| |
| |||||||
Log-Analyse und Auswertung: Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.02.2013, 18:48
| #1 |
 |  Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Ausgangspunkt meines Problems war die Installation des Firefox. Dieser funktionierte auch einige Zeit einwandfrei bis ich schließlich aufgefordert wurde ein update des Firefox einzuspielen. Dieses habe ich dann auch eingespielt einschließlich der damit verbundenen Add ons und dem Hinweis während der Installation, eine App (Name habe ich leider überlesen) sei nicht kompatibel. Wie sich bereits kurze Zeit später herausstellte, war das updaten des firefox ein Fehler. Ich kam über den firefox nicht mehr ins Internet. Daraufhin habe ich den Firefox neu installiert. Der Zugang zum Internet funktionierte nach der Neuinstallation einmal, danach war er wieder blockiert. Ich habe GData Antivirus 2013 laufen lassen, ohne Ergebnis. Was mir zudem auffiel war, daß sich die Startseite im Internet Explorer (www.searchnu.com/406) nicht verändern ließ. Ich habe dann nach Hilfe im Internet gesucht und bin auf Euer Board gestoßen. Ich habe Malewarebytes Anti Malware laufen lassen. Die Software hat direkt einige infizierte Registrierungsschlüssel gefunden. Stichwort: "pup.funmoods". Mit dem Löschen der Schlüssel scheint es nicht getan zu sein. Ich hoffe nun, Ihr könnt mir helfen. Vielen Dank schon einmal vorab, Eure Hilfe überhaupt in Anspruch nehmen zu dürfen. Ich bin ein echtes "Greenhorn", was IT betrifft... Viele Grüße Hejo Anbei nun meine 3 logfiles ... jeweils editiert, da mein Name erschien (**********):OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.02.2013 17:30:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**********\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,91% Memory free 7,83 Gb Paging File | 5,57 Gb Available in Paging File | 71,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 177,00 Gb Total Space | 127,30 Gb Free Space | 71,92% Space Free | Partition Type: NTFS Drive D: | 265,59 Gb Total Space | 248,66 Gb Free Space | 93,63% Space Free | Partition Type: NTFS Computer Name: **********-PC | User Name: ********** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.19 17:27:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.28 18:16:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe PRC - [2012.12.26 23:33:06 | 001,683,608 | ---- | M] (Bandoo Media Inc) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.03.16 17:46:34 | 002,805,328 | ---- | M] (SAMSUNG ELECTRONICS CO., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe PRC - [2011.09.28 00:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe PRC - [2011.09.06 09:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe PRC - [2011.09.06 09:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe PRC - [2011.08.19 05:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe PRC - [2011.08.17 08:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011.07.29 23:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe PRC - [2011.06.24 09:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2011.06.05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.03.30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.03.30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.03.30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.03.30 13:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.02.18 17:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe PRC - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe PRC - [2009.11.02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.20 12:36:18 | 000,078,336 | ---- | M] () -- C:\ProgramData\Wincert\win32prop.dll MOD - [2012.12.20 12:36:18 | 000,007,168 | ---- | M] () -- C:\ProgramData\Wincert\win32cert.dll MOD - [2011.02.16 17:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll MOD - [2010.05.07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2009.11.02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.04.21 08:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.04.21 07:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011.02.18 17:41:20 | 001,120,368 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl) SRV:64bit: - [2011.02.18 17:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm) SRV:64bit: - [2010.09.22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.16 21:09:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.06.05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.03.30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.03.30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.03.30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.06.01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.28 18:47:46 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2013.01.25 18:27:55 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.01.25 18:27:54 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2013.01.25 18:27:35 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.01.25 18:27:35 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2013.01.25 18:27:34 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.09 18:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.11.15 00:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.08.17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.07.29 23:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2011.06.17 04:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.06.05 00:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.05.01 06:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.04.22 11:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.04.11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.08 13:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.02.18 17:41:20 | 000,047,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb) DRV:64bit: - [2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.16 11:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.10.29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.10.29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.10.29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.10.29 18:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.01.12 00:34:52 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2322430982424624&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2322430982424624&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.finviz.com/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2322430982424624&q={searchTerms} IE - HKCU\..\SearchScopes\{CA8BA569-7EB7-4B42-BF83-6A06C72A19B5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=E1F6231E-48EB-4B05-BA99-15F8EFDE43EF&apn_sauid=AC47B5EF-8127-467B-B6AF-62DF734899A7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28 FF - prefs.js..extensions.enabledAddons: dendzones%40captaincaveman.nl:1.5.4.3 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7B1acd747e-8470-11db-96a9-00e08161165f%7D:6.3.7.117 FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12 FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.04 17:49:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.10 18:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Extensions [2013.02.04 17:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions [2013.01.20 16:38:19 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2013.01.10 18:58:46 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013.01.10 18:58:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\firefox@ghostery.com [2013.02.07 15:40:46 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\toolbar@ask.com [2012.12.12 18:50:21 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012.12.03 18:22:31 | 000,083,310 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\extensions\dendzones@captaincaveman.nl.xpi [2013.02.15 16:31:17 | 000,002,412 | ---- | M] () -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\searchplugins\askcom.xml [2013.01.10 18:58:41 | 000,002,687 | ---- | M] () -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\searchplugins\Search_Results.xml [2013.02.04 17:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.25 18:27:34 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2013.01.16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.10 18:58:41 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media Inc) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media Inc) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKCU..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.17 217.0.43.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A9C25AC-30C1-4408-9A5E-D0AD46F95E8E}: DhcpNameServer = 217.0.43.17 217.0.43.49 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media Inc) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Security Packages - (wsauth) - C:\windows\SysNative\wsauth.dll (VMware, Inc.) O30 - LSA: Security Packages - (wsauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.19 17:27:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe [2013.02.15 17:14:16 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Malwarebytes [2013.02.15 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.15 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.15 17:13:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.02.15 17:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.15 17:11:10 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Programs [2013.02.14 18:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DT [2013.02.14 18:11:50 | 000,572,928 | ---- | C] (Concept Software, Inc.) -- C:\windows\SysWow64\SKCL.dll [2013.02.14 18:11:48 | 000,605,184 | ---- | C] (Concept Software, Inc.) -- C:\windows\SysWow64\KEYLIB32.dll [2013.02.14 18:11:48 | 000,401,465 | ---- | C] (eSignal, a division of Interactive Data Corporation) -- C:\windows\SysWow64\dbcapi.dll [2013.02.14 18:11:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DT [2013.02.14 18:11:46 | 000,067,312 | ---- | C] (Just Great Software) -- C:\windows\UnDeployV.exe [2013.02.14 18:11:46 | 000,062,976 | ---- | C] (Dynamic Trader Group, Incorporated) -- C:\windows\SysWow64\DTTS.dll [2013.02.14 18:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DT [2013.02.14 18:10:37 | 000,000,000 | ---D | C] -- C:\dttsdata [2013.02.14 16:19:51 | 000,016,504 | ---- | C] (G Data Software) -- C:\windows\SysNative\drivers\GdPhyMem.sys [2013.02.14 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.07 14:49:12 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\APN [2013.02.04 17:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.04 17:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.02.04 17:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.02.04 15:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataTool 2.5 [2013.02.04 15:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DataTool [2013.02.04 15:00:40 | 000,000,000 | ---D | C] -- C:\MSData [2013.02.02 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bulls Eye Broker 4 [2013.02.02 18:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulls Eye Broker 4 [2013.02.02 18:50:09 | 001,056,768 | ---- | C] (eHelp Corporation.) -- C:\windows\SysWow64\Roboex32.dll [2013.02.02 18:50:09 | 001,009,264 | ---- | C] (FarPoint Technologies, Inc.) -- C:\windows\SysWow64\SPR32X30.ocx [2013.02.02 18:50:09 | 000,675,840 | ---- | C] (Smaller Animals Software, Inc.) -- C:\windows\SysWow64\_ISource2.dll [2013.02.02 18:50:09 | 000,115,200 | ---- | C] (Desaware Inc.) -- C:\windows\SysWow64\dwsbc36.ocx [2013.02.02 18:50:09 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\windows\SysWow64\INETWH32.dll [2013.02.02 18:50:08 | 000,389,120 | ---- | C] (Designer Controls, Inc.) -- C:\windows\SysWow64\ImgX4.dll [2013.02.02 18:50:08 | 000,345,008 | ---- | C] (VideoSoft) -- C:\windows\SysWow64\VSPRINT7.ocx [2013.02.02 18:50:07 | 000,229,376 | ---- | C] (Inner Media, Inc.) -- C:\windows\SysWow64\duzactx.dll [2013.02.02 18:50:07 | 000,140,800 | ---- | C] (Desaware Inc.) -- C:\windows\SysWow64\Dwshk36.ocx [2013.02.02 18:50:07 | 000,075,776 | ---- | C] (Desaware Inc.) -- C:\windows\SysWow64\Dwspy36.dll [2013.02.02 18:50:04 | 000,188,518 | ---- | C] (Equis International, Inc.) -- C:\windows\SysWow64\msfl80.dll [2013.02.02 18:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEBrokerV40 [2013.02.01 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\TEST [2013.01.28 18:47:46 | 000,106,648 | ---- | C] (G Data Software) -- C:\windows\SysNative\drivers\GRD.sys [2013.01.28 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Google [2013.01.28 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Funmoods [2013.01.28 18:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.01.28 18:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bulls Eye Broker 5 [2013.01.26 19:24:39 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Pointandfigure [2013.01.26 19:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bulls Eye Broker 5 ========== Files - Modified Within 30 Days ========== [2013.02.19 17:27:41 | 000,050,477 | ---- | M] () -- C:\Users\**********\Desktop\Defogger.exe [2013.02.19 17:27:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe [2013.02.19 17:23:46 | 000,000,000 | ---- | M] () -- C:\Users\**********\defogger_reenable [2013.02.19 16:34:45 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 16:34:45 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 16:33:24 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.02.19 16:33:24 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.02.19 16:33:24 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.02.19 16:33:24 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.02.19 16:33:24 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.02.19 16:33:17 | 000,983,126 | ---- | M] () -- C:\windows\SysWow64\sig.bin [2013.02.19 16:33:17 | 000,052,145 | ---- | M] () -- C:\windows\SysWow64\nmp.map [2013.02.19 16:27:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.19 16:26:59 | 4204,314,624 | -HS- | M] () -- C:\hiberfil.sys [2013.02.15 17:14:02 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.15 10:09:52 | 000,428,616 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.02.14 18:27:59 | 000,000,043 | ---- | M] () -- C:\windows\WALLSTRT.INI [2013.02.14 18:11:53 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\DT6.lnk [2013.02.14 16:19:51 | 000,016,504 | ---- | M] (G Data Software) -- C:\windows\SysNative\drivers\GdPhyMem.sys [2013.02.14 16:13:19 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.14 16:13:19 | 000,002,052 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.04 17:49:43 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.02 18:50:19 | 000,000,006 | ---- | M] () -- C:\windows\SysWow64\BReg9824.dat [2013.02.01 17:42:33 | 000,000,981 | ---- | M] () -- C:\Users\**********\Documents\TEST.htm [2013.02.01 17:42:32 | 000,001,796 | ---- | M] () -- C:\Users\**********\Documents\TEST.hur [2013.01.28 18:47:46 | 000,106,648 | ---- | M] (G Data Software) -- C:\windows\SysNative\drivers\GRD.sys [2013.01.28 18:45:53 | 000,077,671 | ---- | M] () -- C:\Users\**********\AppData\Local\funmoods_2.0.1.crx [2013.01.25 18:27:55 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\PktIcpt.sys [2013.01.25 18:27:54 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\HookCentre.sys [2013.01.25 18:27:35 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\MiniIcpt.sys [2013.01.25 18:27:35 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\GDBehave.sys [2013.01.25 18:27:34 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\gdwfpcd64.sys ========== Files Created - No Company Name ========== [2013.02.19 17:27:41 | 000,050,477 | ---- | C] () -- C:\Users\**********\Desktop\Defogger.exe [2013.02.19 17:23:46 | 000,000,000 | ---- | C] () -- C:\Users\**********\defogger_reenable [2013.02.15 17:14:02 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.14 18:11:53 | 000,001,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DT6.lnk [2013.02.14 18:11:53 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\DT6.lnk [2013.02.14 18:11:52 | 000,139,264 | ---- | C] () -- C:\windows\ShareBarData.dll [2013.02.04 17:49:43 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.04 17:49:43 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.02 18:50:19 | 000,000,006 | ---- | C] () -- C:\windows\SysWow64\BReg9824.dat [2013.02.02 18:50:09 | 000,147,800 | ---- | C] () -- C:\windows\SysWow64\Vspdf.ocx [2013.02.02 18:50:08 | 000,202,752 | ---- | C] () -- C:\windows\SysWow64\Vsview3.ocx [2013.02.01 17:42:33 | 000,000,981 | ---- | C] () -- C:\Users\**********\Documents\TEST.htm [2013.02.01 17:42:28 | 000,001,796 | ---- | C] () -- C:\Users\**********\Documents\TEST.hur [2013.01.28 18:46:49 | 000,077,671 | ---- | C] () -- C:\Users\**********\AppData\Local\funmoods_2.0.1.crx [2013.01.07 14:41:56 | 000,000,320 | ---- | C] () -- C:\Users\**********\AppData\Roaming\SEC541129.trad [2013.01.07 14:41:43 | 000,000,043 | ---- | C] () -- C:\windows\WALLSTRT.INI [2013.01.07 14:34:16 | 001,589,650 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.12.20 12:26:39 | 000,000,680 | RHS- | C] () -- C:\Users\**********\ntuser.pol [2012.12.07 18:18:37 | 000,000,111 | ---- | C] () -- C:\windows\Updata.ini [2012.12.07 18:14:18 | 000,000,119 | ---- | C] () -- C:\windows\director.ini [2012.12.07 18:14:18 | 000,000,030 | ---- | C] () -- C:\windows\tradernet.ini [2012.12.07 18:14:18 | 000,000,016 | ---- | C] () -- C:\windows\temp.ini [2012.09.14 13:02:51 | 000,060,304 | ---- | C] () -- C:\Users\**********\g2mdlhlpx.exe [2012.07.31 11:57:22 | 000,000,192 | ---- | C] () -- C:\Users\**********\1190.png [2012.06.25 10:38:01 | 000,983,126 | ---- | C] () -- C:\windows\SysWow64\sig.bin [2011.10.11 03:28:02 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011.10.11 02:27:55 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini [2011.07.21 06:51:15 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.07.21 06:51:14 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.07.21 06:51:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.03 16:21:33 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\FileZilla [2013.01.28 18:46:49 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Funmoods [2012.09.22 12:45:58 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\MetaQuotes [2013.01.07 14:31:45 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\TradeStation Technologies ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.02.2013 17:30:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**********\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,91% Memory free
7,83 Gb Paging File | 5,57 Gb Available in Paging File | 71,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 177,00 Gb Total Space | 127,30 Gb Free Space | 71,92% Space Free | Partition Type: NTFS
Drive D: | 265,59 Gb Total Space | 248,66 Gb Free Space | 93,63% Space Free | Partition Type: NTFS
Computer Name: **********-PC | User Name: ********** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{77D300E9-D978-4F57-BC07-AAF08F5A53E4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{952188CC-E441-4006-9C3F-BA2B2DF736F5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BB53985F-C22F-41AF-A5EC-9E6F272EE5DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E54344-76EA-49F9-8ED7-DCEBC59241C9}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{0982071D-A6F6-4034-B51C-6A2619A03C10}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{17B57711-027D-42B4-AF3C-D787C94B2F42}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{180B5219-CCAF-4C39-B2F5-F689138CBAAD}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{239AF855-B24E-4BBE-A94A-ABF16D4D88A6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{26B8C6A3-57BE-4197-8DFF-96ED18FD6E15}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{322E0717-DF5A-4E13-8C74-5D5BE0258BEA}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{40641DBF-9C10-4AD5-86A4-759136F41AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{41A3386C-D20C-45A5-8928-1CB54F5D3746}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{4CB4D7AC-12FE-4C75-A3AF-2E2516FDB9E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4FB4D578-8285-4C92-B72C-A7F5B215159A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{58C155CD-8B27-48D6-8985-75C0F6B502C0}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{75916B70-2A2E-4324-AF9F-78A2A14CE89C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{78A5AC17-5097-44D2-8F2E-F03FE873764C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{78CE22EB-77D6-4151-B4C2-46DF6360643D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7B744EFA-96A5-4E77-BC55-BF44AC6D38ED}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{8EECCDA8-6629-4B50-A8DE-60006A36F34B}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{A2AF4A49-2C67-44BD-9247-61D5BE3C38F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A3F1A998-726C-4C79-848E-AC22CDD96773}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{A4FCD1B2-23C5-4E94-A906-E1F6D948DFFA}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{C1B438FC-BB26-4B6E-AFD4-0685F2B97DCE}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{CF2579B0-4FFF-4861-A426-12C425B4F082}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{D247F0B8-FA9D-4A31-809B-E1AC7587AFA5}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
"{E40980E9-846C-4AEA-83FB-0A8EECC610D2}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |
"{E57F24A1-F9BE-4658-BF44-52F77A183060}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6A96630-35ED-4F43-90E4-F5270AD823F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{FA0EFB10-C9F5-45D6-B568-FFFF75A7C0F6}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
"{FC8A2F6B-0E4C-4303-900D-C03AFA2480D3}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{70C29540-5625-443D-BC4F-6D0C763F44C8}" = VMware View Client
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.0.7.2_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6A9F65FF-5FF0-4914-9941-E58004829535}" = WHS FutureStation Nano
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B0F08ACB-6BBA-49A8-8BE9-BBB4C2D8B574}" = G Data AntiVirus 2013
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B948B39D-214F-486E-BCD9-8AB691F8762A}" = TradeStation 9.1
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bull's-Eye Broker" = Bull's-Eye Broker
"DT6" = Dynamic Traders Group, Inc. DT6 2
"FileZilla Client" = FileZilla Client 3.5.3
"Game Console - WildGames" = WildTangent ORB Game Console
"ilividtoolbarguid" = Search-Results Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"MetaTrader - ActivTrades" = MetaTrader - ActivTrades
"MetaTrader 4 at FOREX.com" = MetaTrader 4 at FOREX.com
"MetaTrader 4 by ThinkForex" = MetaTrader 4 by ThinkForex
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProInst" = Intel PROSet Wireless
"ST6UNST #1" = DataTool 2.5
"TeamViewer 7" = TeamViewer 7
"TraderPro" = TraderPro
"VLC media player" = VLC media player 2.0.3
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"GoToMeeting" = GoToMeeting 5.1.0.880
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.12.2012 09:32:34 | Computer Name = **********-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 17.12.2012 05:20:45 | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4ca41bb3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4ca41bb3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses:
0xc4c Startzeit der fehlerhaften Anwendung: 0x01cddc37cae82ced Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Berichtskennung: 08bb8951-482b-11e2-88ee-dca971bfdc26
Error - 17.12.2012 05:20:58 | Computer Name = **********-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2012 05:30:42 | Computer Name = **********-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 19.12.2012 07:15:02 | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4ca41bb3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4ca41bb3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses:
0xc88 Startzeit der fehlerhaften Anwendung: 0x01cdddda0d2efda2 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Berichtskennung: 54b2b3ed-49cd-11e2-858f-dca971bfdc26
Error - 19.12.2012 07:15:58 | Computer Name = **********-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.12.2012 07:59:26 | Computer Name = **********-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 19.12.2012 12:49:53 | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4ca41bb3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4ca41bb3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses:
0xce0 Startzeit der fehlerhaften Anwendung: 0x01cdde08dc4dd22a Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Berichtskennung: 1bdbafff-49fc-11e2-8cf3-dca971bfdc26
Error - 19.12.2012 12:51:11 | Computer Name = **********-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.12.2012 06:25:31 | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4ca41bb3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel:
0x4ca41bb3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses:
0xdd0 Startzeit der fehlerhaften Anwendung: 0x01cdde9c5042cf91 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Berichtskennung: 9473ff12-4a8f-11e2-8c33-dca971bfdc26
[ System Events ]
Error - 18.11.2012 08:38:00 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2727528)
Error - 18.11.2012 08:38:00 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2761217)
Error - 14.12.2012 12:59:00 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 17.12.2012 07:48:10 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 19.12.2012 12:57:07 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070103 fehlgeschlagen: Intel - Other hardware - Intel(R) Centrino(R)
Wireless Bluetooth(R) 3.0 + High Speed Adapter
Error - 19.12.2012 12:57:44 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070103 fehlgeschlagen: Intel - Other hardware - Intel(R) Centrino(R)
Wireless Bluetooth(R) 3.0 + High Speed Adapter
Error - 18.01.2013 13:47:16 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Norton Online Backup erreicht.
Error - 18.01.2013 13:47:16 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 22.01.2013 13:42:49 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High
Speed Security Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen.
Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart
des Diensts.
Error - 25.01.2013 12:12:42 | Computer Name = **********-PC | Source = DCOM | ID = 10010
Description =
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-19 18:14:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\SCHNIE~1\AppData\Local\Temp\axlyifoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007767fc18 5 bytes JMP 00000001727e1780
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007767fc90 5 bytes JMP 00000001727e2ad0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 000000007767fd44 5 bytes JMP 00000001727e16b0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077680094 5 bytes JMP 00000001727e1600
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtOpenDirectoryObject 00000000776800dc 5 bytes JMP 00000001727e1740
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtCreateDirectoryObject 00000000776806a4 5 bytes JMP 00000001727e1700
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000776809c4 5 bytes JMP 00000001727e1680
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyTransactedW 00000000766fa8ea 5 bytes JMP 00000001727e3af0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyExW 00000000766fa9c5 5 bytes JMP 00000001727e3ab0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteValueW 00000000766fcf31 5 bytes JMP 00000001727e3a10
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyW 0000000076701272 7 bytes JMP 00000001727e3a70
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegSetValueExW 00000000767014d6 5 bytes JMP 00000001727e34b0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegSetKeyValueW 0000000076717180 5 bytes JMP 00000001727e37f0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegSetValueW 000000007671a68a 5 bytes JMP 00000001727e3660
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteTreeW 00000000767334a3 5 bytes JMP 00000001727e3b40
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyValueW 000000007674f84b 5 bytes JMP 00000001727e39a0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077631465 2 bytes [63, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776314bb 2 bytes [63, 77]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077631465 2 bytes [63, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776314bb 2 bytes [63, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077631465 2 bytes [63, 77]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776314bb 2 bytes [63, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077631465 2 bytes [63, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776314bb 2 bytes [63, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\windows\System32\svchost.exe [3040:5960] 000007fef34a9688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e003e75
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97107b376
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971bfdc26
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e003e75 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97107b376 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971bfdc26 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von HeJo (19.02.2013 um 19:04 Uhr) |
| Themen zu Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen |
| 7-zip, antivirus, bandoo, board, diner dash, explorer, firefox, gdata, gesucht, infiziert, infizierte, install.exe, installation, internet explorer, kurze, löschen, malware, neu, neuinstallation, nicht mehr, ntdll.dll, nvidia update, nvpciflt.sys, pup.funmoods, registrierungsschlüssel, search results toolbar, searchnu.com, seite, software, startseite, stichwort, tarma, unknown mbr, update, updaten, verändern, zugang, öffnen |
Baum-Darstellung