Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.02.2013, 11:47   #1
Kassiopeia
 
Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle  Bereinigung - Frage

Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung



Guten Tag

Ich habe folgendes Poblem:

Sophos Antivius hat folgende Meldung ausgegeben: HIP/RegMod-014

Durch googeln habe ich herausgefunden (leider weiss ich nicht mehr wo), dass ich die Spphos Virus Removal Tool Software verwenden soll. Ich habe diese runtergelden und ausgeführt. Es gab da mehrer Meldungen die ich bestätigen musste, die genauen Detail weiss ich leider nicht mehr. Das Resultat der ganzen Aktion ist, dass der Virus Troj/ZbotMem-B im Quarantäne-Manager ist und ich ihn manuell entfernen soll.

Durch weitere Recherche bin ich auf dieses Forum gestossen und musste feststellen, dass ich diesen Virus nicht von alleine loswerde.

Symtome: Es ist in letzt Zeit mehrfach vorgekommen, dass ich im Internetexplorer keine Eingabe mehr machen konnte. Dies liesssich aber mit einem Neustart jedesmal beheben.

Bis jetzt habe ich Schritt 1 und 2 ausgeführt. Anbei die beiden gewünschten Files.
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.02.2013 10:30:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 62,47% Memory free
7,81 Gb Paging File | 5,48 Gb Available in Paging File | 70,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,39 Gb Total Space | 19,04 Gb Free Space | 19,96% Space Free | Partition Type: NTFS
Drive D: | 135,08 Gb Total Space | 134,99 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: KARIN-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C28991-D4CB-42C4-99FC-7EE5DEDAE3B0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0E84A6E4-BC9C-4588-AF9E-791EFFE88132}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1F4B6CDE-1F5C-478D-80BA-11F096869735}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3BEA63DE-386E-4269-8AEB-4E7F7080E901}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3DD45FEF-DD04-4042-9695-8DCA62B14CD1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4C7511AE-6F60-428C-BF44-7A5E5462F2F8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D809D6A-FBAC-4FA0-9058-F853898B114B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4F164882-2C99-459E-9E53-E7C576770C0F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5A4F336C-4CD6-4AF3-BA45-2FB8A907C338}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D03386D-03EE-44F0-9D9E-810F5D0DC72C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{619035B4-3451-48A4-83EA-595FAE18441C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{64D23B27-6995-4E96-8432-3A7C790DAF6C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{70CCE353-3E38-4D88-9EC7-82246B4129F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70FB8279-73B6-4E4D-823F-92B4C7D72F90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75603CC0-6930-4B7F-B59A-A75687CC1F69}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{85611A07-F66F-4739-989A-02614F60DF8E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{885A3FF7-F826-4AB4-BC20-E08FB4AF2259}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ACC9D34E-1D0A-40F1-BEE1-C388C017E452}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{C1A15E92-6E85-490F-97D1-0D74C9155696}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7D76A56-0A00-463D-A83B-5EEBD0B2C89E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D7D51BF0-1E3B-460C-8483-D403527FA84F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DA33BD84-6142-45A6-82C9-6328B2F00C69}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F2D0923F-6330-49B2-8085-8D8EF280F416}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{F94BFFCB-D537-4769-A10F-B0BD9A8B7F2B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FACE3115-DD72-4EFD-92F2-E3A99216C570}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0258D5DF-3968-4285-BCE2-E0683EB3C403}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{091419B0-E567-4967-8169-CB65A1687F1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{09DFFA0A-9AAD-40EF-8876-21FD78CE9E3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1C784250-AD3F-4365-BF6F-F7D35AC9782F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2A911156-84BB-4341-A93A-96FD70257D14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C87889D-2E8E-4437-8605-ACE3E083D1F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F4337BB-BB59-4933-BB6F-5CF1E09E8BC7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{36527AD1-D4AB-432D-8D1F-D3564D751D8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{38E2A25D-CFBA-475A-AD78-7141A2B7F2EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{448248AF-076F-4CA2-BB4F-F27D4D8C174D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{464ED86C-CAC6-4EBE-BF18-92E69E06D4C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A3D453D-544A-4AE2-B8BD-57A4C415E903}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4AF72DCE-F3D1-4813-BBDC-C67D8F36CA8E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{54E8DDD1-34A3-49C4-A994-DCD8E10474C6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7DED96F9-3D79-444E-B3A3-4EDBFF701949}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{817AAA07-2308-485D-A29E-AA9317B7CA09}" = protocol=6 | dir=out | app=system | 
"{8435262A-5173-4E21-BDB8-CA2E76051BC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89D9E260-18B4-4BAE-9707-ED5116B8C743}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{926B598B-DE41-46A7-B316-9901A11F981B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{95C1B2CC-3583-4126-A8B7-D66FDBCB30FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE5A0C5B-01B8-4831-840D-8909C6D6E2E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C691BC3B-0932-493E-AFA6-3FFF7EB7A871}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C7FF5174-029D-4BC9-8011-8BF5C454C738}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CB269311-F91E-48E2-88BE-B9A6246461B5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{D705C422-4586-4504-AC5F-A26DA62A34F4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DBC67DA5-B348-478D-93D2-B47FE0F68B63}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E2E5711C-D4FB-4A2C-A2BD-213D14AC0881}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E7A95692-9B78-4DB6-A3E4-169F6232AB4C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E9CB774A-2EA0-4184-A63E-9E4E33F8DE7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F02E4EEF-524D-462F-AA7B-2EFE324D0403}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F25B1936-A6D9-46BE-BCF9-74176A905AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{F74B88E7-1931-49C0-9922-A5D86B2DA831}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6B006967-779B-49DB-BFCF-3DB3BDD2C7F7}" = Fresco Logic USB3.0 Host Controller
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.5.5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DC3BFF3-B84F-4CBE-B2BD-FB52B6C247CA}" = HTC Sync Manager
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938CFBD4-0652-49E5-BB8B-153948865941}" = ASUS Virtual Touch
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2DB883F-1AF3-4BE6-BE04-710D9C556C44}" = ASUS PowerWiz
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}" = ASUS PWR Option
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"AsusScr_ZENBOOK_31" = AsusScr_ZENBOOK_31
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Game Park Console" = Game Park Console
"Google Chrome" = Google Chrome
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"NP_SO_2011" = SolothurnTax 2011 11.3.49
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Ravensburger tiptoi" = Ravensburger tiptoi
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.01.2013 03:39:24 | Computer Name = Karin-PC | Source = Sophos Anti-Virus | ID = 196608
Description = Ausnahme entdeckt in CInfrastructureModule::PreMessageLoop.
 
Error - 26.01.2013 03:44:37 | Computer Name = Karin-PC | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE.  CManager::BeginProcessing in der ComponentManager-Komponente
 hat einen schwerwiegenden Fehler entdeckt, nach dem keine Wiederherstellung möglich
 ist.
 
Error - 26.01.2013 03:44:37 | Computer Name = Karin-PC | Source = Sophos Anti-Virus | ID = 131091
Description = Fehler beim Aufrufen von BeginProcessing auf ComponentManager.
 
Error - 26.01.2013 03:44:37 | Computer Name = Karin-PC | Source = Sophos Anti-Virus | ID = 196608
Description = Ausnahme entdeckt in CInfrastructureModule::PreMessageLoop.
 
Error - 26.01.2013 12:27:49 | Computer Name = Karin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010,
 Zeitstempel: 0x50aee9f3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000016ecf
ID
 des fehlerhaften Prozesses: 0x7ac  Startzeit der fehlerhaften Anwendung: 0x01cdfb9843eb2184
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 5241c0ac-67d5-11e2-a841-0008cae6ef46
 
Error - 26.01.2013 14:00:43 | Computer Name = Karin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.01.2013 14:00:43 | Computer Name = Karin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1412012
 
Error - 26.01.2013 14:00:43 | Computer Name = Karin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1412012
 
Error - 31.01.2013 00:34:27 | Computer Name = Karin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000021cca
ID
 des fehlerhaften Prozesses: 0xb98  Startzeit der fehlerhaften Anwendung: 0x01cdfbef9349f9ee
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7e70f892-6b5f-11e2-a8da-0008cae6ef46
 
Error - 02.02.2013 16:29:32 | Computer Name = Karin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchProtocolHost.exe, Version: 
7.0.7601.17610, Zeitstempel: 0x4dc0d006  Name des fehlerhaften Moduls: ntdll.dll, 
Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0000000000020a4a  ID des fehlerhaften Prozesses: 0x14cc  Startzeit der fehlerhaften
 Anwendung: 0x01ce0183ef3cc5a2  Pfad der fehlerhaften Anwendung: C:\Windows\system32\SearchProtocolHost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 401f528f-6d77-11e2-a8cc-0008cae6ef46
 
[ Media Center Events ]
Error - 01.08.2012 16:34:38 | Computer Name = Karin-PC | Source = MCUpdate | ID = 0
Description = 22:34:38 - Fehler beim Herstellen der Internetverbindung.  22:34:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 01.08.2012 16:34:49 | Computer Name = Karin-PC | Source = MCUpdate | ID = 0
Description = 22:34:43 - Fehler beim Herstellen der Internetverbindung.  22:34:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 06.01.2013 08:29:04 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kryptografiedienste" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.01.2013 08:29:04 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 06.01.2013 08:29:04 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies 
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.01.2013 08:29:04 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "NLA (Network Location Awareness)" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.01.2013 08:31:04 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "DNS-Client" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 07.01.2013 12:08:17 | Computer Name = Karin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 08.01.2013 12:42:21 | Computer Name = Karin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12.01.2013 11:32:17 | Computer Name = Karin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 14.01.2013 13:14:27 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 16.01.2013 15:52:45 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.02.2013 10:30:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 62,47% Memory free
7,81 Gb Paging File | 5,48 Gb Available in Paging File | 70,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,39 Gb Total Space | 19,04 Gb Free Space | 19,96% Space Free | Partition Type: NTFS
Drive D: | 135,08 Gb Total Space | 134,99 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: KARIN-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.05 10:21:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTL.exe
PRC - [2013.01.31 07:27:30 | 000,444,416 | ---- | M] () -- C:\Users\Karin\AppData\Local\Temp\wininit.exe
PRC - [2013.01.31 07:27:30 | 000,444,416 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\Dudab\leob.exe
PRC - [2012.12.27 16:26:48 | 000,169,464 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2012.12.12 19:00:02 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.12.04 17:48:31 | 002,869,824 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012.12.04 17:48:28 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.08.08 19:43:26 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2012.08.08 19:43:25 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.26 20:07:26 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.07.26 20:07:05 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.03.07 16:06:51 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.12.21 23:15:54 | 000,017,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
PRC - [2011.12.07 01:21:36 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011.12.07 01:21:34 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011.12.06 02:21:50 | 000,646,808 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\PowerWiz.exe
PRC - [2011.12.06 01:30:34 | 000,506,024 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011.12.01 02:10:34 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2011.12.01 02:10:32 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2011.11.30 23:28:56 | 001,550,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011.10.19 03:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011.10.04 00:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011.10.03 20:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2011.08.02 23:31:22 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.07.22 00:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.20 13:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010.10.07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.08.24 08:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.11.10 02:47:30 | 000,075,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.5.0_17\bin\jusched.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.31 07:27:30 | 000,444,416 | ---- | M] () -- C:\Users\Karin\AppData\Local\Temp\wininit.exe
MOD - [2013.01.31 07:27:30 | 000,444,416 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\Dudab\leob.exe
MOD - [2013.01.22 17:27:53 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
MOD - [2013.01.22 06:07:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.22 06:06:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.22 06:05:47 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.22 06:05:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.22 06:04:49 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.22 06:04:41 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.22 06:04:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.22 06:03:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.22 06:03:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.22 06:03:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.22 06:03:30 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.27 16:26:48 | 000,169,464 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2011.12.07 01:21:34 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011.12.06 02:21:50 | 000,369,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS PowerWiz\AsBatInfo.dll
MOD - [2011.11.30 23:28:56 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2011.02.19 10:07:25 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2011.02.19 10:07:25 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2011.02.19 10:07:25 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.07.12 20:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.09 05:35:24 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.12 19:00:02 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.12.04 17:48:31 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.12.04 17:48:28 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.04 17:48:22 | 001,998,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.08.08 19:43:25 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.26 20:07:26 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.07.26 20:07:05 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.12.01 02:10:32 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.08.02 23:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.08.02 23:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.12.21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.07 18:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.07.26 20:07:37 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.07.26 20:07:18 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.03.18 17:06:34 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.21 23:15:56 | 000,035,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVBus.sys -- (AsusVBus)
DRV:64bit: - [2011.12.13 04:24:46 | 000,224,512 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2011.12.13 04:24:46 | 000,071,424 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2011.12.06 14:16:20 | 000,199,464 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.12.06 01:30:34 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011.11.24 00:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.11.08 04:48:28 | 000,016,512 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVTouch.sys -- (AsusVTouch)
DRV:64bit: - [2011.11.03 11:09:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.03 11:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.10.29 02:15:14 | 000,027,056 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
DRV:64bit: - [2011.10.17 23:16:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.10.17 23:16:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.08.02 23:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.08.02 23:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.08.02 23:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.08.02 23:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.08.02 23:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.08.02 23:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.08.02 23:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.08.02 23:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.05.13 23:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.04.26 04:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.15 11:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.12.31 08:17:00 | 000,098,816 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772b.sys -- (AX88772B)
DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 10:57:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.12.06 01:30:34 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2011.09.07 18:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_17\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.5.0_17\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_17\bin\npjpi150_17.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24AA753F-6864-4659-9E0D-69E6310F9E96}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61837C97-32AF-4720-A7D9-8BA3D8997162}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7992fb2c-5384-11e2-b9e3-0008cae6ef46}\Shell - "" = AutoRun
O33 - MountPoints2\{7992fb2c-5384-11e2-b9e3-0008cae6ef46}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.05 10:21:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTL.exe
[2013.02.04 10:32:11 | 000,000,000 | R--D | C] -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.02.04 10:13:17 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.02.04 10:09:59 | 084,065,608 | ---- | C] (Sophos Limited) -- C:\Users\Karin\Desktop\Sophos Virus Removal Tool.exe
[2013.02.04 06:13:28 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Vyve
[2013.02.04 06:13:28 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Uxax
[2013.02.04 06:13:28 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Dudab
[2013.01.21 17:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.12 05:56:12 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Outlook
[2013.01.09 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\HTC
[2013.01.09 15:05:21 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\HTC Sync
[2013.01.09 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2013.01.09 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\HTC MediaHub
[2013.01.09 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Karin\Documents\HTC
[2013.01.09 15:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2013.01.09 15:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.01.09 15:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2013.01.09 15:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2013.01.09 15:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2013.01.09 15:01:01 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Downloaded Installations
[2013.01.09 14:58:21 | 000,000,000 | ---D | C] -- C:\Temp
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.05 10:21:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTL.exe
[2013.02.05 10:20:33 | 000,000,000 | ---- | M] () -- C:\Users\Karin\defogger_reenable
[2013.02.05 10:19:32 | 000,050,477 | ---- | M] () -- C:\Users\Karin\Desktop\Defogger.exe
[2013.02.05 10:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.05 09:54:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.05 09:12:27 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.05 09:06:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 10:39:24 | 000,744,382 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013.02.04 10:39:24 | 000,741,204 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.02.04 10:39:24 | 000,730,204 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013.02.04 10:39:24 | 000,725,736 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013.02.04 10:39:24 | 000,410,870 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013.02.04 10:39:24 | 000,155,554 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013.02.04 10:39:24 | 000,155,526 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013.02.04 10:39:24 | 000,153,118 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013.02.04 10:39:24 | 000,149,426 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.02.04 10:39:24 | 000,124,832 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013.02.04 10:39:23 | 008,735,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.04 10:39:23 | 000,746,668 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.02.04 10:39:23 | 000,746,512 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013.02.04 10:39:23 | 000,708,282 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.04 10:39:23 | 000,663,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.04 10:39:23 | 000,607,888 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013.02.04 10:39:23 | 000,393,996 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013.02.04 10:39:23 | 000,160,962 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013.02.04 10:39:23 | 000,151,930 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.02.04 10:39:23 | 000,151,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.04 10:39:23 | 000,124,832 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.04 10:39:23 | 000,113,630 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013.02.04 10:39:23 | 000,087,538 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013.02.04 10:39:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 10:39:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 10:31:22 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 10:24:16 | 084,065,608 | ---- | M] (Sophos Limited) -- C:\Users\Karin\Desktop\Sophos Virus Removal Tool.exe
[2013.02.04 10:13:17 | 000,003,205 | ---- | M] () -- C:\Users\Karin\Desktop\Sophos Virus Removal Tool.lnk
[2013.01.21 19:18:44 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2013.01.21 19:18:01 | 000,417,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.21 18:59:35 | 008,572,276 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.09 15:04:56 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.05 10:20:33 | 000,000,000 | ---- | C] () -- C:\Users\Karin\defogger_reenable
[2013.02.05 10:19:32 | 000,050,477 | ---- | C] () -- C:\Users\Karin\Desktop\Defogger.exe
[2013.02.04 10:13:17 | 000,003,205 | ---- | C] () -- C:\Users\Karin\Desktop\Sophos Virus Removal Tool.lnk
[2013.01.09 15:04:56 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk
[2012.11.21 19:33:42 | 000,321,288 | ---- | C] () -- C:\Program Files (x86)\Common Files\Sanpya.ttf
[2012.03.17 16:35:46 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011.12.21 14:08:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.21 14:08:04 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.21 14:08:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.12.21 14:07:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.12.21 14:07:55 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.10.18 01:26:44 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.10.18 01:08:49 | 008,572,276 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.17 17:36:45 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ASUS WebStorage
[2013.02.04 06:13:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Dudab
[2013.01.09 15:05:23 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\HTC
[2013.01.09 15:05:21 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\HTC Sync
[2013.01.12 05:56:12 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Outlook
[2012.06.04 18:06:45 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\RavensburgerTipToi
[2013.02.04 09:55:00 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Uxax
[2013.02.04 06:13:28 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Vyve
[2012.03.17 17:43:11 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Geändert von Kassiopeia (05.02.2013 um 11:53 Uhr)

Alt 05.02.2013, 14:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle  Bereinigung - Standard

Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung



Hallo und

Zitat:
dass der Virus Troj/ZbotMem-B im Quarantäne-Manager ist und ich ihn manuell entfernen soll.
Was habt ihr alle immer nur mit der Quarantäne?
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.


Wäre gut wenn du mal alle Logs mit Funden posten könntest, Erklärung siehe http://www.trojaner-board.de/125889-...tml#post941520

Und bitte keine neuen Scans machen sondern nur bisherige vorhandene Logs posten

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________

__________________

Alt 05.02.2013, 16:58   #3
Kassiopeia
 
Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle  Bereinigung - Standard

Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung



Hallo cosinus

Ich brauche etwas Hilfe beim Finden der Logs mit Sophos. Was muss ich machen damit ich sie anzeigen kann. Ich habe zwar den Pfad gefunden, wo sie sein sollten, aber der Ordner ist für mich nicht sichtbar und ein gezieltes suchen nach der Datei hat auch keine Ergebnis gebracht.

Soeben habe ich festgestellt, dass ich eine neue Meldung im "Quarantäne-Manager" habe: HIP/RegMod-009, Massnahme: zulassen

Noch eine Leien Frage: Spielt es keine Rolle, wenn Dateien in Quarantäne sind? Ich hatte da noch nie etwas drin.

Kassiopeia
__________________

Alt 06.02.2013, 10:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle  Bereinigung - Standard

Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung



Ich kenn Sophos nicht. Bei der Menge an Virenscanner die es auf dem Markt gibt wäre es auch übertreiben von uns zu jedem verfügbaren Produkt eine bebilderte Anleitung zu verlangen.
Schau ins Programm selbst, die allermeisten Virenscanner bieten da eine Einsicht in die Protokolle (Logs) an. Ansonsten mal auf der Herstellerseite im Support-/Anleitungsbereich mal nachsehen.

Und beantworte bitte die Frage bzgl. der Professional Edititon von Windows!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung
aufrufe, autorun, bho, bonjour, browser, canon, entfernen, error, excel, fehler, firefox, flash player, format, google, homepage, install.exe, logfile, manuelle bereinigung quarantätne-manager, ntdll.dll, plug-in, realtek, registry, rundll, scan, security, server, software, sophos, svchost.exe, taskhost.exe, troj/zbotmem-b, usb, virus, windows, wscript.exe




Ähnliche Themen: Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung


  1. DHCP Client Fehler 1068 bei Start nach Malwarebytes Quarantäne Bereinigung
    Plagegeister aller Art und deren Bekämpfung - 26.04.2015 (1)
  2. Troj/ZbotMem-B
    Plagegeister aller Art und deren Bekämpfung - 04.01.2015 (13)
  3. Windows 7: Troj/ZbotMem-B Befall?
    Log-Analyse und Auswertung - 04.01.2015 (17)
  4. Troj/ZbotMem-B fund von Sophos, manuelle Reinigung erforderlich / Windows 7
    Log-Analyse und Auswertung - 15.12.2013 (11)
  5. troj/zbotmem-b in der Sophos Quarantaene und nur manuell zu bereinigen
    Log-Analyse und Auswertung - 28.11.2013 (23)
  6. Bprotector von sophos gefunden als Adware und in Quarantäne geschickt
    Log-Analyse und Auswertung - 03.09.2013 (5)
  7. Sophosmeldung: Troj/ZbotMem-B im Memory
    Log-Analyse und Auswertung - 08.08.2013 (31)
  8. [Sophos] Troj/Zbot-Dhn // C:\User\*Name*\AppData\Roaming\execue.exe
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (9)
  9. Troj/ZbotMem-B // gefunden mit Sophos
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (13)
  10. Sophos meldet im Speicher: Troj/ZbotMem-B
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (10)
  11. Habe ich Troj/zbotmem-b vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (1)
  12. Troj/ZbotMem-B bei Scan entdeckt, nach Sophos Meldung HIPS/RegMod-014 - Was tun?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (16)
  13. Troj/ExpJS-EG / Troj/ZbotMem-B / Trojan.Phex.THAGen6 - BA-BA-BA-BA-BANKÜBERFALL 2012
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (19)
  14. Sophos hat Troj/Java-CN und Mal/Generic-L gefunden
    Log-Analyse und Auswertung - 21.04.2012 (27)
  15. Trojaner Troj/ZbotMem-B Zugriff auf Bankendaten - wie bereinigen?
    Log-Analyse und Auswertung - 10.08.2011 (6)
  16. Troj/Inor-Fam wird von Sophos gemeldet
    Plagegeister aller Art und deren Bekämpfung - 10.03.2011 (1)
  17. Manuelle Entfernung des Trojaners Smitfraud.c aka Troj/FakeAle-c
    Archiv - 13.06.2005 (2)

Zum Thema Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung - Guten Tag Ich habe folgendes Poblem: Sophos Antivius hat folgende Meldung ausgegeben: HIP/RegMod-014 Durch googeln habe ich herausgefunden (leider weiss ich nicht mehr wo), dass ich die Spphos Virus Removal - Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung...
Archiv
Du betrachtest: Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.