trojaner virus weisser bildschirm GAV

aharonov · 23.02.2013, 21:30

Hoi,

Zitat:

Wie meinste das mit dem av-programm? Welches würdest du mir entfehlen?

Es spielt nicht so eine Rolle, welches Programm man nimmt. Aber man sollte nur eines haben und nicht zwei.

Zitat:

weil ich nachdem letzten post nicht mehr ins internet komme..

Kommst du wirklich nicht mehr ins Internet oder funktioniert nur das Surfen nicht?
Tritt das Problem in allen Browsern auf?
Und wie sieht das im infizierten Benutzerkonto aus, geht's dort auch nicht?

Zitat:

Aber ins infitzierte benutzerkonto komm ich jetzt wieder,wie hast du das schon mal hingekriegt?!

Combofix hat das erledigt.

blitter · 23.02.2013, 23:05

achso.. auf jedenfall top! vielen dank für deine super hilfe!
ja hab jetzt eine systemwiederherstellung auf den 21.02.2013 zurückgestellt und jetzt gehts wieder.. hoffe das war kein fehler..? und hab jetzt den einen AV rausgelöscht arbeite jetzt mit dem AGV.. oder empfiehlst du mir einen guten? (womöglich kostenlos)

?
Muss ich noch was machen oder wars das? Muss ich das Windows früher oder später soderso neu aufsetzten nehm ich an.. in was für einer Zeitspanne ca.?

cheers

aharonov · 24.02.2013, 14:51

Hoi,

wie gesagt, das AV-Programm spielt nicht die entscheidende Rolle. Keines erkennt alles, die anderen Faktoren sind wichtiger; wir kommen noch dazu. (AVG ist schon ok.)

Zitat:

Muss ich noch was machen oder wars das?

Wenn's nur so einfach wäre.

Die Systemwiederherstellung löst Malwareprobleme grundsätzlich nicht. Wir solltest nochmals drüberschauen, wie der Stand jetzt ist.

Zitat:

Muss ich das Windows früher oder später soderso neu aufsetzten nehm ich an..

Neuaufsetzen ist immer die sicherste Lösung.
Wenn du bald Neuaufsetzen willst, dann würd ich das aber jetzt gleich machen. Und nicht noch viel Zeit investieren, um alles wieder zusammenzuflicken und dann doch bald alles platt machen, das lohnt sich nicht.
Gib mir bitte kurz Bescheid, wie du weitermachen willst.

Wenn du bereinigen willst, dann:

Schritt 1

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Combofix
Log von OTL

blitter · 25.02.2013, 20:04

combofix hab ich doch schon gemacht?? muss man das 2x machen? geht nacher mein internet wieder nicht wenn ich Combofix nochmals mache?

cheers

aharonov · 25.02.2013, 20:06

Du hast eine Systemwiederherstellung gemacht, darum das Ganze noch einmal.

Ich weiss nicht recht, warum das Internet nicht mehr funktioniert hat, aber dem sollten wir nachgehen.
Wenn das Internet nach Combofix wieder nicht geht, dann setzt halt noch einmal auf den selben SWH-Punkt zurück, das geht ja schnell.

blitter · 27.02.2013, 20:50

Ja bereinigen würd ich schon vorziehen aber ohne Neuaufsetzen wirds nicht gehen oder? merke jetzt schon das der Laptop leider um einiges langsamer ist als vorher..¨! ok ich machs noch einmal..

cheers

aharonov · 27.02.2013, 21:00

Zitat:

aber ohne Neuaufsetzen wirds nicht gehen oder?

Gehen wird es schon irgendwie. Aber wie gesagt, neu machen ist immer sicherer und vielleicht sogar schneller - deine Entscheidung.
Wenn du sowieso Neuaufsetzen willst, dann brauchst du diese Schritte hier nicht mehr abzuarbeiten. Das wäre ja nur Zeitverschwendung, wenn nachher sowieso alles platt gemacht wird.

Ansonsten mach diese Scans und dann schauen wir weiter.

blitter · 27.02.2013, 23:35

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-02-26.01 - Roger's 27.02.2013  20:54:32.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.4008.1874 [GMT 1:00]
ausgeführt von:: c:\users\Roger's\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\Savings Sidekick
c:\program files (x86)\Savings Sidekick\ButtonUtil.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick-bg.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-27 bis 2013-02-27  ))))))))))))))))))))))))))))))
.
.
2013-02-27 22:29 . 2013-02-27 22:29	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-02-27 22:29 . 2013-02-27 22:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-22 17:27 . 2013-02-22 17:27	--------	d-----w-	C:\FRST
2013-02-21 16:44 . 2013-02-23 17:15	--------	d-----w-	c:\program files (x86)\7-Zip
2013-02-21 04:40 . 2013-02-23 17:15	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-02-21 04:00 . 2013-02-23 17:15	--------	d-----w-	c:\users\Gast
2013-02-21 03:59 . 2013-02-23 17:15	--------	d-----w-	c:\program files (x86)\jZip
2013-02-21 01:50 . 2013-02-23 17:37	--------	d-----w-	c:\users\Roger's\AppData\Local\Avg2013
2013-02-21 01:12 . 2013-02-21 01:12	--------	d-----w-	C:\$AVG
2013-02-21 01:12 . 2013-02-23 17:33	--------	d-----w-	c:\programdata\AVG2013
2013-02-21 01:12 . 2013-02-21 01:12	--------	d-----w-	c:\program files (x86)\AVG
2013-02-21 01:10 . 2013-02-27 18:57	--------	d-----w-	c:\programdata\MFAData
2013-02-21 01:07 . 2013-02-21 01:07	--------	d-----w-	c:\programdata\McAfee
2013-02-21 00:19 . 2013-02-21 00:19	--------	d-----w-	c:\program files\Enigma Software Group
2013-02-21 00:18 . 2013-02-23 17:20	--------	d-----w-	c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-02-21 00:18 . 2013-02-21 00:18	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-02-21 00:11 . 2013-02-23 17:28	--------	d-----w-	c:\users\roger2
2013-02-14 02:02 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:02 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:00 . 2013-01-09 01:19	2312704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-13 17:28 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 17:28 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 17:28 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 17:27 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 17:27 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 17:27 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 17:27 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 17:27 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 17:27 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:27 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 17:27 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:27 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-21 00:12 . 2011-11-04 07:53	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-02-14 02:04 . 2011-12-12 12:39	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 21:47 . 2012-04-04 23:29	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 21:47 . 2011-12-07 09:58	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 04:43 . 2013-02-13 17:27	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 07:07	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 07:07	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 07:07	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 07:07	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-15 04:43 . 2012-12-15 04:43	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-12-15 04:43 . 2012-12-15 04:43	2155344	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-11 22:04 . 2012-12-11 22:04	410984	----a-w-	c:\windows\SysWow64\deploytk.dll
2012-12-11 21:53 . 2012-12-11 21:53	289768	----a-w-	c:\windows\system32\javaws.exe
2012-12-11 21:53 . 2012-12-11 21:53	189416	----a-w-	c:\windows\system32\javaw.exe
2012-12-11 21:53 . 2012-12-11 21:53	188904	----a-w-	c:\windows\system32\java.exe
2012-12-11 21:53 . 2012-12-11 21:53	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-11 21:53 . 2012-12-11 21:30	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-11 21:53 . 2012-12-11 21:30	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-12-11 21:24 . 2012-12-11 21:24	69632	----a-r-	c:\users\Roger's\AppData\Roaming\Microsoft\Installer\{D3EA14DD-1476-4A6F-8A6D-8204BAED6F81}\ARPPRODUCTICON.exe
2012-12-11 21:24 . 2012-12-11 21:24	49152	----a-r-	c:\users\Roger's\AppData\Roaming\Microsoft\Installer\{D3EA14DD-1476-4A6F-8A6D-8204BAED6F81}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2012-12-10 11:01 . 2013-01-24 01:01	19896	----a-w-	c:\windows\system32\roboot64.exe
2012-12-07 13:20 . 2013-01-09 21:09	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 21:09	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 21:09	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 21:09	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 21:09	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 21:09	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 21:09	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 21:09	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 21:09	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 21:09	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 21:09	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 21:09	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 21:09	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 21:09	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 21:09	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 21:09	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 21:09	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 21:09	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 21:09	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 21:09	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 21:09	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 21:09	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 21:09	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 21:09	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 21:09	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 21:09	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 21:09	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 21:09	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 21:09	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 21:09	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 21:09	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 21:09	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 21:08	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 21:08	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 21:08	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 21:08	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 21:08	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 21:08	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 21:08	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 21:08	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 21:08	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 21:08	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22	176936	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-12-27 10:07	87480	----a-w-	c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-26 16:23	1493160	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-03-15 13:57	242384	----a-w-	c:\program files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-08-10 22:54	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll" [2012-03-15 250576]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll" [2011-12-27 87480]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\22580~1.182\{D1538~1\brwmngr.dll c:\windows\SysWOW64\nvinit.dll
.
R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.exe [2012-09-14 1695776]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [2009-08-04 88576]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs51.sys [2009-08-04 129536]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [2009-08-04 10496]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-08 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:47]
.
2013-02-27 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Roger's\AppData\Local\SwvUpdater\Updater.exe [2012-12-11 22:01]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ch/
mDefault_Page_URL = hxxp://www.v9.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=WDCXWD6400BPVT-80HXZT1_WD-WX61E41KT920KT920&ts=1355265935
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=WDCXWD6400BPVT-80HXZT1_WD-WX61E41KT920KT920&ts=1355265935
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
BHO-{11111111-1111-1111-1111-110011501160} - c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-27  23:31:26
ComboFix-quarantined-files.txt  2013-02-27 22:31
ComboFix2.txt  2013-02-22 19:54
.
Vor Suchlauf: 15 Verzeichnis(se), 203'525'689'344 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 203'444'764'672 Bytes frei
.
- - End Of File - - AD7765F6386C0F6ADA62CB021EB7B2F5

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.02.2013 23:38:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Roger's\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 45,17% Memory free
7,83 Gb Paging File | 5,44 Gb Available in Paging File | 69,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 189,56 Gb Free Space | 79,49% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 332,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: ROGERS-PC | User Name: Roger's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42F97EE2-CF2F-41EC-8492-406395B00CC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{507FBC5E-F209-4EA6-BCFF-66E760F4D36B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{547EB268-C4A4-4BFA-BEF3-A007898DD9A3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{63039CB2-AFB9-4E58-AE83-04C750ED2BF5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6BEC7B47-EFFD-4C1F-9842-820DC808BC5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{81630F7D-0648-46FC-B6A5-30A1E4FD6AA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{82430767-4464-4A85-83BD-F02CFBAB2067}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{84433040-ECC3-4EDE-9898-F14021804295}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8788FD41-A789-417D-A802-B935AB2EA375}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C95AFCE-F3E2-4932-8B27-BAA3AE8ADDA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{A87E3891-F5D1-4746-B813-318D60A0BABC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C95789EF-95D9-407B-8FFC-0335F2912920}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D0CC7E72-2B52-4CA0-8F05-C7F4789E2563}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D185ED86-F118-4C53-853A-EAA09181C96A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D5521045-F031-45EF-A232-38716A021EFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D818B796-B87C-4DED-94EB-2239FE250711}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DD6124C2-81A9-4862-AF67-DA4F19C3EDCA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DE4F55F0-299B-4B40-AB5F-B3DA75C0C0A6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DED19396-718F-43BE-8C8A-535F8500AEC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F4F7B55C-2FC5-4841-B551-46A73F803903}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F8A12923-779E-488F-B859-2C58DF7AA179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA40DDE4-89AB-4BFE-9032-ABCE735B9F84}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01662084-E932-4527-AF1F-7A74F53A7767}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{070B7B6F-520E-431A-BBB9-3A813B61A20D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{09DD3F6E-BBC0-476C-A1B6-56C951FD098C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{14C05EC1-47F4-46D1-9995-4FD7345A0864}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{1C9EED8A-4DC4-4189-8599-4DAA7F4FAEF7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{22CFD7B2-E0C1-4602-9190-E67D7F23C8E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2C5B5A9A-E747-472C-BD37-5B3777B5422E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34346C1E-1A9B-4BFE-9806-F9380987926C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3AE129F1-0F17-4FCA-8787-9730CE2FFFBD}" = protocol=17 | dir=in | app=c:\program files (x86)\morpheus pro\morpheus pro.exe | 
"{4D457026-2550-4465-BE72-20B56A5985C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4FA62EF4-CDCD-4F56-A3F9-AC09954123E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5BF6A312-433A-4EC8-BC8D-C985FFE5C654}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{5F1A4247-332E-465C-8BA9-5357EE575CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{5FC78BD3-A5AF-4BED-991A-65CC07E18640}" = protocol=6 | dir=in | app=c:\program files (x86)\morpheus pro\morpheus pro.exe | 
"{6242FFDD-51E4-4605-B7E7-7CFB4B76522A}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\asus lifeframe3\lifeframe.exe | 
"{71928264-E346-47AB-A196-791691FB9C59}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{865887CF-57FD-4942-B4D5-66B6AFFBDA41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{932F6C6D-F1FB-4CA9-B5B0-1ACBEDC6AB23}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\asus lifeframe3\lifeframe.exe | 
"{A280277A-01E6-4FCC-9E1D-A8D83B5C56BF}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{A602F54E-375B-4BD9-8F79-0D7684AA2F73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4E99A65-289B-455B-AA0F-3AD423AF8B9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D34B6E01-81FC-4DB1-9EB3-4F6EFF593BA7}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{D792F8C6-470A-4937-9764-62119A2C7AF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{E475DFB7-ED3F-4B63-A9EF-4EA55C552C1C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{E4F5CC8B-B899-42D3-A186-639F1E96CCB9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{F2C3C3CF-0099-43EC-B863-8B1D0CB2E6C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC34060D-6001-4E1D-A70E-7608BFF85268}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"TCP Query User{37B94F52-80AC-4A12-B3C5-31A6DD072F68}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"TCP Query User{650D63B1-0B73-4CC4-849B-C45739B53F71}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{8DEF17E2-1481-4372-935C-293BBB853FE0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{CBF364BD-E917-48AE-A21B-F3000D78CFF1}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{450FBA92-9A20-4B95-B590-34D9CD25A87C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{6358C852-727A-4C88-85E4-B631F2F654CB}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{B796DA02-2BAC-4398-8A62-1EC879B61A6F}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"UDP Query User{B7B0DC43-CAFF-4E86-972C-ADB2C7C31339}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"AVG" = AVG 2013
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3EA14DD-1476-4A6F-8A6D-8204BAED6F81}" = Qtrax Player
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ares" = Ares 2.1.9
"Asus Vibe2.0" = AsusVibe2.0
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"Bookworm Deluxe" = Bookworm Deluxe
"Briz MP3 Splitter_is1" = Briz MP3 Splitter
"BrowserCompanion" = BrowserCompanion
"conduitEngine" = Conduit Engine 
"Cooking Dash" = Cooking Dash
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Mahjongg dimensions" = Mahjongg dimensions
"mediabarbs" = Wincore Mediabar
"Morpheus PRO" = Morpheus PRO
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars" = PokerStars
"Savings Sidekick" = Savings Sidekick
"Softonic" = Softonic toolbar  on IE and Chrome
"Wincore MediaBar" = Wincore MediaBar
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1786730147.portal.qtrax.com" = Qtrax Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.02.2013 14:19:10 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1010  Startzeit der fehlerhaften Anwendung: 0x01ce06f1edba1a77  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 327d135a-72e5-11e2-bd6b-14dae934b4ef
 
Error - 11.02.2013 06:03:19 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAVBg64.exe, Version: 1.0.0.61, Zeitstempel:
 0x4d6ca630  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xfa0  Startzeit der fehlerhaften Anwendung: 0x01ce083f028fe1a0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe  Pfad des 
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 4251a0be-7432-11e2-89b5-14dae934b4ef
 
Error - 11.02.2013 06:03:30 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0xb20  Startzeit der fehlerhaften Anwendung: 0x01ce083f02a08b42  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 490db711-7432-11e2-89b5-14dae934b4ef
 
Error - 11.02.2013 10:15:19 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x11c4  Startzeit der fehlerhaften Anwendung: 0x01ce0862312c74ce  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 767306b8-7455-11e2-84e7-14dae934b4ef
 
Error - 11.02.2013 15:32:02 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1028  Startzeit der fehlerhaften Anwendung: 0x01ce088e6f317226  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 b5308146-7481-11e2-8623-14dae934b4ef
 
Error - 12.02.2013 10:41:22 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1098  Startzeit der fehlerhaften Anwendung: 0x01ce092efdb576f8  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 4456f140-7522-11e2-98f3-14dae934b4ef
 
Error - 12.02.2013 19:54:13 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1054  Startzeit der fehlerhaften Anwendung: 0x01ce097c396fe76d  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 7feefd1a-756f-11e2-8654-14dae934b4ef
 
Error - 13.02.2013 13:21:15 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: evcyu.exe, Version: 0.0.0.0, Zeitstempel:
 0x3e67fd0f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00243aa6  ID des fehlerhaften Prozesses:
 0xf7c  Startzeit der fehlerhaften Anwendung: 0x01ce0a0e85928455  Pfad der fehlerhaften
 Anwendung: C:\Users\Roger's\AppData\Roaming\Ilet\evcyu.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: c4ca0a3b-7601-11e2-9a1f-14dae934b4ef
 
Error - 13.02.2013 13:21:24 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x788  Startzeit der fehlerhaften Anwendung: 0x01ce0a0e858dc194  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 ca83e212-7601-11e2-9a1f-14dae934b4ef
 
Error - 16.02.2013 13:12:51 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ETDCtrl.exe, Version: 8.2.0.17, Zeitstempel:
 0x4cff9418  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xf4c  Startzeit der fehlerhaften Anwendung: 0x01ce0c68d861463f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Elantech\ETDCtrl.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 1786a608-785c-11e2-87cf-14dae934b4ef
 
Error - 18.02.2013 11:47:02 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b826c0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x1790  Startzeit der fehlerhaften Anwendung: 0x01ce0def305dafb0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\conhost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6f5bfc7b-79e2-11e2-8c90-14dae934b4ef
 
Error - 18.02.2013 16:49:20 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IntlDPST.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf60fa4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xf7c  Startzeit der fehlerhaften Anwendung: 0x01ce0e196c932498  Pfad der
 fehlerhaften Anwendung: C:\Program Files\P4G\IntlDPST.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: aa8042c1-7a0c-11e2-8595-14dae934b4ef
 
Error - 18.02.2013 16:49:20 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAVCpl64.exe, Version: 1.0.0.648,
 Zeitstempel: 0x4d70c6b5  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xb04  Startzeit der fehlerhaften Anwendung: 0x01ce0e196d0e8e66
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: aacf9b49-7a0c-11e2-8595-14dae934b4ef
 
Error - 19.02.2013 11:37:37 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ETDCtrl.exe, Version: 8.2.0.17, Zeitstempel:
 0x4cff9418  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xe7c  Startzeit der fehlerhaften Anwendung: 0x01ce0eb7098b6407  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Elantech\ETDCtrl.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 49379780-7aaa-11e2-9870-14dae934b4ef
 
[ Media Center Events ]
Error - 14.12.2012 23:42:04 | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 04:42:04 - Fehler beim Herstellen der Internetverbindung.  04:42:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.12.2012 23:42:38 | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 04:42:33 - Fehler beim Herstellen der Internetverbindung.  04:42:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 27.02.2013 13:12:54 | Computer Name = Rogers-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 27.02.2013 13:12:54 | Computer Name = Rogers-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 27.02.2013 13:12:54 | Computer Name = Rogers-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 27.02.2013 13:12:54 | Computer Name = Rogers-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 27.02.2013 15:37:59 | Computer Name = Rogers-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.02.2013 15:37:59 | Computer Name = Rogers-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.02.2013 16:20:25 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 27.02.2013 16:24:09 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AVGIDSAgent" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 27.02.2013 16:24:52 | Computer Name = Rogers-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.02.2013 18:29:14 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >

--- --- ---

blitter · 27.02.2013, 23:48

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.02.2013 23:38:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Roger's\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 45,17% Memory free
7,83 Gb Paging File | 5,44 Gb Available in Paging File | 69,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 189,56 Gb Free Space | 79,49% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 332,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: ROGERS-PC | User Name: Roger's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Roger's\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (GTUHSNDISIPXP) -- C:\Windows\SysNative\drivers\gtuhs51.sys (Option N.V.)
DRV:64bit: - (GTUHSBUS) -- C:\Windows\SysNative\drivers\gtuhsbus.sys (Option N.V.)
DRV:64bit: - (GTUHSSER) -- C:\Windows\SysNative\drivers\gtuhsser.sys (Option N.V.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 Tapak Portal - My Homepage - navigasi terbaik dan paling lengkap laman Malaysia!
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = V9 Tapak Portal - My Homepage - navigasi terbaik dan paling lengkap laman Malaysia!
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1269415
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\..\SearchScopes\{31001097-1475-4FE7-9499-3D7460C843DE}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = V9 Tapak Portal - My Homepage - navigasi terbaik dan paling lengkap laman Malaysia!
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\FirefoxExtension [2013.02.23 18:16:09 | 000,000,000 | ---D | M]
 
[2012.12.11 23:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger's\AppData\Roaming\mozilla\Extensions
[2012.12.11 23:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger's\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.04.16 05:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: V9 Tapak Portal - My Homepage - navigasi terbaik dan paling lengkap laman Malaysia!
 
O1 HOSTS File: ([2013.02.27 23:29:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll File not found
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll File not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL (MusicLab, LLC)
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-3931549216-3586652-775275838-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3931549216-3586652-775275838-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3931549216-3586652-775275838-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3931549216-3586652-775275838-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3931549216-3586652-775275838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3931549216-3586652-775275838-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C71DCB0-A8BD-4DEE-A639-0B48EE1EDA79}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98C6314D-01C3-49B1-9CE9-F0F6B7998563}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll File not found
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll File not found
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll (MusicLab, LLC)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\22580~1.182\{D1538~1\brwmngr.dll) - c:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.dll ()
O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.21 01:19:41 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.27 23:37:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Roger's\Desktop\OTL.exe
[2013.02.27 23:31:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.27 20:53:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.27 20:53:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.27 20:53:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.27 20:51:57 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Roger's\Desktop\ComboFix.exe
[2013.02.23 18:36:47 | 000,000,000 | ---D | C] -- C:\Users\Roger's\AppData\Roaming\AVG2013
[2013.02.23 18:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.02.23 18:28:19 | 000,000,000 | ---D | C] -- C:\Users\Roger's\AppData\Local\MFAData
[2013.02.22 19:57:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.22 19:57:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.22 18:27:11 | 000,000,000 | ---D | C] -- C:\FRST
[2013.02.21 17:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.02.21 05:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.21 04:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2013.02.21 02:50:42 | 000,000,000 | ---D | C] -- C:\Users\Roger's\AppData\Local\Avg2013
[2013.02.21 02:12:50 | 000,000,000 | ---D | C] -- C:\$AVG
[2013.02.21 02:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.02.21 02:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.02.21 02:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.02.21 02:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.21 01:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.21 01:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.02.20 23:37:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.14 03:01:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 03:01:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 03:01:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 03:01:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 03:01:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 03:01:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 03:01:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 03:01:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 03:00:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 03:00:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 03:00:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 03:00:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 03:00:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 03:00:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 03:00:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 18:28:02 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 18:28:01 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 18:28:01 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 18:27:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 18:27:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 18:27:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 18:27:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 18:27:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 18:27:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 18:27:56 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.27 23:37:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roger's\Desktop\OTL.exe
[2013.02.27 23:29:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.27 23:27:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.27 23:27:57 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.27 22:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.27 20:52:38 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Roger's\Desktop\ComboFix.exe
[2013.02.27 20:48:17 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013.02.27 20:18:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.27 18:12:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 18:12:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 18:05:07 | 3152,142,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.26 19:39:31 | 001,531,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.26 19:39:31 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.26 19:39:31 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 19:39:31 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.26 19:39:31 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.24 21:50:47 | 000,002,316 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.02.24 21:50:35 | 000,001,260 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.02.23 18:34:03 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.02.21 01:19:41 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.02.21 01:12:13 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.02.21 00:37:31 | 000,000,004 | ---- | M] () -- C:\Users\Roger's\AppData\Roaming\skype.ini
[2013.02.20 17:27:30 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2013.02.14 17:51:35 | 000,278,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 03:07:05 | 000,000,215 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.27 20:53:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.27 20:53:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.27 20:53:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.27 20:53:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.27 20:53:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.23 18:34:03 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.02.21 01:19:41 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.02.20 17:27:30 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2013.02.20 17:07:09 | 000,000,004 | ---- | C] () -- C:\Users\Roger's\AppData\Roaming\skype.ini
[2013.02.14 03:07:05 | 000,000,215 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012.09.23 19:53:59 | 000,001,076 | ---- | C] () -- C:\Users\Roger's\Musik - Verknüpfung.lnk
[2012.07.21 18:27:08 | 000,003,584 | ---- | C] () -- C:\Users\Roger's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.04 18:42:41 | 008,766,626 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.23 08:38:08 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.07.23 08:38:06 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.07.23 08:38:06 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.07.23 08:31:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 04:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 04:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 04:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.04 11:12:59 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\ASUS WebStorage
[2013.02.26 19:41:42 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Audacity
[2013.02.23 18:36:47 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\AVG2013
[2013.02.08 18:26:07 | 000,000,000 | -H-D | M] -- C:\Users\Roger's\AppData\Roaming\B7284D8B
[2013.02.23 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\BrowserCompanion
[2012.09.14 22:11:57 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\DVDVideoSoft
[2013.02.23 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Ilet
[2011.11.11 23:18:32 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Morpheus PRO
[2012.07.21 18:24:24 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\MusicNet
[2011.11.04 18:36:19 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Nuance
[2013.02.23 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\OpenCandy
[2013.02.27 18:42:55 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\SoftGrid Client
[2013.01.25 19:06:00 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Systweak
[2011.11.04 18:43:30 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\TP
[2012.09.14 21:58:12 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\TuneUp Software
[2011.11.24 16:46:14 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Windows Live Writer
[2013.02.11 15:22:24 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Xoeq
[2013.02.23 18:09:12 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Zeon
[2013.02.21 02:13:07 | 000,000,000 | ---D | M] -- C:\Users\roger2\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >

--- --- ---

so das hab ich nochmals gemacht und das internet funktioniert auch immer noch zumindest...

was muss nun noch gemacht werden? ich hab im forum noch gelesen dass mein laptop jetzt jenachdem für die virenprogrammierer jetzt als ''zombie-PC'' arbeiten könnte je nach schlimme der Version..
ist meine version so eine?
Vielen Dank für deine Hilfe.

chherrrss

aharonov · 28.02.2013, 00:10

Salü,

Zitat:

ist meine version so eine?

Nein, alles halb so wild.
Ich geb dir wie immer eine neue Liste mit. Wir sollten aber bald fertig sein.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
[2013.02.11 15:22:24 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Xoeq
[2013.02.23 18:09:12 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Zeon
[2013.02.23 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\OpenCandy
[2013.02.08 18:26:07 | 000,000,000 | -H-D | M] -- C:\Users\Roger's\AppData\Roaming\B7284D8B
[2013.02.23 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Ilet
[2013.02.20 17:07:09 | 000,000,004 | ---- | C] () -- C:\Users\Roger's\AppData\Roaming\skype.ini
[2013.02.21 01:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.21 01:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

:files
c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von AdwCleaner
Log von OTL

blitter · 28.02.2013, 02:05

All processes killed
========== OTL ==========
C:\Users\Roger's\AppData\Roaming\Xoeq folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Zeon\DocuCom\PDF Plus\SearchIndexData folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Zeon\DocuCom\PDF Plus\Redaction\ENU folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Zeon\DocuCom\PDF Plus\Redaction folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Zeon\DocuCom\PDF Plus\Preferences\Security folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Zeon\DocuCom\PDF Plus\Preferences folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Zeon\DocuCom\PDF Plus\Log folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Zeon\DocuCom\PDF Plus folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Zeon\DocuCom folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Zeon folder moved successfully.
C:\Users\Roger's\AppData\Roaming\OpenCandy\CB22EFD799D5420494EFAA9F0F4A3DB6 folder moved successfully.
C:\Users\Roger's\AppData\Roaming\OpenCandy folder moved successfully.
C:\Users\Roger's\AppData\Roaming\B7284D8B folder moved successfully.
C:\Users\Roger's\AppData\Roaming\Ilet folder moved successfully.
C:\Users\Roger's\AppData\Roaming\skype.ini moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
C:\Program Files (x86)\Common Files\Wise Installation Wizard folder moved successfully.
========== FILES ==========
c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Roger's
->Temp folder emptied: 49154 bytes
->Temporary Internet Files folder emptied: 680914463 bytes
->Java cache emptied: 166558 bytes
->Google Chrome cache emptied: 392777914 bytes
->Flash cache emptied: 8254308 bytes

User: roger2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 221116310 bytes
->Flash cache emptied: 5062 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.243,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02282013_015715

Files\Folders moved on Reboot...
File\Folder C:\Users\Roger's\AppData\Local\Temp\CVHLauncher(2013022718425515AC).log not found!
C:\Users\Roger's\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9VE8Q5LS\empire_goodgamestudios_com[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDNYE957\empire_goodgamestudios_com[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDNYE957\flextag[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDNYE957\flextag[2].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDNYE957\InboxLight[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDNYE957\Messenger[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDNYE957\resourcespreload[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDNYE957\xmlProxy[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDNYE957\xmlProxy[2].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8KH311H\adloader[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8KH311H\ads[6].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8KH311H\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8KH311H\EditMessageLight[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8KH311H\RteFrame_16.2.7221.0222[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5YWE0T7M\131375-trojaner-virus-weisser-bildschirm-gav-3[2].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5YWE0T7M\ads[2].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QBWQ2DX\ads[6].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QBWQ2DX\default[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QBWQ2DX\LocalStorage[1].htm moved successfully.
C:\Users\Roger's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QBWQ2DX\xmlProxy[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.113 - Datei am 28/02/2013 um 02:16:49 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Roger's - ROGERS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Roger's\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Roger's\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [25882 octets] - [22/02/2013 19:14:23]
AdwCleaner[S2].txt - [809 octets] - [28/02/2013 02:16:49]

########## EOF - C:\AdwCleaner[S2].txt - [868 octets] ##########

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.02.2013 02:23:54 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Roger's\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,01% Memory free
7,83 Gb Paging File | 6,02 Gb Available in Paging File | 76,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 190,83 Gb Free Space | 80,02% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 332,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: ROGERS-PC | User Name: Roger's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42F97EE2-CF2F-41EC-8492-406395B00CC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{507FBC5E-F209-4EA6-BCFF-66E760F4D36B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{547EB268-C4A4-4BFA-BEF3-A007898DD9A3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{63039CB2-AFB9-4E58-AE83-04C750ED2BF5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6BEC7B47-EFFD-4C1F-9842-820DC808BC5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{81630F7D-0648-46FC-B6A5-30A1E4FD6AA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{82430767-4464-4A85-83BD-F02CFBAB2067}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{84433040-ECC3-4EDE-9898-F14021804295}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8788FD41-A789-417D-A802-B935AB2EA375}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C95AFCE-F3E2-4932-8B27-BAA3AE8ADDA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{A87E3891-F5D1-4746-B813-318D60A0BABC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C95789EF-95D9-407B-8FFC-0335F2912920}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D0CC7E72-2B52-4CA0-8F05-C7F4789E2563}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D185ED86-F118-4C53-853A-EAA09181C96A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D5521045-F031-45EF-A232-38716A021EFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D818B796-B87C-4DED-94EB-2239FE250711}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DD6124C2-81A9-4862-AF67-DA4F19C3EDCA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DE4F55F0-299B-4B40-AB5F-B3DA75C0C0A6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DED19396-718F-43BE-8C8A-535F8500AEC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F4F7B55C-2FC5-4841-B551-46A73F803903}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F8A12923-779E-488F-B859-2C58DF7AA179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA40DDE4-89AB-4BFE-9032-ABCE735B9F84}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01662084-E932-4527-AF1F-7A74F53A7767}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{070B7B6F-520E-431A-BBB9-3A813B61A20D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{09DD3F6E-BBC0-476C-A1B6-56C951FD098C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{14C05EC1-47F4-46D1-9995-4FD7345A0864}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{1C9EED8A-4DC4-4189-8599-4DAA7F4FAEF7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{22CFD7B2-E0C1-4602-9190-E67D7F23C8E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2C5B5A9A-E747-472C-BD37-5B3777B5422E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34346C1E-1A9B-4BFE-9806-F9380987926C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3AE129F1-0F17-4FCA-8787-9730CE2FFFBD}" = protocol=17 | dir=in | app=c:\program files (x86)\morpheus pro\morpheus pro.exe | 
"{4D457026-2550-4465-BE72-20B56A5985C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4FA62EF4-CDCD-4F56-A3F9-AC09954123E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5BF6A312-433A-4EC8-BC8D-C985FFE5C654}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{5F1A4247-332E-465C-8BA9-5357EE575CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{5FC78BD3-A5AF-4BED-991A-65CC07E18640}" = protocol=6 | dir=in | app=c:\program files (x86)\morpheus pro\morpheus pro.exe | 
"{6242FFDD-51E4-4605-B7E7-7CFB4B76522A}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\asus lifeframe3\lifeframe.exe | 
"{71928264-E346-47AB-A196-791691FB9C59}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{865887CF-57FD-4942-B4D5-66B6AFFBDA41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{932F6C6D-F1FB-4CA9-B5B0-1ACBEDC6AB23}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\asus lifeframe3\lifeframe.exe | 
"{A280277A-01E6-4FCC-9E1D-A8D83B5C56BF}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{A602F54E-375B-4BD9-8F79-0D7684AA2F73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4E99A65-289B-455B-AA0F-3AD423AF8B9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D34B6E01-81FC-4DB1-9EB3-4F6EFF593BA7}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{D792F8C6-470A-4937-9764-62119A2C7AF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{E475DFB7-ED3F-4B63-A9EF-4EA55C552C1C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{E4F5CC8B-B899-42D3-A186-639F1E96CCB9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{F2C3C3CF-0099-43EC-B863-8B1D0CB2E6C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC34060D-6001-4E1D-A70E-7608BFF85268}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"TCP Query User{37B94F52-80AC-4A12-B3C5-31A6DD072F68}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"TCP Query User{650D63B1-0B73-4CC4-849B-C45739B53F71}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{8DEF17E2-1481-4372-935C-293BBB853FE0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{CBF364BD-E917-48AE-A21B-F3000D78CFF1}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{450FBA92-9A20-4B95-B590-34D9CD25A87C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{6358C852-727A-4C88-85E4-B631F2F654CB}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{B796DA02-2BAC-4398-8A62-1EC879B61A6F}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"UDP Query User{B7B0DC43-CAFF-4E86-972C-ADB2C7C31339}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"AVG" = AVG 2013
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3EA14DD-1476-4A6F-8A6D-8204BAED6F81}" = Qtrax Player
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ares" = Ares 2.1.9
"Asus Vibe2.0" = AsusVibe2.0
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Mahjongg dimensions" = Mahjongg dimensions
"mediabarbs" = Wincore Mediabar
"Morpheus PRO" = Morpheus PRO
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars" = PokerStars
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1786730147.portal.qtrax.com" = Qtrax Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2013 10:15:19 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x11c4  Startzeit der fehlerhaften Anwendung: 0x01ce0862312c74ce  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 767306b8-7455-11e2-84e7-14dae934b4ef
 
Error - 11.02.2013 15:32:02 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1028  Startzeit der fehlerhaften Anwendung: 0x01ce088e6f317226  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 b5308146-7481-11e2-8623-14dae934b4ef
 
Error - 12.02.2013 10:41:22 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1098  Startzeit der fehlerhaften Anwendung: 0x01ce092efdb576f8  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 4456f140-7522-11e2-98f3-14dae934b4ef
 
Error - 12.02.2013 19:54:13 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1054  Startzeit der fehlerhaften Anwendung: 0x01ce097c396fe76d  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 7feefd1a-756f-11e2-8654-14dae934b4ef
 
Error - 13.02.2013 13:21:15 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: evcyu.exe, Version: 0.0.0.0, Zeitstempel:
 0x3e67fd0f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00243aa6  ID des fehlerhaften Prozesses:
 0xf7c  Startzeit der fehlerhaften Anwendung: 0x01ce0a0e85928455  Pfad der fehlerhaften
 Anwendung: C:\Users\Roger's\AppData\Roaming\Ilet\evcyu.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: c4ca0a3b-7601-11e2-9a1f-14dae934b4ef
 
Error - 13.02.2013 13:21:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x788  Startzeit der fehlerhaften Anwendung: 0x01ce0a0e858dc194  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 ca83e212-7601-11e2-9a1f-14dae934b4ef
 
Error - 16.02.2013 13:12:51 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ETDCtrl.exe, Version: 8.2.0.17, Zeitstempel:
 0x4cff9418  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xf4c  Startzeit der fehlerhaften Anwendung: 0x01ce0c68d861463f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Elantech\ETDCtrl.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 1786a608-785c-11e2-87cf-14dae934b4ef
 
Error - 18.02.2013 11:47:02 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b826c0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x1790  Startzeit der fehlerhaften Anwendung: 0x01ce0def305dafb0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\conhost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6f5bfc7b-79e2-11e2-8c90-14dae934b4ef
 
Error - 18.02.2013 16:49:20 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IntlDPST.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf60fa4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xf7c  Startzeit der fehlerhaften Anwendung: 0x01ce0e196c932498  Pfad der
 fehlerhaften Anwendung: C:\Program Files\P4G\IntlDPST.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: aa8042c1-7a0c-11e2-8595-14dae934b4ef
 
Error - 18.02.2013 16:49:20 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAVCpl64.exe, Version: 1.0.0.648,
 Zeitstempel: 0x4d70c6b5  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xb04  Startzeit der fehlerhaften Anwendung: 0x01ce0e196d0e8e66
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: aacf9b49-7a0c-11e2-8595-14dae934b4ef
 
Error - 19.02.2013 11:37:37 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ETDCtrl.exe, Version: 8.2.0.17, Zeitstempel:
 0x4cff9418  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xe7c  Startzeit der fehlerhaften Anwendung: 0x01ce0eb7098b6407  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Elantech\ETDCtrl.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 49379780-7aaa-11e2-9870-14dae934b4ef
 
Error - 20.02.2013 15:31:51 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeb033f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000127e
ID
 des fehlerhaften Prozesses: 0x93c  Startzeit der fehlerhaften Anwendung: 0x01ce0fa0e7c41799
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\msvcrt.dll  Berichtskennung: 2c7468f9-7b94-11e2-8632-14dae934b4ef
 
Error - 20.02.2013 15:41:11 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000420  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x160  Startzeit der fehlerhaften Anwendung: 0x01ce0fa2368d6933
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7a5303c7-7b95-11e2-b126-14dae934b4ef
 
Error - 20.02.2013 18:39:43 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: uiSeAgnt.exe, Version: 1.5.0.1366,
 Zeitstempel: 0x4d53d4cb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xe28  Startzeit der fehlerhaften Anwendung: 0x01ce0fbb28c0c35a
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6abfc0bc-7bae-11e2-83eb-14dae934b4ef
 
[ Media Center Events ]
Error - 14.12.2012 23:42:04 | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 04:42:04 - Fehler beim Herstellen der Internetverbindung.  04:42:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.12.2012 23:42:38 | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 04:42:33 - Fehler beim Herstellen der Internetverbindung.  04:42:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 27.02.2013 21:08:44 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 27.02.2013 21:08:54 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.02.2013 21:10:55 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 27.02.2013 21:10:55 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 27.02.2013 21:17:11 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 27.02.2013 21:18:15 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 27.02.2013 21:18:20 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 27.02.2013 21:18:29 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.02.2013 21:20:31 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 27.02.2013 21:20:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.02.2013 02:23:54 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Roger's\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,01% Memory free
7,83 Gb Paging File | 6,02 Gb Available in Paging File | 76,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 190,83 Gb Free Space | 80,02% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 332,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: ROGERS-PC | User Name: Roger's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42F97EE2-CF2F-41EC-8492-406395B00CC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{507FBC5E-F209-4EA6-BCFF-66E760F4D36B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{547EB268-C4A4-4BFA-BEF3-A007898DD9A3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{63039CB2-AFB9-4E58-AE83-04C750ED2BF5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6BEC7B47-EFFD-4C1F-9842-820DC808BC5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{81630F7D-0648-46FC-B6A5-30A1E4FD6AA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{82430767-4464-4A85-83BD-F02CFBAB2067}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{84433040-ECC3-4EDE-9898-F14021804295}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8788FD41-A789-417D-A802-B935AB2EA375}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C95AFCE-F3E2-4932-8B27-BAA3AE8ADDA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{A87E3891-F5D1-4746-B813-318D60A0BABC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C95789EF-95D9-407B-8FFC-0335F2912920}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D0CC7E72-2B52-4CA0-8F05-C7F4789E2563}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D185ED86-F118-4C53-853A-EAA09181C96A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D5521045-F031-45EF-A232-38716A021EFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D818B796-B87C-4DED-94EB-2239FE250711}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DD6124C2-81A9-4862-AF67-DA4F19C3EDCA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DE4F55F0-299B-4B40-AB5F-B3DA75C0C0A6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DED19396-718F-43BE-8C8A-535F8500AEC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F4F7B55C-2FC5-4841-B551-46A73F803903}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F8A12923-779E-488F-B859-2C58DF7AA179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA40DDE4-89AB-4BFE-9032-ABCE735B9F84}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01662084-E932-4527-AF1F-7A74F53A7767}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{070B7B6F-520E-431A-BBB9-3A813B61A20D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{09DD3F6E-BBC0-476C-A1B6-56C951FD098C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{14C05EC1-47F4-46D1-9995-4FD7345A0864}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{1C9EED8A-4DC4-4189-8599-4DAA7F4FAEF7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{22CFD7B2-E0C1-4602-9190-E67D7F23C8E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2C5B5A9A-E747-472C-BD37-5B3777B5422E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34346C1E-1A9B-4BFE-9806-F9380987926C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3AE129F1-0F17-4FCA-8787-9730CE2FFFBD}" = protocol=17 | dir=in | app=c:\program files (x86)\morpheus pro\morpheus pro.exe | 
"{4D457026-2550-4465-BE72-20B56A5985C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4FA62EF4-CDCD-4F56-A3F9-AC09954123E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5BF6A312-433A-4EC8-BC8D-C985FFE5C654}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{5F1A4247-332E-465C-8BA9-5357EE575CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{5FC78BD3-A5AF-4BED-991A-65CC07E18640}" = protocol=6 | dir=in | app=c:\program files (x86)\morpheus pro\morpheus pro.exe | 
"{6242FFDD-51E4-4605-B7E7-7CFB4B76522A}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\asus lifeframe3\lifeframe.exe | 
"{71928264-E346-47AB-A196-791691FB9C59}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{865887CF-57FD-4942-B4D5-66B6AFFBDA41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{932F6C6D-F1FB-4CA9-B5B0-1ACBEDC6AB23}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\asus lifeframe3\lifeframe.exe | 
"{A280277A-01E6-4FCC-9E1D-A8D83B5C56BF}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{A602F54E-375B-4BD9-8F79-0D7684AA2F73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4E99A65-289B-455B-AA0F-3AD423AF8B9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D34B6E01-81FC-4DB1-9EB3-4F6EFF593BA7}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{D792F8C6-470A-4937-9764-62119A2C7AF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{E475DFB7-ED3F-4B63-A9EF-4EA55C552C1C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{E4F5CC8B-B899-42D3-A186-639F1E96CCB9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{F2C3C3CF-0099-43EC-B863-8B1D0CB2E6C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC34060D-6001-4E1D-A70E-7608BFF85268}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"TCP Query User{37B94F52-80AC-4A12-B3C5-31A6DD072F68}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"TCP Query User{650D63B1-0B73-4CC4-849B-C45739B53F71}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{8DEF17E2-1481-4372-935C-293BBB853FE0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{CBF364BD-E917-48AE-A21B-F3000D78CFF1}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{450FBA92-9A20-4B95-B590-34D9CD25A87C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{6358C852-727A-4C88-85E4-B631F2F654CB}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{B796DA02-2BAC-4398-8A62-1EC879B61A6F}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"UDP Query User{B7B0DC43-CAFF-4E86-972C-ADB2C7C31339}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"AVG" = AVG 2013
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3EA14DD-1476-4A6F-8A6D-8204BAED6F81}" = Qtrax Player
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ares" = Ares 2.1.9
"Asus Vibe2.0" = AsusVibe2.0
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Mahjongg dimensions" = Mahjongg dimensions
"mediabarbs" = Wincore Mediabar
"Morpheus PRO" = Morpheus PRO
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars" = PokerStars
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1786730147.portal.qtrax.com" = Qtrax Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2013 10:15:19 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x11c4  Startzeit der fehlerhaften Anwendung: 0x01ce0862312c74ce  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 767306b8-7455-11e2-84e7-14dae934b4ef
 
Error - 11.02.2013 15:32:02 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1028  Startzeit der fehlerhaften Anwendung: 0x01ce088e6f317226  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 b5308146-7481-11e2-8623-14dae934b4ef
 
Error - 12.02.2013 10:41:22 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1098  Startzeit der fehlerhaften Anwendung: 0x01ce092efdb576f8  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 4456f140-7522-11e2-98f3-14dae934b4ef
 
Error - 12.02.2013 19:54:13 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x1054  Startzeit der fehlerhaften Anwendung: 0x01ce097c396fe76d  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 7feefd1a-756f-11e2-8654-14dae934b4ef
 
Error - 13.02.2013 13:21:15 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: evcyu.exe, Version: 0.0.0.0, Zeitstempel:
 0x3e67fd0f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00243aa6  ID des fehlerhaften Prozesses:
 0xf7c  Startzeit der fehlerhaften Anwendung: 0x01ce0a0e85928455  Pfad der fehlerhaften
 Anwendung: C:\Users\Roger's\AppData\Roaming\Ilet\evcyu.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: c4ca0a3b-7601-11e2-9a1f-14dae934b4ef
 
Error - 13.02.2013 13:21:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Name des fehlerhaften Moduls: KB00631749.exe, Version: 11.0.5510.0,
 Zeitstempel: 0x510f7121  Ausnahmecode: 0x80000003  Fehleroffset: 0x00001c5a  ID des fehlerhaften
 Prozesses: 0x788  Startzeit der fehlerhaften Anwendung: 0x01ce0a0e858dc194  Pfad der
 fehlerhaften Anwendung: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Roger's\AppData\Roaming\KB00631749.exe  Berichtskennung:
 ca83e212-7601-11e2-9a1f-14dae934b4ef
 
Error - 16.02.2013 13:12:51 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ETDCtrl.exe, Version: 8.2.0.17, Zeitstempel:
 0x4cff9418  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xf4c  Startzeit der fehlerhaften Anwendung: 0x01ce0c68d861463f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Elantech\ETDCtrl.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 1786a608-785c-11e2-87cf-14dae934b4ef
 
Error - 18.02.2013 11:47:02 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b826c0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x1790  Startzeit der fehlerhaften Anwendung: 0x01ce0def305dafb0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\conhost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6f5bfc7b-79e2-11e2-8c90-14dae934b4ef
 
Error - 18.02.2013 16:49:20 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IntlDPST.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cf60fa4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xf7c  Startzeit der fehlerhaften Anwendung: 0x01ce0e196c932498  Pfad der
 fehlerhaften Anwendung: C:\Program Files\P4G\IntlDPST.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: aa8042c1-7a0c-11e2-8595-14dae934b4ef
 
Error - 18.02.2013 16:49:20 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAVCpl64.exe, Version: 1.0.0.648,
 Zeitstempel: 0x4d70c6b5  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xb04  Startzeit der fehlerhaften Anwendung: 0x01ce0e196d0e8e66
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: aacf9b49-7a0c-11e2-8595-14dae934b4ef
 
Error - 19.02.2013 11:37:37 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ETDCtrl.exe, Version: 8.2.0.17, Zeitstempel:
 0x4cff9418  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a  ID des fehlerhaften
 Prozesses: 0xe7c  Startzeit der fehlerhaften Anwendung: 0x01ce0eb7098b6407  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Elantech\ETDCtrl.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 49379780-7aaa-11e2-9870-14dae934b4ef
 
Error - 20.02.2013 15:31:51 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeb033f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000000127e
ID
 des fehlerhaften Prozesses: 0x93c  Startzeit der fehlerhaften Anwendung: 0x01ce0fa0e7c41799
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\msvcrt.dll  Berichtskennung: 2c7468f9-7b94-11e2-8632-14dae934b4ef
 
Error - 20.02.2013 15:41:11 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000420  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x160  Startzeit der fehlerhaften Anwendung: 0x01ce0fa2368d6933
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7a5303c7-7b95-11e2-b126-14dae934b4ef
 
Error - 20.02.2013 18:39:43 | Computer Name = Rogers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: uiSeAgnt.exe, Version: 1.5.0.1366,
 Zeitstempel: 0x4d53d4cb  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xe28  Startzeit der fehlerhaften Anwendung: 0x01ce0fbb28c0c35a
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6abfc0bc-7bae-11e2-83eb-14dae934b4ef
 
[ Media Center Events ]
Error - 14.12.2012 23:42:04 | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 04:42:04 - Fehler beim Herstellen der Internetverbindung.  04:42:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.12.2012 23:42:38 | Computer Name = Rogers-PC | Source = MCUpdate | ID = 0
Description = 04:42:33 - Fehler beim Herstellen der Internetverbindung.  04:42:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 27.02.2013 21:08:44 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 27.02.2013 21:08:54 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.02.2013 21:10:55 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 27.02.2013 21:10:55 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 27.02.2013 21:17:11 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 27.02.2013 21:18:15 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 27.02.2013 21:18:20 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 27.02.2013 21:18:29 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.02.2013 21:20:31 | Computer Name = Rogers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 27.02.2013 21:20:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >

--- --- ---

blitter · 28.02.2013, 02:45

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.02.2013 02:40:49 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Roger's\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 58,70% Memory free
7,83 Gb Paging File | 6,11 Gb Available in Paging File | 78,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 190,83 Gb Free Space | 80,02% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 332,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: ROGERS-PC | User Name: Roger's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Roger's\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (GTUHSNDISIPXP) -- C:\Windows\SysNative\drivers\gtuhs51.sys (Option N.V.)
DRV:64bit: - (GTUHSBUS) -- C:\Windows\SysNative\drivers\gtuhsbus.sys (Option N.V.)
DRV:64bit: - (GTUHSSER) -- C:\Windows\SysNative\drivers\gtuhsser.sys (Option N.V.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\..\SearchScopes\{31001097-1475-4FE7-9499-3D7460C843DE}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-3931549216-3586652-775275838-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
 
[2012.12.11 23:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger's\AppData\Roaming\mozilla\Extensions
[2012.12.11 23:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roger's\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.04.16 05:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: V9 Tapak Portal - My Homepage - navigasi terbaik dan paling lengkap laman Malaysia!
 
O1 HOSTS File: ([2013.02.27 23:29:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-3931549216-3586652-775275838-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3931549216-3586652-775275838-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3931549216-3586652-775275838-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3931549216-3586652-775275838-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3931549216-3586652-775275838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3931549216-3586652-775275838-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3931549216-3586652-775275838-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Roger's\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C71DCB0-A8BD-4DEE-A639-0B48EE1EDA79}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98C6314D-01C3-49B1-9CE9-F0F6B7998563}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.21 01:19:41 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 02:39:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Roger's\Desktop\OTL.exe.yygzyae.partial
[2013.02.28 02:22:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Roger's\Desktop\OTL.exe
[2013.02.28 02:00:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.28 01:57:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.27 23:31:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.27 20:53:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.27 20:53:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.27 20:53:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.23 18:36:47 | 000,000,000 | ---D | C] -- C:\Users\Roger's\AppData\Roaming\AVG2013
[2013.02.23 18:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.02.23 18:28:19 | 000,000,000 | ---D | C] -- C:\Users\Roger's\AppData\Local\MFAData
[2013.02.22 19:57:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.22 19:57:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.22 18:27:11 | 000,000,000 | ---D | C] -- C:\FRST
[2013.02.21 17:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.02.21 05:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.21 04:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2013.02.21 02:50:42 | 000,000,000 | ---D | C] -- C:\Users\Roger's\AppData\Local\Avg2013
[2013.02.21 02:12:50 | 000,000,000 | ---D | C] -- C:\$AVG
[2013.02.21 02:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.02.21 02:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.02.21 02:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.02.21 02:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.20 23:37:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.28 02:39:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roger's\Desktop\OTL.exe.yygzyae.partial
[2013.02.28 02:25:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 02:25:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 02:22:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roger's\Desktop\OTL.exe
[2013.02.28 02:18:41 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.02.28 02:18:36 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.28 02:18:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.28 02:18:11 | 3152,142,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.28 02:16:44 | 000,594,019 | ---- | M] () -- C:\Users\Roger's\Desktop\adwcleaner.exe
[2013.02.28 01:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.28 01:18:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.27 23:29:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.26 19:39:31 | 001,531,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.26 19:39:31 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.26 19:39:31 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 19:39:31 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.26 19:39:31 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.24 21:50:47 | 000,002,316 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.02.24 21:50:35 | 000,001,260 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.02.23 18:34:03 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.02.21 01:19:41 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.02.20 17:27:30 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2013.02.14 17:51:35 | 000,278,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 03:07:05 | 000,000,215 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
 
========== Files Created - No Company Name ==========
 
[2013.02.28 02:16:40 | 000,594,019 | ---- | C] () -- C:\Users\Roger's\Desktop\adwcleaner.exe
[2013.02.27 20:53:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.27 20:53:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.27 20:53:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.27 20:53:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.27 20:53:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.23 18:34:03 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.02.21 01:19:41 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.02.20 17:27:30 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2013.02.14 03:07:05 | 000,000,215 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012.09.23 19:53:59 | 000,001,076 | ---- | C] () -- C:\Users\Roger's\Musik - Verknüpfung.lnk
[2012.07.21 18:27:08 | 000,003,584 | ---- | C] () -- C:\Users\Roger's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.04 18:42:41 | 008,766,626 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.23 08:38:08 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.07.23 08:38:06 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.07.23 08:38:06 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.07.23 08:31:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 04:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 04:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 04:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.04 11:12:59 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\ASUS WebStorage
[2013.02.26 19:41:42 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Audacity
[2013.02.23 18:36:47 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\AVG2013
[2012.09.14 22:11:57 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\DVDVideoSoft
[2011.11.11 23:18:32 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Morpheus PRO
[2012.07.21 18:24:24 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\MusicNet
[2011.11.04 18:36:19 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Nuance
[2013.02.28 01:57:16 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\SoftGrid Client
[2013.01.25 19:06:00 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Systweak
[2011.11.04 18:43:30 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\TP
[2012.09.14 21:58:12 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\TuneUp Software
[2011.11.24 16:46:14 | 000,000,000 | ---D | M] -- C:\Users\Roger's\AppData\Roaming\Windows Live Writer
[2013.02.21 02:13:07 | 000,000,000 | ---D | M] -- C:\Users\roger2\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

so alles soweit erledigt, sorry wenn was mehrmals gepostet wurde.. das Internet hat zum teil gehangen..

cheers

aharonov · 28.02.2013, 10:14

Ok, dann haben wir es bald:

Schritt 1

Downloade dir bitte Malwarebytes Anti-Malware .

Installiere das Programm in den vorgegebenen Pfad.
Starte nun Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 2

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 3

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von MBAM
Log von ESET
Log von SecurityCheck

blitter · 28.02.2013, 19:24

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.28.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Roger's :: ROGERS-PC [Administrator]

Schutz: Aktiviert

28.02.2013 19:07:55
mbam-log-2013-02-28 (19-07-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 268558
Laufzeit: 2 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

aharonov · 28.02.2013, 21:07

Gut, noch ESET und SecurityCheck und dann geht's weiter.

25.02.2013, 20:06	#20
aharonov /// TB-Ausbilder	trojaner virus weisser bildschirm GAV Du hast eine Systemwiederherstellung gemacht, darum das Ganze noch einmal. Ich weiss nicht recht, warum das Internet nicht mehr funktioniert hat, aber dem sollten wir nachgehen. Wenn das Internet nach Combofix wieder nicht geht, dann setzt halt noch einmal auf den selben SWH-Punkt zurück, das geht ja schnell. __________________ cheers, Leo

28.02.2013, 21:07	#30
aharonov /// TB-Ausbilder	trojaner virus weisser bildschirm GAV Gut, noch ESET und SecurityCheck und dann geht's weiter. __________________ cheers, Leo

trojaner virus weisser bildschirm GAV

Log-Analyse und Auswertung: trojaner virus weisser bildschirm GAV