exe [2012/12/14 23:59:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Register-CimProvider.exe [2012/12/14 23:59:16 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe [2012/12/14 23:59:16 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll [2012/12/14 23:59:16 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll [2012/12/14 23:59:15 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll [2012/12/14 23:59:15 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe [2012/12/14 23:59:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll [2012/12/14 23:59:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll [2012/12/14 23:59:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe [2012/12/14 23:59:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll [2012/12/14 23:59:15 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe [2012/12/14 23:59:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe [2012/12/14 23:59:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe [2012/12/14 23:59:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll [2012/12/14 23:59:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll [2012/12/14 23:59:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll [2012/12/14 23:59:11 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prvdmofcomp.dll [2012/12/14 23:59:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll [2012/12/14 23:59:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll [2012/12/14 23:59:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSModuleDiscoveryProvider.dll [2012/12/14 23:59:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAgent.dll [2012/12/14 23:59:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mi.dll [2012/12/14 23:59:10 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll [2012/12/14 23:59:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mi.dll [2012/12/14 23:59:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prvdmofcomp.dll [2012/12/14 23:59:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PSModuleDiscoveryProvider.dll [2012/12/14 23:59:10 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe [2012/12/14 23:59:10 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe [2012/12/14 23:59:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe [2012/12/14 23:59:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe [2012/12/14 23:59:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAgent.dll [2012/12/14 23:59:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll [2012/12/14 23:59:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll [2012/12/14 23:59:09 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll [2012/12/14 23:59:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll [2012/12/14 23:59:07 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmidcom.dll [2012/12/14 23:59:07 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmitomi.dll [2012/12/14 23:59:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmidcom.dll [2012/12/14 23:59:06 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll [2012/12/14 23:59:06 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll [2012/12/14 23:59:06 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll [2012/12/14 23:59:06 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll [2012/12/14 23:59:06 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\miutils.dll [2012/12/14 23:59:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmitomi.dll [2012/12/14 23:59:06 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll [2012/12/14 23:59:06 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll [2012/12/14 23:59:06 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\miutils.dll [2012/12/14 23:59:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll [2012/12/14 23:59:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll [2012/12/14 23:59:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmGCDeps.dll [2012/12/14 23:59:05 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmGCDeps.dll [2012/12/14 23:59:05 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn2.dll [2012/12/14 23:59:05 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemcomn2.dll [2012/12/14 23:59:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll [2012/12/14 23:59:05 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll [2012/12/14 23:58:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/12/14 23:58:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/12/14 23:58:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012/12/14 23:58:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012/12/14 23:58:27 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012/12/14 23:58:24 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012/12/14 23:58:24 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012/12/14 23:58:24 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012/12/14 23:58:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012/12/14 23:58:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012/12/14 23:58:24 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012/12/14 23:58:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012/12/14 23:58:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012/12/14 23:58:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012/12/14 23:58:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012/12/14 23:58:23 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/12/14 23:58:23 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012/12/14 23:58:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012/12/14 23:58:23 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012/12/14 23:58:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012/12/14 23:58:22 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/12/14 23:58:22 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/12/14 23:58:22 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012/12/14 23:58:22 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/12/14 23:57:40 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/12/14 23:57:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/12/14 23:57:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012/12/14 23:57:38 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012/12/14 16:41:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/12/14 14:13:41 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/12/14 13:58:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/14 13:58:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/14 13:58:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/14 13:58:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/14 13:58:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/13 12:46:44 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Macromedia [2012/12/13 12:43:23 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/12 17:17:01 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/12/12 16:55:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/12 16:55:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/12 16:55:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/12 16:55:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/12 16:55:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/12 16:55:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/12 16:55:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/12 16:55:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/12 16:55:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/12 16:55:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/12 16:55:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/12 16:55:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/12 16:55:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/12 16:55:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/12 16:55:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/12 16:37:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/12 16:37:08 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/12 16:37:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/12 16:37:08 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/12 16:37:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/12 16:37:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/12 16:37:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/12 16:37:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/12 16:37:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/12 16:37:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/12 16:37:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/12 16:37:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/12 16:37:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/12 16:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/12 16:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 16:37:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/12 16:37:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/12 16:36:47 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/12 16:36:47 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/12 16:36:46 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/12 16:36:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/12 16:36:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/12 16:36:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/11/30 05:00:08 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Daten [2012/11/27 15:55:41 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Chromium [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/18 14:35:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/17 21:42:47 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/17 21:42:47 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/17 21:39:50 | 001,642,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/17 21:39:50 | 000,707,566 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/12/17 21:39:50 | 000,661,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/17 21:39:50 | 000,153,126 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/12/17 21:39:50 | 000,125,334 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/17 21:35:14 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys [2012/12/17 21:34:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/12/17 21:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe [2012/12/13 12:43:23 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/13 12:43:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/12 17:31:03 | 000,327,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/30 04:58:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/14 23:59:16 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2012/12/14 23:59:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2012/12/14 23:59:14 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2012/12/14 23:59:12 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof [2012/12/14 23:59:07 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2012/12/14 13:58:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/14 13:58:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/14 13:58:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/14 13:58:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/14 13:58:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/05/12 01:19:31 | 000,011,304 | ---- | C] () -- C:\Users\Benni\gsview64.ini [2012/04/24 08:44:38 | 004,384,590 | ---- | C] () -- C:\Users\Benni\24.04.2012 09;44;30.BMP [2012/04/24 08:44:30 | 004,380,654 | ---- | C] () -- C:\Users\Benni\24.04.2012 09;44;00.BMP [2012/04/24 08:27:59 | 000,064,200 | ---- | C] () -- C:\Users\Benni\studbeschUDE.pdf [2012/04/24 08:26:55 | 000,114,484 | ---- | C] () -- C:\Users\Benni\Dispo Julia.pdf [2012/04/24 08:26:55 | 000,111,899 | ---- | C] () -- C:\Users\Benni\OBV Julia.pdf [2012/04/24 08:26:55 | 000,071,373 | ---- | C] () -- C:\Users\Benni\Schufa Julia.pdf [2012/02/04 18:21:04 | 000,150,806 | ---- | C] () -- C:\Users\Benni\charakterblatt.pdf [2012/01/30 10:33:40 | 000,027,124 | ---- | C] () -- C:\Users\Benni\Abschlussklausuren_WiSe_11_12_Stand_20_01_2012.pdf [2011/12/21 08:10:27 | 000,000,093 | ---- | C] () -- C:\Users\Benni\AppData\Local\fusioncache.dat [2011/12/21 08:09:29 | 001,620,114 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/07/25 13:04:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011/07/25 13:04:13 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2011/07/15 00:05:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/07/14 19:53:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011/07/14 19:17:27 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll [2011/07/14 19:17:26 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll [2011/07/14 19:17:26 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll [2011/07/14 19:17:26 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll [2011/07/14 19:17:26 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll [2011/07/14 19:17:25 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll [2011/07/14 19:17:25 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll [2011/07/14 19:17:25 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll [2011/07/14 19:17:24 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll [2011/07/14 19:17:24 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll [2011/07/14 19:17:24 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe [2011/07/14 19:17:23 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll [2011/07/14 19:17:23 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe [2011/07/14 19:17:23 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll [2011/07/14 19:17:22 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe [2011/07/14 18:06:16 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011/02/17 02:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/02/17 02:16:37 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 12/18/2012 2:38:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benni\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 69.03% Memory free
7.71 Gb Paging File | 6.21 Gb Available in Paging File | 80.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 35.24 Gb Free Space | 30.26% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 195.70 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
Computer Name: CAROSPC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030EDBDD-A010-4B7B-A58D-7BE1047F7495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{03267E6B-C575-4281-893B-972B7D637BEC}" = lport=445 | protocol=6 | dir=in | app=system |
"{0A59AE65-FF01-4831-B6DD-565CC9EA5502}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CC5FF0A-E7F4-4336-9243-23BA5DE83434}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24CC9489-2617-4DCA-A0F6-77E3985F65FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{298BBABA-E552-478C-9BB5-9317098CFB7D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29C441CE-947C-4B04-BFF9-A7E5C6390C95}" = rport=137 | protocol=17 | dir=out | app=system |
"{2BC21A29-F3C3-4225-BEE1-4ADF1F26C464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E334304-5E2F-4EF2-8C32-BC7CAA90A50A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{45399A07-9F26-431D-9725-C4351D9529A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{48EE7934-9F80-4564-A748-BF6B06EE0BE1}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{4ED58E37-E8A7-4CE7-BB9F-424A2EB3EDAB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5A5DD1D1-C49A-48E0-B797-08B5A5673007}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5F7CBE69-CB86-4399-B2B1-F5F72A429E93}" = lport=6112 | protocol=6 | dir=in | name=guild wars port |
"{61112CC9-B530-4C16-9EED-381C8310B2C3}" = lport=80 | protocol=6 | dir=in | name=guild wars port 2 |
"{6312EFAB-FEDD-4A84-9DDB-0E4887C4CA4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63902689-266B-4135-B33A-B87C78866230}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{84898C70-E6E1-4A7B-967B-F4DEB609A3DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8BC2417A-EA48-4264-B0D8-C2189067A9F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CC74A26-CD8B-4D5A-8086-113FFC251ACF}" = lport=138 | protocol=17 | dir=in | app=system |
"{97FD8AAB-2030-45CE-B06E-7F7D478E8331}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98675E31-E1D1-44E5-9A40-0EC599B69AF2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{98717726-4488-43F0-AF06-3F99478BC257}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{9A1ECAD6-DC3B-44FF-BBE4-9D1624B8E316}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E755F2F-21F7-44EC-B5B7-4A459956C72C}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE1781C2-DAA6-432A-AA79-CEF8EFE1CE73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2A328D4-F5F5-49A9-9FB5-B839DF50D018}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEF2D0DF-E062-46AA-9E26-209EEA46F9A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0B57638-B45C-4A07-BF7E-8C5A9B91EF65}" = lport=139 | protocol=6 | dir=in | app=system |
"{CCC99F0E-6C1B-4C3D-AC03-ED0D4F19B7B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF03EFA6-DA0C-4CBB-9644-DF7B27D0EE56}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD2D0695-01A8-4F2D-A74C-9646CA3DC5E3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F5960634-436D-4113-8436-7D910B1D02F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F833D51F-E752-48CF-9B44-CDDDD8D9FCD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD7D2E60-F952-4509-BA18-4C2EB6360CAF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE0CE854-29CB-4EA4-BAD0-62C23A34E716}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE36F149-0E35-4346-9B1D-34CEE6ACEE8D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002A5155-5E01-49EB-A47D-85A501FDBA16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{03E5EC65-B238-4F38-AC78-3493CC8A7EDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0AC4A29E-05C1-4A8B-AA9F-3D33783901C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AE33BE0-94F3-4472-A2D0-11A005BEC846}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0D3FBCF1-5DA0-48E2-871B-A1DAC39A0803}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0D7ACDFB-D873-46B2-8B49-A5918357F570}" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"{17DDB4AD-C874-4C0F-9733-A95DCEF80FB1}" = protocol=6 | dir=in | app=c:\programme\icq7.5\icq.exe |
"{26E0EF51-CA72-4DF3-A173-A83930E47732}" = protocol=6 | dir=in | app=d:\age of conan\ageofconan.exe |
"{29DBF4AB-1AAD-40C8-A8E4-20F231AD3586}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe |
"{2D592F2B-F45C-4AAE-B5B7-57DD1591A4D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F27BD88-D469-4B8F-975C-DECC937E0E94}" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"{31CA389E-E9A4-4A83-969D-C473E99F330B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{34E04FE2-FDA2-48C1-A7ED-4A094B4203BA}" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"{364046AE-FD54-4226-84E9-2DFDB63D3164}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe |
"{3E450806-5D37-43D6-A1EF-4CBF878E96FF}" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"{3E9D8153-469A-4797-8685-50A7D9BCCB19}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"{407CC31D-7F3A-4CF4-86F7-C75F99864955}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4200286B-0617-49D5-8299-9C8A7FBEC243}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{427B3229-5B0E-4864-A920-295622C33D66}" = protocol=17 | dir=in | app=c:\programme\icq7.5\icq.exe |
"{430D21D5-058C-47C1-900E-6A607C063A10}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe |
"{51C4AB89-BC9E-4DBD-832A-FF9D06404703}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"{51EE3C12-8A45-433A-96F6-19BEB67FC15E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{551F43D5-2145-461A-878F-48FDE37FB417}" = protocol=17 | dir=in | app=c:\programme\icq7.5\icq.exe |
"{5941F2A3-7744-48F0-8C91-EF2AD6FCB03B}" = protocol=17 | dir=in | app=d:\age of conan\ageofconan.exe |
"{5FA1AE5E-5291-4F5C-8907-823EDA1079AE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{618562C9-2514-4645-9C42-C6684433685B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{643885A5-24FF-4B6E-81B3-8B7516D59A1C}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\frun.exe |
"{65AE8F89-1C2A-4B47-B841-1553538946D7}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{6745BDF1-F794-4A03-AE08-20E39B1A8AE6}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnamon.exe |
"{68F9F02E-8B56-4FBD-875B-7D3C27BFF1F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B9638CB-83CB-4851-8595-CFF655BF2570}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{796D9052-4DCF-4022-A281-6ACDFE5EAD36}" = protocol=6 | dir=in | app=d:\age of conan\conanpatcher.exe |
"{804E33AF-31A0-44E3-9EB5-8AF45118A3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{85340105-ABBA-4CE1-944F-FD3C70E5B658}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{856978CB-D3A7-4644-A484-15A703ECA0ED}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{88CCD9B2-3D60-4B2D-8BC5-EE9094FB07EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{8970EF0B-5A4A-4953-B456-26EFA7B72477}" = protocol=6 | dir=in | app=c:\programme\icq7.5\icq.exe |
"{947CA469-79D7-4D36-B217-1C2BE96F0113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95100AE9-FF06-4FFA-A572-9D627B52618D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{96A807DD-126D-464A-A5DE-6F42A14FC5A0}" = protocol=17 | dir=in | app=d:\age of conan\conanpatcher.exe |
"{9F1DA2FF-D81D-42FD-BEC5-6B28F82756D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{A1BCD055-C431-4BA3-8BBD-F368DC03C1AE}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdntime.exe |
"{A7CFE010-81B1-4D0A-A06B-42AA3EABF2B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A877763B-7EF3-4C6D-87EA-5D4FAF91C582}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{B225034A-8900-4DFF-989B-CDE0B2E5AA56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B63E16D4-848C-43D2-8623-B7372CC904BE}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnamon.exe |
"{BE981FA8-B76B-49DA-BE28-28757817FA37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BEBA321C-3CC2-4B5B-8FF2-8AE94EFB0678}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\frun.exe |
"{C0AE2113-DEFD-4926-A331-1C3805CF8742}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C33F007A-5931-4AD1-9AAD-9C37D971740D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C6717B72-ECAD-452F-A1E9-2D71992C471B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe |
"{CA804F1B-3DB6-4EA2-A36E-927728D450CD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D012D7F9-0C48-49FD-9517-D6652F36DDC3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D07E34F6-33F7-4E64-AC78-1D5633F54116}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D08B299E-865C-4215-A04C-64E3552787CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9881B96-8FBB-4E44-8800-BF99CF303624}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4941BF1-316F-4A89-94A1-8F80B0876AC4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E9059FBD-58BC-4D6E-9F68-D6C8498B0818}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB18B8B7-477B-45A3-9650-5ACAAD3A83E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB6F5191-BCBA-4B7D-B640-DEC84B91CB8B}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"{ED1B8027-E40F-4B79-9F07-CD09B73B86BF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{EE137AEE-CCA9-4380-B22F-1EE06338386C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{F64F04E5-D3E1-4736-8E30-85B692251AC8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe |
"{F77B4C4B-472D-46F6-BB10-9BB6A1C65556}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FA329B8D-C95F-45DA-AD13-21EC3AE1319D}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdntime.exe |
"{FA86863F-A687-4C4D-AD8F-DA69EE98EF61}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{FBC63369-6C4C-45B1-BFD9-7698B85AA3F6}" = protocol=6 | dir=out | app=system |
"{FEB72D96-BC99-4D6C-AD98-BE6AAD195D43}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"TCP Query User{1E375CEB-D053-4AF6-899E-569F2B560B64}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"TCP Query User{2BADE5DC-D2F3-404C-B4E2-B3ED4E704053}C:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=6 | dir=in | app=c:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe |
"TCP Query User{4651A64E-92C3-4663-B7B6-85E949EE8D0D}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"TCP Query User{46F99958-F380-405D-B5DE-A678CC6A1F87}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{5A3CF9A4-DCC4-4D5E-8790-11F6A257C592}C:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe |
"TCP Query User{BEB755DC-78FF-4074-8746-C0AAB44A571C}D:\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=d:\age of conan\ageofconan.exe |
"TCP Query User{CAB08706-B9E7-4EE6-95E1-220DEFF80D55}D:\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"TCP Query User{E4BC9E91-2806-4F30-9E31-BC6754F865C5}C:\programme\mozilla\plugin-container.exe" = protocol=6 | dir=in | app=c:\programme\mozilla\plugin-container.exe |
"TCP Query User{EA2BAB5C-904F-45B9-889E-F22241943156}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
"TCP Query User{F31F7E03-BDA0-45E6-8C63-DF253446B061}D:\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\age of conan\conanpatcher.exe |
"TCP Query User{F7615E10-84A2-48E5-AFAA-06F6B9803511}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"UDP Query User{12C98D6F-F701-4EDC-80EB-6F62E536A976}D:\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe |
"UDP Query User{20E357A4-EF0D-4B9D-A221-E9BC44534237}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe |
"UDP Query User{6FE14D52-5738-4B42-9072-3F6A9F223CFE}C:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=17 | dir=in | app=c:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe |
"UDP Query User{97E2EF08-0593-4C75-AD95-727BBE4134BF}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{97F64765-9A66-482C-A074-D76583627416}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"UDP Query User{A18BCDC5-D04A-46FF-9CBB-E7573C6B6F82}D:\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\age of conan\conanpatcher.exe |
"UDP Query User{AE32B9FC-1D73-4488-8016-99F9D7F9D37B}D:\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=d:\age of conan\ageofconan.exe |
"UDP Query User{B5629D33-1BDC-49B3-BD75-8E0085188B8E}C:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{F40E4509-980C-4396-888F-F580C7694E97}C:\programme\mozilla\plugin-container.exe" = protocol=17 | dir=in | app=c:\programme\mozilla\plugin-container.exe |
"UDP Query User{F8B42ACE-0E88-49EC-9E42-ABBBFB09F075}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{FB79F0E7-B1C2-4774-B04F-6752FF29F848}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FB874A-A992-4ED6-9522-6EFF78ADDDCB}_is1" = Das große DGS Wörterbuch Update 1.0.2.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DC8FA1C1-BE26-4889-85F1-A98AE6E37979}" = Inhaltsmanager-Assistent für PlayStation(R)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Conan_is1" = Age of Conan: Unchained
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 2.6.65 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 23310" = The Last Remnant
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Vampire Editor" = Vampire Editor
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/17/2012 12:04:17 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/17/2012 9:21:10 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/19/2012 1:54:55 AM | Computer Name = CarosPC | Source = RasClient | ID = 20227
Description =
Error - 10/24/2012 10:32:30 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/24/2012 7:02:59 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/25/2012 8:34:48 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/28/2012 1:57:24 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/29/2012 4:46:53 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10/29/2012 7:31:11 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11/3/2012 6:51:43 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11/3/2012 11:01:16 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 12/12/2012 12:00:36 PM | Computer Name = CarosPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2779030)
Error - 12/12/2012 12:00:36 PM | Computer Name = CarosPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 12/14/2012 4:26:16 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7034
Description = Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 12/14/2012 9:05:18 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 12/14/2012 9:08:34 AM | Computer Name = CarosPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 12/14/2012 9:11:05 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 12/17/2012 4:31:23 PM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7034
Description = Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
|
|
| Themen zu GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... |
| administrator, asus, aswmbr, avast, avira, browser, classpnp.sys, computer, desktop, detected, dxgkrnl, file, fontcache, gesperrt, hal.dll, harddisk, hotkey, lanmanworkstation, log, log file, malwarebytes, monitor, neu, object, policyagent, programm, rootkit, security, server, sigcheck, super, system, trojaner-board, trustedinstaller, tunnel, unsignedfile.multi.generic, windows, wlansvc, wmp, wsearch |
Textbox. 
Linear-Darstellung
