|
Plagegeister aller Art und deren Bekämpfung: Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.03.2013, 00:27 | #16 |
| Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Teil 2: Hier noch die Logs von OTL: Code:
ATTFilter OTL logfile created on: 3/13/2013 11:43:43 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aquaria.MariasRechner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.91 Gb Total Physical Memory | 5.85 Gb Available Physical Memory | 74.04% Memory free 15.81 Gb Paging File | 13.63 Gb Available in Paging File | 86.19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 305.67 Gb Total Space | 178.85 Gb Free Space | 58.51% Space Free | Partition Type: NTFS Drive D: | 367.97 Gb Total Space | 355.62 Gb Free Space | 96.64% Space Free | Partition Type: NTFS Computer Name: MARIASRECHNER | User Name: Maria Wohlfarth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Aquaria.MariasRechner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\ASUS.SYS\SIONExportService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Users\Aquaria.MariasRechner\Local Settings\Apps\F.lux\flux.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Users\Aquaria.MariasRechner\Local Settings\Apps\F.lux\flux.exe () ========== Services (SafeList) ========== SRV:64bit: - (secinitd) -- C:\Windows\SysNative\d3dxof64.exe () SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Splashtop MDES) -- C:\ASUS.SYS\SIONExportService.exe (Splashtop Inc.) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - ({73526619-C24F-470B-9BED-53D455FBB5C6}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://asus.msn.com [binary data] IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\..\SearchScopes\{783132D5-473D-4F21-B77C-F2BE8F6B9F22}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://asus.msn.com [binary data] IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://asus.msn.com [binary data] IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\..\SearchScopes\{2EE28B92-C46E-4AB5-BB66-8A7527220737}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.6 FF - prefs.js..extensions.enabledAddons: firejump@firejump.net:1.0.2.5 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012/01/20 00:59:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/29 18:55:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/23 14:11:51 | 000,000,000 | ---D | M] [2011/12/02 23:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria Wohlfarth\AppData\Roaming\mozilla\Extensions [2013/03/13 23:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria Wohlfarth\AppData\Roaming\mozilla\Firefox\Profiles\zbbzeoyu.default\extensions [2013/03/05 00:02:11 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Maria Wohlfarth\AppData\Roaming\mozilla\Firefox\Profiles\zbbzeoyu.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012/11/22 01:12:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Maria Wohlfarth\AppData\Roaming\mozilla\Firefox\Profiles\zbbzeoyu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012/08/11 18:32:02 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Maria Wohlfarth\AppData\Roaming\mozilla\Firefox\Profiles\zbbzeoyu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011/12/02 23:39:53 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Maria Wohlfarth\AppData\Roaming\mozilla\firefox\profiles\zbbzeoyu.default\extensions\personas@christopher.beard.xpi [2013/02/26 02:09:21 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Maria Wohlfarth\AppData\Roaming\mozilla\firefox\profiles\zbbzeoyu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/02/03 21:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\USERS\MARIA WOHLFARTH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZBBZEOYU.DEFAULT\EXTENSIONS\FIREJUMP@FIREJUMP.NET [2012/08/11 18:31:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013/03/03 22:06:32 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/03/03 22:06:32 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/03/03 22:06:32 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013/03/03 22:06:32 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013/02/26 00:16:42 | 000,001,279 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013/03/03 22:06:32 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013/03/13 17:24:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found. O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found. O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found. O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1001..\Run: [F.lux] C:\Users\Maria Wohlfarth\Local Settings\Apps\F.lux\flux.exe () O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1005..\Run: [F.lux] C:\Users\Aquaria.MariasRechner\Local Settings\Apps\F.lux\flux.exe () O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1005..\Run: [sbitunesagent] C:\Program Files (x86)\Philips\Philips Songbird\songbirditunesagent.exe () O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1001..\RunOnce: [Report] \AdwCleaner[S3].txt () O4 - Startup: C:\Users\Aquaria.MariasRechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Maria Wohlfarth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-542383332-4153358020-2719540128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{472526DB-FACF-4C72-8CC4-6BF1B4BA372E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAB72536-28FF-4C93-886C-41FD60ED208B}: DhcpNameServer = 13.5.0.10 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\tmbp - No CLSID value found O18:64bit: - Protocol\Handler\tmpx - No CLSID value found O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\tmbp - No CLSID value found O18 - Protocol\Handler\tmpx - No CLSID value found O18 - Protocol\Handler\tmtbim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/13 22:38:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/03/13 22:38:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/03/13 22:38:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/03/13 22:38:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/03/13 22:38:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/03/13 22:38:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/03/13 22:38:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/03/13 22:38:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/03/13 22:38:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/03/13 22:38:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/03/13 22:38:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/03/13 22:38:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/03/13 22:38:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/03/13 22:38:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/03/13 22:38:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/03/13 22:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013/03/13 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013/03/13 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013/03/13 22:13:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/13 22:13:30 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/13 17:41:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/13 17:28:13 | 000,000,000 | ---D | C] -- C:\Users\Maria Wohlfarth\AppData\Local\temp [2013/03/13 17:12:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/13 17:12:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/13 17:12:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/13 17:12:08 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/03/13 17:12:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/13 17:11:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/05 22:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013/03/05 22:57:30 | 000,000,000 | ---D | C] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013/03/05 13:50:59 | 000,000,000 | ---D | C] -- C:\Users\Maria Wohlfarth\AppData\Local\Programs [2013/03/05 04:43:37 | 002,770,944 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2013/03/05 00:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/03/03 22:06:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013/02/27 03:00:54 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013/02/27 03:00:54 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013/02/27 03:00:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013/02/27 03:00:54 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013/02/27 03:00:50 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013/02/27 03:00:50 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013/02/27 03:00:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 03:00:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 03:00:44 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/02/27 03:00:44 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 03:00:44 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 03:00:44 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 03:00:44 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 03:00:44 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 03:00:44 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 03:00:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/02/27 03:00:43 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/02/27 03:00:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/02/27 03:00:43 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013/02/27 03:00:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 03:00:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 03:00:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 03:00:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 03:00:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 03:00:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 03:00:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/02/27 03:00:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/02/27 03:00:42 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/02/27 03:00:42 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/02/27 03:00:42 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/02/27 03:00:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/02/27 03:00:41 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013/02/27 03:00:41 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/02/27 03:00:41 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013/02/27 03:00:41 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013/02/27 03:00:40 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/02/27 03:00:40 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/02/26 22:15:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.7 [2013/02/26 22:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2013/02/26 22:05:53 | 000,000,000 | ---D | C] -- C:\MediaServer [2013/02/26 22:05:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink [2013/02/26 22:05:49 | 000,000,000 | ---D | C] -- C:\Users\Maria Wohlfarth\AppData\Local\MediaServer [2013/02/26 22:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2013/02/26 22:05:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12 [2013/02/26 21:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2013/02/26 02:10:22 | 000,000,000 | ---D | C] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Wise Disk Cleaner [2013/02/26 02:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner [2013/02/26 02:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise [2013/02/26 00:16:42 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2013/02/26 00:16:42 | 000,000,000 | ---D | C] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Opera [2013/02/13 11:27:04 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 11:26:58 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 11:26:57 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 11:26:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 11:26:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 11:26:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 11:26:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 11:26:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 11:26:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 11:26:40 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/13 23:46:29 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2013/03/13 23:44:01 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/13 23:44:01 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/13 23:35:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/13 23:35:34 | 2072,027,135 | -HS- | M] () -- C:\hiberfil.sys [2013/03/13 23:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/13 22:07:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/03/13 22:07:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/03/13 17:24:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/13 16:04:36 | 008,133,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/13 16:04:36 | 000,706,520 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013/03/13 16:04:36 | 000,705,544 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2013/03/13 16:04:36 | 000,703,282 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013/03/13 16:04:36 | 000,701,198 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013/03/13 16:04:36 | 000,691,432 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2013/03/13 16:04:36 | 000,688,048 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2013/03/13 16:04:36 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/03/13 16:04:36 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/13 16:04:36 | 000,563,860 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2013/03/13 16:04:36 | 000,397,410 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2013/03/13 16:04:36 | 000,365,612 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2013/03/13 16:04:36 | 000,141,234 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2013/03/13 16:04:36 | 000,137,924 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2013/03/13 16:04:36 | 000,137,112 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013/03/13 16:04:36 | 000,136,688 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2013/03/13 16:04:36 | 000,134,312 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013/03/13 16:04:36 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/03/13 16:04:36 | 000,131,316 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013/03/13 16:04:36 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2013/03/13 16:04:36 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/13 16:04:36 | 000,093,608 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2013/03/13 16:04:36 | 000,073,266 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2013/03/09 22:11:19 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013/03/08 17:07:58 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/03/05 23:02:28 | 000,014,979 | ---- | M] () -- C:\Users\Maria Wohlfarth\Documents\hijackthis_01 [2013/03/05 22:57:30 | 000,003,019 | ---- | M] () -- C:\Users\Maria Wohlfarth\Desktop\HiJackThis.lnk [2013/03/05 20:10:09 | 000,071,374 | ---- | M] () -- C:\Users\Maria Wohlfarth\Documents\cc_20130305_200958.reg [2013/03/05 17:26:31 | 000,002,114 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013/03/05 13:54:41 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/26 22:15:50 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink MediaEspresso 6.7.lnk [2013/02/26 22:05:32 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2013/02/26 22:01:34 | 000,063,851 | ---- | M] () -- C:\Users\Maria Wohlfarth\Documents\Lizenzvertrag PowerDVD.xps [2013/02/26 20:51:43 | 000,002,490 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013/02/26 00:16:42 | 000,119,808 | ---- | M] () -- C:\Windows\SysNative\GFilterSvc.exe [2013/02/26 00:16:41 | 000,118,272 | ---- | M] () -- C:\Windows\SysNative\d3dxof64.exe [2013/02/26 00:16:39 | 000,001,496 | ---- | M] () -- C:\Users\Maria Wohlfarth\Desktop\Amazon.lnk [2013/02/14 11:55:47 | 000,385,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/13 17:12:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/13 17:12:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/13 17:12:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/13 17:12:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/13 17:12:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/05 23:02:28 | 000,014,979 | ---- | C] () -- C:\Users\Maria Wohlfarth\Documents\hijackthis_01 [2013/03/05 22:57:30 | 000,003,019 | ---- | C] () -- C:\Users\Maria Wohlfarth\Desktop\HiJackThis.lnk [2013/03/05 20:10:04 | 000,071,374 | ---- | C] () -- C:\Users\Maria Wohlfarth\Documents\cc_20130305_200958.reg [2013/03/05 13:54:41 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/26 22:15:50 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink MediaEspresso 6.7.lnk [2013/02/26 22:05:32 | 000,002,190 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2013/02/26 22:01:32 | 000,063,851 | ---- | C] () -- C:\Users\Maria Wohlfarth\Documents\Lizenzvertrag PowerDVD.xps [2013/02/26 00:16:42 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013/02/26 00:16:42 | 000,119,808 | ---- | C] () -- C:\Windows\SysNative\GFilterSvc.exe [2013/02/26 00:16:41 | 000,118,272 | ---- | C] () -- C:\Windows\SysNative\d3dxof64.exe [2013/02/26 00:16:39 | 000,001,496 | ---- | C] () -- C:\Users\Maria Wohlfarth\Desktop\Amazon.lnk [2012/02/11 21:35:25 | 000,874,396 | ---- | C] () -- C:\Users\Maria Wohlfarth\AppData\Local\census.cache [2012/02/11 21:35:05 | 000,130,524 | ---- | C] () -- C:\Users\Maria Wohlfarth\AppData\Local\ars.cache [2012/02/11 21:22:15 | 000,000,036 | ---- | C] () -- C:\Users\Maria Wohlfarth\AppData\Local\housecall.guid.cache [2012/01/25 19:12:27 | 000,000,043 | ---- | C] () -- C:\Users\Maria Wohlfarth\gsview64.ini [2011/12/03 04:44:11 | 008,232,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/29 02:51:27 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/08/31 19:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/08/31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/08/19 03:33:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011/08/19 03:32:39 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/08/19 03:32:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/05/10 23:55:50 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/12/04 20:56:12 | 000,000,000 | ---D | M] -- C:\Users\Aquaria\AppData\Roaming\ASUS WebStorage [2012/03/21 00:50:54 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals [2012/03/22 03:27:06 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Abra Academy [2012/01/13 20:24:05 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Amazon [2012/01/13 00:41:13 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Artweaver Free [2011/12/10 14:01:18 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\ASUS WebStorage [2012/03/20 16:07:04 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Az-Art [2012/12/03 14:11:11 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Boolat Games [2013/01/18 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Boomzap [2012/01/14 04:14:55 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\DAZ 3D [2012/12/08 19:18:42 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Edraw Mind Map [2012/03/12 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Elephant Games [2012/08/03 14:50:29 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\ERS Game Studios [2012/03/20 11:42:12 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Gogii [2012/04/12 01:35:47 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\gtk-2.0 [2013/03/09 12:14:25 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\inkscape [2012/03/21 00:51:49 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\MA2 [2012/03/26 20:01:41 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Meridian93 [2011/12/21 19:34:09 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\OpenOffice.org [2013/01/04 22:33:09 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Orneon [2012/09/29 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Philips [2012/12/11 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Philips-Songbird [2012/02/12 12:03:17 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Radialpoint [2012/12/29 09:29:23 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Rainbow [2013/03/13 22:34:17 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\SoftGrid Client [2011/12/14 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\streamripper [2012/01/20 01:00:55 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Swiss Academic Software [2012/09/20 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Windows Live Writer [2012/12/27 19:11:03 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\XnView [2012/02/12 12:03:08 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\{{userdatapath.company}} [2013/01/02 00:27:42 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals [2012/03/22 03:24:19 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Abra Academy [2011/12/04 04:08:44 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Amazon [2011/12/03 00:28:11 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\ASUS WebStorage [2012/03/19 22:07:29 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Az-Art [2013/01/17 19:54:28 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Boomzap [2012/02/02 00:15:33 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\DAZ 3D [2012/03/25 21:53:58 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Dekovir [2011/12/03 01:56:55 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Downloaded Installations [2012/12/08 18:37:14 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Edraw Mind Map [2012/03/13 18:00:59 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Elephant Games [2012/02/09 02:25:45 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\ERS Game Studios [2012/03/19 22:31:56 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Gogii [2012/02/02 01:09:54 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\IcoFX [2013/03/08 17:08:22 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\inkscape [2012/03/25 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Meridian93 [2011/12/03 01:55:06 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Nitro PDF [2011/12/03 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Nuance [2011/12/03 04:40:21 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\OpenOffice.org [2013/02/26 00:16:42 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Opera [2013/01/02 00:41:19 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Orneon [2013/03/05 00:06:32 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\QuickScan [2012/02/11 21:31:30 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Radialpoint [2012/12/28 16:52:44 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Rainbow [2013/03/13 22:34:16 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\SoftGrid Client [2011/12/08 04:03:37 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\streamripper [2011/12/03 04:44:50 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\TP [2013/02/26 02:29:38 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Wise Disk Cleaner [2013/03/03 22:23:09 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Wise Registry Cleaner [2011/12/03 00:34:04 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Zeon [2012/02/11 21:58:52 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\{{userdatapath.company}} ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:FD786DCA @Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:B65E763D @Alternate Data Stream - 243 bytes -> C:\ProgramData\Temp:12D21A9A @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:869C6B4A @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:164561C8 @Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:DC7EDF41 @Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:63C29481 @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:99AC3203 @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:11590865 @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:A5584049 @Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:8944C195 @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:FED25C29 @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:9B285B76 @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:0EC7A545 @Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:6EE8565A @Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:1B9E79B3 @Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:774A0E14 @Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:C2F24DB5 @Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:96AFAB10 @Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:D2A66480 @Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:5BC73C48 @Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:5A437AC3 @Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:27D1368B @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:58C9BCAC < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/13/2013 11:43:43 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aquaria.MariasRechner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.91 Gb Total Physical Memory | 5.85 Gb Available Physical Memory | 74.04% Memory free 15.81 Gb Paging File | 13.63 Gb Available in Paging File | 86.19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 305.67 Gb Total Space | 178.85 Gb Free Space | 58.51% Space Free | Partition Type: NTFS Drive D: | 367.97 Gb Total Space | 355.62 Gb Free Space | 96.64% Space Free | Partition Type: NTFS Computer Name: MARIASRECHNER | User Name: Maria Wohlfarth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-542383332-4153358020-2719540128-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03374369-29B8-498E-8EEA-9A491A218B5F}" = lport=137 | protocol=17 | dir=in | app=system | "{0E39FEF6-1FCD-45E4-AD61-C3CC303DC0B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{13FD5E8E-CC0A-4CAE-A8EC-ABAD54609A84}" = lport=10243 | protocol=6 | dir=in | app=system | "{1CEC1512-BEE9-40E2-9C74-F46C7366E94A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2B6B8543-2F6E-43B2-96BF-A74079DFB358}" = rport=139 | protocol=6 | dir=out | app=system | "{4CC190BB-2D4C-4E58-B2D7-6494589A2A7F}" = lport=139 | protocol=6 | dir=in | app=system | "{4EA5703C-7329-4F56-A671-C88ECD41DDB0}" = lport=138 | protocol=17 | dir=in | app=system | "{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{6120440A-6801-4740-9A03-7FE7AA72AC17}" = rport=138 | protocol=17 | dir=out | app=system | "{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7EDA2D0F-9565-4E31-8CD1-97A5231B9189}" = lport=445 | protocol=6 | dir=in | app=system | "{85D4A1DB-156E-45C8-8968-15C7EA44A151}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{89113D06-E3D5-49A7-9856-9E2775632F95}" = rport=445 | protocol=6 | dir=out | app=system | "{8D688385-9104-4FF3-BE3D-28B7D2D59362}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8EFCA642-564A-4023-998E-B59AEFB67090}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9357CE08-0AA1-4819-A0F7-263FC257043A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9735A264-B861-4C85-9022-E60099F68C8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{ACA48445-98A7-4395-AF16-B4668DE88C3B}" = rport=10243 | protocol=6 | dir=out | app=system | "{AE366A47-2CC4-4C8E-9C68-A3EE46A50F79}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AFFBD841-0971-4826-9D75-447EF13A9EDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B92833AB-1682-40F4-9B55-D80B3476C46F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BE28CBB8-D4D4-4582-948E-AF0F7AD42F9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D662F18D-0DE0-4197-88AC-A6D9B588AAFE}" = lport=2869 | protocol=6 | dir=in | app=system | "{E7294DB9-E707-434E-A807-DD0BF7F74F64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F3E173A1-B600-417E-92A5-9DFAEECF97C8}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0583604E-9C23-4FAC-A86B-4D821F0355CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0BE4E83C-CE6C-4C45-A80C-0034D3E43FD8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0C32B695-2393-4C43-9CE5-25BB31020208}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{107C4BF2-7492-4492-ABFA-D80819990EB6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | "{1549554E-270D-4FCD-84B5-51EF5C88A9F3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | "{16AC0CDA-309F-47EC-BADA-708B2635A390}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | "{170D01B4-8E6E-49FB-BF3D-3A9DD9CB304A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | "{3162169B-81B6-4AED-AEB3-7A6711AEB3D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3B0D3C74-3124-42D9-8B60-B215385FE169}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{41778980-3D38-49C1-8518-AA77CCC54FD9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4831BE12-7EA9-4CEF-93F5-6E373189DF54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{513E8BF9-7A3F-4ACB-AC6C-68AC8DFD3D68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{561376D4-CDAE-4217-9CCA-E625F16996EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6D79AC48-775E-47E8-8E8D-BC15612A1055}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{77E2118B-E954-4B7C-A3EE-D1F9A25AC586}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{7A692C6F-175C-4590-A7FF-62988D1A5AE6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7CB3309E-ACB0-446D-BED6-64FE4DEBAFF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{801886BB-5AFB-4669-AFBA-D53DF5E5BC09}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{815523A5-A2F6-485B-9063-765C5DFDA0C6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{870CDFE1-DAD7-47DC-8A63-75C6CEA7BF3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8CAB0023-E43A-4ACA-B871-3A39CF4C33E6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8D9AF99E-48D8-4131-B2E7-977DB77A846E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8E30A05E-C912-40A2-90CF-9EE024DDC6C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{9203B834-0E81-4C4A-A00D-203B32276868}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{94F0BC9D-1EBC-4719-B008-EF0352791717}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | "{9EA5D877-E091-461B-9514-F65A484DFA15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A4C3D668-82B4-42D2-99B9-7D1F51B857FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AB04A308-4E99-4DAF-9239-64F6808BFD5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AE3A674C-E0E4-43A7-A948-C3C1DC391A18}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | "{C0891C94-94AD-4C93-81F4-097206DA3920}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8FB76A2-B5F1-4F2C-90EF-9DF1667B6FBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D0F7D040-06DD-4CCF-BAEE-2EBBE4DCB4B1}" = protocol=6 | dir=out | app=system | "{E9F71ECB-FE66-4DC2-8B09-CA8B49662E65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{08CC73E9-CE90-4215-BF4E-1F5524ED5D8C}C:\program files (x86)\philips\philips songbird\philips-songbird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\philips songbird\philips-songbird.exe | "TCP Query User{42E271BA-A919-4DD0-96BF-4D6538BAD34E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{DE5DDBAB-A960-476D-8D76-F7BCB871064C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{2200AA82-EBDA-4E43-845B-0167CE4ABDB2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{2A34FE88-97E0-4AAE-889B-5A14CE1F6055}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{51AC1EBA-DFE8-4340-AB78-77109FBE13A7}C:\program files (x86)\philips\philips songbird\philips-songbird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\philips songbird\philips-songbird.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety "{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.74 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "AsMakeLink" = AsMakeLink "CCleaner" = CCleaner "GIMP-2_is1" = GIMP 2.6.12 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now! "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.0 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}" = ASUS Music Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.7 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AmUStor" = Alcor Micro USB Card Reader "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "AsusScr_N5_En" = AsusScr_N5_En "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira Antivirus Premium "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "BFG-A Gypsy's Tale - Der Turm des Schicksals" = A Gypsy's Tale: Der Turm des Schicksals "BFG-Abra Academy" = Abra Academy "BFG-Allora und das zerbrochene Portal" = Allora und das zerbrochene Portal "BFG-Awakening - Das Koenigreich der Kobolde Sammleredition" = Awakening: Das Königreich der Kobolde Sammleredition "BFG-Awakening 2 - Der Mondenwald" = Awakening 2: Der Mondenwald "BFGC" = Big Fish Games: Game Manager "BFG-Das gelobte Land" = Das gelobte Land "BFG-Das Vermaechtnis - Der Baum des Lebens" = Das Vermächtnis: Der Baum des Lebens "BFG-Die Chroniken von Emerland Solitaer" = Die Chroniken von Emerland Solitär "BFG-Echoes of the Past - Die Rache der Hexe Sammleredition" = Echoes of the Past: Die Rache der Hexe Sammleredition "BFG-Echoes of the Past - Royal House of Stone" = Echoes of the Past: Royal House of Stone "BFG-Gehirntraining" = Gehirntraining "BFG-Grim Tales - Das Vermaechtnis Sammleredition" = Grim Tales: Das Vermächtnis Sammleredition "BFG-Hidden Magic" = Hidden Magic "BFG-Liong - The Lost Amulets" = Liong: The Lost Amulets "BFG-Magic Farm" = Magic Farm "BFG-Monarch - The Butterfly King" = Monarch - The Butterfly King "BFG-Mushroom Age" = Mushroom Age "BFG-Mystery Age - Die Dunklen Priester" = Mystery Age: Die Dunklen Priester "BFG-Otherworld - Fruehling der Schatten Sammleredition" = Otherworld: Frühling der Schatten Sammleredition "BFG-Prinzessin Isabella - Die Rueckkehr des Fluches" = Prinzessin Isabella: Die Rückkehr des Fluches "BFG-Roads of Rome" = Roads of Rome "BFG-Spirits of Mystery - Der Gesang des Phoenix" = Spirits of Mystery: Der Gesang des Phönix "BFG-Spirits of Mystery - Dunkler Fluch Sammleredition" = Spirits of Mystery: Dunkler Fluch Sammleredition "Bookworm Deluxe" = Bookworm Deluxe "Cheatbook 07.2009" = Cheatbook 07.2009 "Cooking Dash" = Cooking Dash "Edraw Mind Map Freeware_is1" = Edraw Mind Map 6.5 "ESET Online Scanner" = ESET Online Scanner v3 "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "IcoFX_is1" = IcoFX 1.6.4 "Inkscape" = Inkscape 0.48.2 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now! "InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.7 "Luxor 3" = Luxor 3 "MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker "Mahjongg dimensions" = Mahjongg dimensions "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PDFConverter Desktop_is1" = PDFConverter Desktop "Philips Songbird" = Philips Songbird "Plants vs Zombies" = Plants vs Zombies "Streamripper" = Streamripper (Remove only) "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.76 "Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.64 "World of Goo" = World of Goo "XnView_is1" = XnView 1.99.6 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-542383332-4153358020-2719540128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Flux" = F.lux "Winamp Detect" = Winamp Erkennungs-Plug-in ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Flux" = F.lux ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/13/2013 6:21:35 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maria Wohlfarth\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/13/2013 6:21:35 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maria Wohlfarth\Downloads\esetsmartinstaller_enu(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/13/2013 6:21:35 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maria Wohlfarth\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/13/2013 6:21:35 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maria Wohlfarth\Downloads\esetsmartinstaller_deu(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/13/2013 6:24:16 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/13/2013 6:25:07 PM | Computer Name = MariasRechner | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: adwcleaner.exe, Version: 2.1.1.4, Zeitstempel: 0x4f25baec Name des fehlerhaften Moduls: adwcleaner.exe, Version: 2.1.1.4, Zeitstempel: 0x4f25baec Ausnahmecode: 0xc0000005 Fehleroffset: 0x000111c9 ID des fehlerhaften Prozesses: 0x19c8 Startzeit der fehlerhaften Anwendung: 0x01ce20398f99ff73 Pfad der fehlerhaften Anwendung: C:\Users\Aquaria.MariasRechner\Desktop\adwcleaner.exe Pfad des fehlerhaften Moduls: C:\Users\Aquaria.MariasRechner\Desktop\adwcleaner.exe Berichtskennung: db749cd5-8c2c-11e2-928b-742f68fa9c99 Error - 3/13/2013 6:46:29 PM | Computer Name = MariasRechner | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: [ System Events ] Error - 3/13/2013 6:26:32 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error - 3/13/2013 6:26:32 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7034 Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 3/13/2013 6:26:32 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7034 Description = Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 3/13/2013 6:26:32 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7034 Description = Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 3/13/2013 6:26:32 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 3/13/2013 6:26:36 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7034 Description = Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 3/13/2013 6:27:02 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 3/13/2013 6:27:31 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7038 Description = Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 3/13/2013 6:27:31 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 3/13/2013 6:27:32 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: %%109 < End of report > Esmeralda |
14.03.2013, 15:36 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere MalwareFixen mit OTL
Code:
ATTFilter :OTL @Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:FD786DCA @Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:B65E763D @Alternate Data Stream - 243 bytes -> C:\ProgramData\Temp:12D21A9A @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:869C6B4A @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:164561C8 @Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:DC7EDF41 @Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:63C29481 @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:99AC3203 @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:11590865 @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:A5584049 @Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:8944C195 @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:FED25C29 @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:9B285B76 @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:0EC7A545 @Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:6EE8565A @Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:1B9E79B3 @Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:774A0E14 @Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:C2F24DB5 @Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:96AFAB10 @Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:D2A66480 @Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:5BC73C48 @Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:5A437AC3 @Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:27D1368B @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:58C9BCAC :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ |
14.03.2013, 17:31 | #18 |
| Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Hallo Cosinus,
__________________hab den OTL-Fix duchgeführt. Hier ist das File: Code:
ATTFilter All processes killed ========== OTL ========== ADS C:\ProgramData\Temp:FD786DCA deleted successfully. ADS C:\ProgramData\Temp:B65E763D deleted successfully. ADS C:\ProgramData\Temp:12D21A9A deleted successfully. ADS C:\ProgramData\Temp:869C6B4A deleted successfully. ADS C:\ProgramData\Temp:164561C8 deleted successfully. ADS C:\ProgramData\Temp:DC7EDF41 deleted successfully. ADS C:\ProgramData\Temp:63C29481 deleted successfully. ADS C:\ProgramData\Temp:99AC3203 deleted successfully. ADS C:\ProgramData\Temp:11590865 deleted successfully. ADS C:\ProgramData\Temp:A5584049 deleted successfully. ADS C:\ProgramData\Temp:2AE74FF9 deleted successfully. ADS C:\ProgramData\Temp:8944C195 deleted successfully. ADS C:\ProgramData\Temp:FED25C29 deleted successfully. ADS C:\ProgramData\Temp:9B285B76 deleted successfully. ADS C:\ProgramData\Temp:0EC7A545 deleted successfully. ADS C:\ProgramData\Temp:6EE8565A deleted successfully. ADS C:\ProgramData\Temp:1B9E79B3 deleted successfully. ADS C:\ProgramData\Temp:774A0E14 deleted successfully. ADS C:\ProgramData\Temp:C2F24DB5 deleted successfully. ADS C:\ProgramData\Temp:96AFAB10 deleted successfully. ADS C:\ProgramData\Temp:D2A66480 deleted successfully. ADS C:\ProgramData\Temp:5BC73C48 deleted successfully. ADS C:\ProgramData\Temp:5A437AC3 deleted successfully. ADS C:\ProgramData\Temp:27D1368B deleted successfully. ADS C:\ProgramData\Temp:58C9BCAC deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Aquaria.MariasRechner\Desktop\cmd.bat deleted successfully. C:\Users\Aquaria.MariasRechner\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Aquaria ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1408849 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 63705971 bytes ->Flash cache emptied: 640 bytes User: Aquaria.MariasRechner ->Temp folder emptied: 19163 bytes ->Temporary Internet Files folder emptied: 772796 bytes ->Java cache emptied: 16948377 bytes ->FireFox cache emptied: 130220331 bytes ->Flash cache emptied: 8114749 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1833396 bytes ->FireFox cache emptied: 11602453 bytes ->Flash cache emptied: 456 bytes User: Maria Wohlfarth ->Temp folder emptied: 97020 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 77328309 bytes ->Flash cache emptied: 506 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 266606067 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 552.00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Error: Unble to create default HOSTS file! OTL by OldTimer - Version 3.2.69.0 log created on 03142013_171617 Esmeralda |
14.03.2013, 21:52 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
15.03.2013, 15:17 | #20 |
| Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Hallo Cosinus, ich habe einen Qick-Scan mit Mbam durchgeführt. Den Kontroll-Scan mit ESET konnte ich noch nicht machen, da er wegen AVAST meckerte, das im Rahmen von aswMBR instaliert wurde. Die anderen Virenscanner wie Mbam und Alvira konnte ich deaktivieren, aber AVAST nicht, obwohl ich das MBR-Tool vom Desktop entfernt habe. Auch nicht nach einem Neustart des Rechners. Ich weiß nicht, wo ich das verbliebene AVAST auf meinem Gerät finden und wie ich es deaktivieren kann. Daher erst mal nur das Log von Mbam: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.15.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Maria Wohlfarth :: MARIASRECHNER [administrator] Protection: Enabled 15.03.2013 13:47:13 mbam-log-2013-03-15 (13-47-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 302668 Time elapsed: 5 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Esmeralda |
15.03.2013, 15:39 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Hm probier ESET bitte nochmal, falls die Meldung wieder aufpoppt bitte einen Screenshot machen und diesen hier posten (in den Anhang)
__________________ --> Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware |
15.03.2013, 17:06 | #22 |
| Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Habe ESET nochmals probiert und die Meldung kam dann erneut. Den Screenshot der Meldung habe ich angehängt. |
15.03.2013, 19:21 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Probier bitte ESET nochmal im abgesicherten Modus mit Netzwerktreibern Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
15.03.2013, 20:19 | #24 |
| Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Ich habe ESET im abgesicherten Modus versucht. Leider kam wieder die gleiche Meldung... |
15.03.2013, 20:25 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Hm...erstell dir bitte mal ein neues Benutzerkonto unter Windows mit Adminrechte, log dich aus und in das neu erstellte Adminkonto neu ein. Versuch da ESET nochmal
__________________ Logfiles bitte immer in CODE-Tags posten |
15.03.2013, 22:18 | #26 |
| Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Hab das neue Benutzerkonto erstellt und habe ESET dort sowohl im normalen als auch im abgesicherten Modus versucht. Leider wieder dieselbe Meldung. |
15.03.2013, 22:22 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Hm also irgendwas stimmt da noch nicht. Mach bitte ein neues Log mit OTL
__________________ Logfiles bitte immer in CODE-Tags posten |
16.03.2013, 00:11 | #28 |
| Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Ich hab unter "Programme" noch mal nachgeschaut, dort einen ganzen Ordner von AVAST gefunden und gelöscht. Seitdem meckert ESET nicht mehr. Sorry, dass ich da nicht früher drauf gekommen bin... Werde aber den Scan sicherheitshalber erst mal noch zurückhalten und auf dein Urteil anhand von OTL warten. Hab aber trotzdem noch mal eine Kontrolle mit OTL durchgeführt: Code:
ATTFilter OTL logfile created on: 3/15/2013 10:47:35 PM - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aquaria.MariasRechner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.91 Gb Total Physical Memory | 5.78 Gb Available Physical Memory | 73.14% Memory free 15.81 Gb Paging File | 13.59 Gb Available in Paging File | 85.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 305.67 Gb Total Space | 175.33 Gb Free Space | 57.36% Space Free | Partition Type: NTFS Drive D: | 367.97 Gb Total Space | 355.62 Gb Free Space | 96.64% Space Free | Partition Type: NTFS Drive F: | 14.83 Gb Total Space | 13.65 Gb Free Space | 92.05% Space Free | Partition Type: FAT32 Drive G: | 3.80 Gb Total Space | 1.81 Gb Free Space | 47.58% Space Free | Partition Type: FAT32 Computer Name: MARIASRECHNER | User Name: BERGKRISTALL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Aquaria.MariasRechner\Desktop\OTL(1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\ASUS.SYS\SIONExportService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Users\Aquaria.MariasRechner\Local Settings\Apps\F.lux\flux.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Users\Aquaria.MariasRechner\Local Settings\Apps\F.lux\flux.exe () ========== Services (SafeList) ========== SRV:64bit: - (secinitd) -- C:\Windows\SysNative\d3dxof64.exe () SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Splashtop MDES) -- C:\ASUS.SYS\SIONExportService.exe (Splashtop Inc.) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - ({73526619-C24F-470B-9BED-53D455FBB5C6}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://asus.msn.com [binary data] IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://asus.msn.com [binary data] IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\..\SearchScopes\{2EE28B92-C46E-4AB5-BB66-8A7527220737}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1006\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.msn.de/willkommen/ IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1006\..\SearchScopes,DefaultScope = {CAE61CDE-0F8E-46D8-845D-C94CC4D858DA} IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1006\..\SearchScopes\{CAE61CDE-0F8E-46D8-845D-C94CC4D858DA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC IE - HKU\S-1-5-21-542383332-4153358020-2719540128-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012/01/20 00:59:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/29 18:55:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/23 14:11:51 | 000,000,000 | ---D | M] [2013/03/15 21:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BERGKRISTALL\AppData\Roaming\mozilla\Extensions [2012/02/03 21:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/08/11 18:31:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013/03/03 22:06:32 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/03/03 22:06:32 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/03/03 22:06:32 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013/03/03 22:06:32 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013/02/26 00:16:42 | 000,001,279 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013/03/03 22:06:32 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013/03/13 17:24:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found. O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found. O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found. O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1005..\Run: [F.lux] C:\Users\Aquaria.MariasRechner\Local Settings\Apps\F.lux\flux.exe () O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1005..\Run: [sbitunesagent] C:\Program Files (x86)\Philips\Philips Songbird\songbirditunesagent.exe () O4 - HKU\S-1-5-21-542383332-4153358020-2719540128-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Aquaria.MariasRechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Maria Wohlfarth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-542383332-4153358020-2719540128-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{472526DB-FACF-4C72-8CC4-6BF1B4BA372E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAB72536-28FF-4C93-886C-41FD60ED208B}: DhcpNameServer = 13.5.0.10 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\tmbp - No CLSID value found O18:64bit: - Protocol\Handler\tmpx - No CLSID value found O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\tmbp - No CLSID value found O18 - Protocol\Handler\tmpx - No CLSID value found O18 - Protocol\Handler\tmtbim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk G:\ O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/15 22:08:05 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Malwarebytes [2013/03/15 21:12:33 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\ASUS WebStorage [2013/03/15 21:10:02 | 002,347,384 | ---- | C] (ESET) -- C:\Users\BERGKRISTALL\Desktop\esetsmartinstaller_enu.exe [2013/03/15 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Mozilla [2013/03/15 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Local\Mozilla [2013/03/15 21:04:53 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Avira [2013/03/15 20:57:14 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Local\MediaServer [2013/03/15 20:57:13 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013/03/15 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Local\BMExplorer [2013/03/15 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\Documents\Bluetooth Folder [2013/03/15 20:57:11 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Local\CyberLink [2013/03/15 20:57:10 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\CyberLink [2013/03/15 20:57:09 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Apple Computer [2013/03/15 20:55:20 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/03/15 20:55:20 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Searches [2013/03/15 20:55:20 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/03/15 20:55:11 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Identities [2013/03/15 20:55:09 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Contacts [2013/03/15 20:55:06 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Local\VirtualStore [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Vorlagen [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\AppData\Local\Verlauf [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\AppData\Local\Temporary Internet Files [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Startmenü [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\SendTo [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Recent [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Netzwerkumgebung [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Lokale Einstellungen [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Documents\Eigene Videos [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Documents\Eigene Musik [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Eigene Dateien [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Documents\Eigene Bilder [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Druckumgebung [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Cookies [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\AppData\Local\Anwendungsdaten [2013/03/15 20:54:31 | 000,000,000 | -HSD | C] -- C:\Users\BERGKRISTALL\Anwendungsdaten [2013/03/15 20:54:30 | 000,000,000 | --SD | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Videos [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Saved Games [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Pictures [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Music [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Links [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Favorites [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Downloads [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Documents [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\Desktop [2013/03/15 20:54:30 | 000,000,000 | R--D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/03/15 20:54:30 | 000,000,000 | -H-D | C] -- C:\Users\BERGKRISTALL\AppData [2013/03/15 20:54:30 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Local\temp [2013/03/15 20:54:30 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Local\Microsoft [2013/03/15 20:54:30 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Media Center Programs [2013/03/15 20:54:30 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2013/03/15 20:54:30 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic [2013/03/15 20:54:30 | 000,000,000 | ---D | C] -- C:\Users\BERGKRISTALL\AppData\Local\ASUS [2013/03/14 17:16:18 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/13 23:20:40 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/03/13 22:38:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/03/13 22:38:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/03/13 22:38:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/03/13 22:38:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/03/13 22:38:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/03/13 22:38:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/03/13 22:38:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/03/13 22:38:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/03/13 22:38:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/03/13 22:38:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/03/13 22:38:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/03/13 22:38:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/03/13 22:38:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/03/13 22:38:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/03/13 22:38:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/03/13 22:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013/03/13 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013/03/13 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013/03/13 22:13:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/13 22:13:30 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/13 17:41:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/13 17:12:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/13 17:12:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/13 17:12:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/13 17:12:08 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/03/13 17:12:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/13 17:11:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/05 22:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013/03/05 04:43:37 | 002,770,944 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2013/03/05 00:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/03/03 22:06:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013/02/27 03:00:54 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013/02/27 03:00:54 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013/02/27 03:00:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013/02/27 03:00:54 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013/02/27 03:00:50 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013/02/27 03:00:50 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013/02/27 03:00:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 03:00:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 03:00:44 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/02/27 03:00:44 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 03:00:44 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 03:00:44 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 03:00:44 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 03:00:44 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 03:00:44 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 03:00:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/02/27 03:00:43 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/02/27 03:00:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/02/27 03:00:43 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013/02/27 03:00:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 03:00:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 03:00:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 03:00:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 03:00:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 03:00:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 03:00:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 03:00:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/02/27 03:00:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/02/27 03:00:42 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/02/27 03:00:42 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/02/27 03:00:42 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/02/27 03:00:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/02/27 03:00:41 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013/02/27 03:00:41 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/02/27 03:00:41 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013/02/27 03:00:41 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013/02/27 03:00:40 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/02/27 03:00:40 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/02/26 22:15:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.7 [2013/02/26 22:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2013/02/26 22:05:53 | 000,000,000 | ---D | C] -- C:\MediaServer [2013/02/26 22:05:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink [2013/02/26 22:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2013/02/26 22:05:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12 [2013/02/26 21:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2013/02/26 02:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner [2013/02/26 02:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise [2013/02/26 00:16:42 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll ========== Files - Modified Within 30 Days ========== [2013/03/15 22:44:51 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2013/03/15 22:42:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/15 22:42:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/15 22:34:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/15 22:34:23 | 2072,027,135 | -HS- | M] () -- C:\hiberfil.sys [2013/03/15 21:10:03 | 002,347,384 | ---- | M] (ESET) -- C:\Users\BERGKRISTALL\Desktop\esetsmartinstaller_enu.exe [2013/03/15 21:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/15 20:54:41 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013/03/15 14:03:27 | 008,133,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/15 14:03:27 | 000,706,520 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013/03/15 14:03:27 | 000,705,544 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2013/03/15 14:03:27 | 000,703,282 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013/03/15 14:03:27 | 000,701,198 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013/03/15 14:03:27 | 000,691,432 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2013/03/15 14:03:27 | 000,688,048 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2013/03/15 14:03:27 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/03/15 14:03:27 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/15 14:03:27 | 000,563,860 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2013/03/15 14:03:27 | 000,397,410 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2013/03/15 14:03:27 | 000,365,612 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2013/03/15 14:03:27 | 000,141,234 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2013/03/15 14:03:27 | 000,137,924 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2013/03/15 14:03:27 | 000,137,112 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013/03/15 14:03:27 | 000,136,688 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2013/03/15 14:03:27 | 000,134,312 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013/03/15 14:03:27 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/03/15 14:03:27 | 000,131,316 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013/03/15 14:03:27 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2013/03/15 14:03:27 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/15 14:03:27 | 000,093,608 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2013/03/15 14:03:27 | 000,073,266 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2013/03/14 00:07:31 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/03/14 00:07:31 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/03/13 17:24:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/08 17:07:58 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/03/05 17:26:31 | 000,002,114 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013/03/05 13:54:41 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/26 22:15:50 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink MediaEspresso 6.7.lnk [2013/02/26 22:05:32 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2013/02/26 20:51:43 | 000,002,490 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013/02/26 00:16:42 | 000,119,808 | ---- | M] () -- C:\Windows\SysNative\GFilterSvc.exe [2013/02/26 00:16:41 | 000,118,272 | ---- | M] () -- C:\Windows\SysNative\d3dxof64.exe [2013/02/14 11:55:47 | 000,385,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/03/15 20:55:34 | 000,001,407 | ---- | C] () -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013/03/15 20:55:27 | 000,001,441 | ---- | C] () -- C:\Users\BERGKRISTALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/03/13 17:12:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/13 17:12:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/13 17:12:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/13 17:12:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/13 17:12:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/05 13:54:41 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/26 22:15:50 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink MediaEspresso 6.7.lnk [2013/02/26 22:05:32 | 000,002,190 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2013/02/26 00:16:42 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013/02/26 00:16:42 | 000,119,808 | ---- | C] () -- C:\Windows\SysNative\GFilterSvc.exe [2013/02/26 00:16:41 | 000,118,272 | ---- | C] () -- C:\Windows\SysNative\d3dxof64.exe [2011/12/03 04:44:11 | 008,232,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/29 02:51:27 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/08/31 19:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/08/31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/08/19 03:33:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011/08/19 03:32:39 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/08/19 03:32:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/05/10 23:55:50 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/12/04 20:56:12 | 000,000,000 | ---D | M] -- C:\Users\Aquaria\AppData\Roaming\ASUS WebStorage [2012/03/21 00:50:54 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals [2012/03/22 03:27:06 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Abra Academy [2012/01/13 20:24:05 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Amazon [2012/01/13 00:41:13 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Artweaver Free [2011/12/10 14:01:18 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\ASUS WebStorage [2012/03/20 16:07:04 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Az-Art [2012/12/03 14:11:11 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Boolat Games [2013/01/18 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Boomzap [2012/01/14 04:14:55 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\DAZ 3D [2012/12/08 19:18:42 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Edraw Mind Map [2012/03/12 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Elephant Games [2012/08/03 14:50:29 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\ERS Game Studios [2012/03/20 11:42:12 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Gogii [2012/04/12 01:35:47 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\gtk-2.0 [2013/03/09 12:14:25 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\inkscape [2012/03/21 00:51:49 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\MA2 [2012/03/26 20:01:41 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Meridian93 [2011/12/21 19:34:09 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\OpenOffice.org [2013/01/04 22:33:09 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Orneon [2012/09/29 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Philips [2013/03/15 14:04:56 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Philips-Songbird [2012/02/12 12:03:17 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Radialpoint [2012/12/29 09:29:23 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Rainbow [2013/03/15 19:57:27 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\SoftGrid Client [2011/12/14 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\streamripper [2012/01/20 01:00:55 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Swiss Academic Software [2012/09/20 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\Windows Live Writer [2012/12/27 19:11:03 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\XnView [2012/02/12 12:03:08 | 000,000,000 | ---D | M] -- C:\Users\Aquaria.MariasRechner\AppData\Roaming\{{userdatapath.company}} [2013/03/15 21:12:33 | 000,000,000 | ---D | M] -- C:\Users\BERGKRISTALL\AppData\Roaming\ASUS WebStorage [2013/01/02 00:27:42 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals [2012/03/22 03:24:19 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Abra Academy [2011/12/04 04:08:44 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Amazon [2011/12/03 00:28:11 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\ASUS WebStorage [2012/03/19 22:07:29 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Az-Art [2013/01/17 19:54:28 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Boomzap [2012/02/02 00:15:33 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\DAZ 3D [2012/03/25 21:53:58 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Dekovir [2011/12/03 01:56:55 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Downloaded Installations [2012/12/08 18:37:14 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Edraw Mind Map [2012/03/13 18:00:59 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Elephant Games [2012/02/09 02:25:45 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\ERS Game Studios [2012/03/19 22:31:56 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Gogii [2012/02/02 01:09:54 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\IcoFX [2013/03/08 17:08:22 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\inkscape [2012/03/25 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Meridian93 [2011/12/03 01:55:06 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Nitro PDF [2011/12/03 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Nuance [2011/12/03 04:40:21 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\OpenOffice.org [2013/02/26 00:16:42 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Opera [2013/01/02 00:41:19 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Orneon [2013/03/05 00:06:32 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\QuickScan [2012/02/11 21:31:30 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Radialpoint [2012/12/28 16:52:44 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Rainbow [2013/03/13 22:34:16 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\SoftGrid Client [2011/12/08 04:03:37 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\streamripper [2011/12/03 04:44:50 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\TP [2013/02/26 02:29:38 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Wise Disk Cleaner [2013/03/03 22:23:09 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Wise Registry Cleaner [2011/12/03 00:34:04 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\Zeon [2012/02/11 21:58:52 | 000,000,000 | ---D | M] -- C:\Users\Maria Wohlfarth\AppData\Roaming\{{userdatapath.company}} ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/15/2013 10:47:35 PM - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aquaria.MariasRechner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.91 Gb Total Physical Memory | 5.78 Gb Available Physical Memory | 73.14% Memory free 15.81 Gb Paging File | 13.59 Gb Available in Paging File | 85.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 305.67 Gb Total Space | 175.33 Gb Free Space | 57.36% Space Free | Partition Type: NTFS Drive D: | 367.97 Gb Total Space | 355.62 Gb Free Space | 96.64% Space Free | Partition Type: NTFS Drive F: | 14.83 Gb Total Space | 13.65 Gb Free Space | 92.05% Space Free | Partition Type: FAT32 Drive G: | 3.80 Gb Total Space | 1.81 Gb Free Space | 47.58% Space Free | Partition Type: FAT32 Computer Name: MARIASRECHNER | User Name: BERGKRISTALL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-542383332-4153358020-2719540128-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03374369-29B8-498E-8EEA-9A491A218B5F}" = lport=137 | protocol=17 | dir=in | app=system | "{0E39FEF6-1FCD-45E4-AD61-C3CC303DC0B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{13FD5E8E-CC0A-4CAE-A8EC-ABAD54609A84}" = lport=10243 | protocol=6 | dir=in | app=system | "{1CEC1512-BEE9-40E2-9C74-F46C7366E94A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2B6B8543-2F6E-43B2-96BF-A74079DFB358}" = rport=139 | protocol=6 | dir=out | app=system | "{4CC190BB-2D4C-4E58-B2D7-6494589A2A7F}" = lport=139 | protocol=6 | dir=in | app=system | "{4EA5703C-7329-4F56-A671-C88ECD41DDB0}" = lport=138 | protocol=17 | dir=in | app=system | "{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{6120440A-6801-4740-9A03-7FE7AA72AC17}" = rport=138 | protocol=17 | dir=out | app=system | "{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7EDA2D0F-9565-4E31-8CD1-97A5231B9189}" = lport=445 | protocol=6 | dir=in | app=system | "{85D4A1DB-156E-45C8-8968-15C7EA44A151}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{89113D06-E3D5-49A7-9856-9E2775632F95}" = rport=445 | protocol=6 | dir=out | app=system | "{8D688385-9104-4FF3-BE3D-28B7D2D59362}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8EFCA642-564A-4023-998E-B59AEFB67090}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9357CE08-0AA1-4819-A0F7-263FC257043A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9735A264-B861-4C85-9022-E60099F68C8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{ACA48445-98A7-4395-AF16-B4668DE88C3B}" = rport=10243 | protocol=6 | dir=out | app=system | "{AE366A47-2CC4-4C8E-9C68-A3EE46A50F79}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AFFBD841-0971-4826-9D75-447EF13A9EDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B92833AB-1682-40F4-9B55-D80B3476C46F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BE28CBB8-D4D4-4582-948E-AF0F7AD42F9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D662F18D-0DE0-4197-88AC-A6D9B588AAFE}" = lport=2869 | protocol=6 | dir=in | app=system | "{E7294DB9-E707-434E-A807-DD0BF7F74F64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F3E173A1-B600-417E-92A5-9DFAEECF97C8}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0583604E-9C23-4FAC-A86B-4D821F0355CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0BE4E83C-CE6C-4C45-A80C-0034D3E43FD8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0C32B695-2393-4C43-9CE5-25BB31020208}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{107C4BF2-7492-4492-ABFA-D80819990EB6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | "{1549554E-270D-4FCD-84B5-51EF5C88A9F3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | "{16AC0CDA-309F-47EC-BADA-708B2635A390}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | "{170D01B4-8E6E-49FB-BF3D-3A9DD9CB304A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | "{3162169B-81B6-4AED-AEB3-7A6711AEB3D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3B0D3C74-3124-42D9-8B60-B215385FE169}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{41778980-3D38-49C1-8518-AA77CCC54FD9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4831BE12-7EA9-4CEF-93F5-6E373189DF54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{513E8BF9-7A3F-4ACB-AC6C-68AC8DFD3D68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{561376D4-CDAE-4217-9CCA-E625F16996EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6D79AC48-775E-47E8-8E8D-BC15612A1055}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{77E2118B-E954-4B7C-A3EE-D1F9A25AC586}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{7A692C6F-175C-4590-A7FF-62988D1A5AE6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7CB3309E-ACB0-446D-BED6-64FE4DEBAFF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{801886BB-5AFB-4669-AFBA-D53DF5E5BC09}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{815523A5-A2F6-485B-9063-765C5DFDA0C6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{870CDFE1-DAD7-47DC-8A63-75C6CEA7BF3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8CAB0023-E43A-4ACA-B871-3A39CF4C33E6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8D9AF99E-48D8-4131-B2E7-977DB77A846E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8E30A05E-C912-40A2-90CF-9EE024DDC6C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{9203B834-0E81-4C4A-A00D-203B32276868}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{94F0BC9D-1EBC-4719-B008-EF0352791717}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | "{9EA5D877-E091-461B-9514-F65A484DFA15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A4C3D668-82B4-42D2-99B9-7D1F51B857FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AB04A308-4E99-4DAF-9239-64F6808BFD5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AE3A674C-E0E4-43A7-A948-C3C1DC391A18}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | "{C0891C94-94AD-4C93-81F4-097206DA3920}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8FB76A2-B5F1-4F2C-90EF-9DF1667B6FBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D0F7D040-06DD-4CCF-BAEE-2EBBE4DCB4B1}" = protocol=6 | dir=out | app=system | "{E9F71ECB-FE66-4DC2-8B09-CA8B49662E65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{08CC73E9-CE90-4215-BF4E-1F5524ED5D8C}C:\program files (x86)\philips\philips songbird\philips-songbird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\philips songbird\philips-songbird.exe | "TCP Query User{42E271BA-A919-4DD0-96BF-4D6538BAD34E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{DE5DDBAB-A960-476D-8D76-F7BCB871064C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{2200AA82-EBDA-4E43-845B-0167CE4ABDB2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{2A34FE88-97E0-4AAE-889B-5A14CE1F6055}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{51AC1EBA-DFE8-4340-AB78-77109FBE13A7}C:\program files (x86)\philips\philips songbird\philips-songbird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\philips songbird\philips-songbird.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety "{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.74 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "AsMakeLink" = AsMakeLink "CCleaner" = CCleaner "GIMP-2_is1" = GIMP 2.6.12 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now! "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.0 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}" = ASUS Music Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.7 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AmUStor" = Alcor Micro USB Card Reader "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "AsusScr_N5_En" = AsusScr_N5_En "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira Antivirus Premium "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "BFG-A Gypsy's Tale - Der Turm des Schicksals" = A Gypsy's Tale: Der Turm des Schicksals "BFG-Abra Academy" = Abra Academy "BFG-Allora und das zerbrochene Portal" = Allora und das zerbrochene Portal "BFG-Awakening - Das Koenigreich der Kobolde Sammleredition" = Awakening: Das Königreich der Kobolde Sammleredition "BFG-Awakening 2 - Der Mondenwald" = Awakening 2: Der Mondenwald "BFGC" = Big Fish Games: Game Manager "BFG-Das gelobte Land" = Das gelobte Land "BFG-Das Vermaechtnis - Der Baum des Lebens" = Das Vermächtnis: Der Baum des Lebens "BFG-Die Chroniken von Emerland Solitaer" = Die Chroniken von Emerland Solitär "BFG-Echoes of the Past - Die Rache der Hexe Sammleredition" = Echoes of the Past: Die Rache der Hexe Sammleredition "BFG-Echoes of the Past - Royal House of Stone" = Echoes of the Past: Royal House of Stone "BFG-Gehirntraining" = Gehirntraining "BFG-Grim Tales - Das Vermaechtnis Sammleredition" = Grim Tales: Das Vermächtnis Sammleredition "BFG-Hidden Magic" = Hidden Magic "BFG-Liong - The Lost Amulets" = Liong: The Lost Amulets "BFG-Magic Farm" = Magic Farm "BFG-Monarch - The Butterfly King" = Monarch - The Butterfly King "BFG-Mushroom Age" = Mushroom Age "BFG-Mystery Age - Die Dunklen Priester" = Mystery Age: Die Dunklen Priester "BFG-Otherworld - Fruehling der Schatten Sammleredition" = Otherworld: Frühling der Schatten Sammleredition "BFG-Prinzessin Isabella - Die Rueckkehr des Fluches" = Prinzessin Isabella: Die Rückkehr des Fluches "BFG-Roads of Rome" = Roads of Rome "BFG-Spirits of Mystery - Der Gesang des Phoenix" = Spirits of Mystery: Der Gesang des Phönix "BFG-Spirits of Mystery - Dunkler Fluch Sammleredition" = Spirits of Mystery: Dunkler Fluch Sammleredition "Bookworm Deluxe" = Bookworm Deluxe "Cheatbook 07.2009" = Cheatbook 07.2009 "Cooking Dash" = Cooking Dash "Edraw Mind Map Freeware_is1" = Edraw Mind Map 6.5 "ESET Online Scanner" = ESET Online Scanner v3 "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "IcoFX_is1" = IcoFX 1.6.4 "Inkscape" = Inkscape 0.48.2 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now! "InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.7 "Luxor 3" = Luxor 3 "MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker "Mahjongg dimensions" = Mahjongg dimensions "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PDFConverter Desktop_is1" = PDFConverter Desktop "Philips Songbird" = Philips Songbird "Plants vs Zombies" = Plants vs Zombies "Streamripper" = Streamripper (Remove only) "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.76 "Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.64 "World of Goo" = World of Goo "XnView_is1" = XnView 1.99.6 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-542383332-4153358020-2719540128-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Flux" = F.lux ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/15/2013 5:07:21 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Desktop\esetsmartinstaller_enu(4).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/15/2013 5:11:18 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Desktop\esetsmartinstaller_enu(4).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/15/2013 5:11:18 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Desktop\esetsmartinstaller_enu(2).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/15/2013 5:32:01 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/15/2013 5:36:29 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Desktop\esetsmartinstaller_enu(4).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/15/2013 5:36:29 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Desktop\esetsmartinstaller_enu(4).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/15/2013 5:36:43 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Desktop\esetsmartinstaller_enu(4).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/15/2013 5:39:17 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Desktop\esetsmartinstaller_enu(4).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/15/2013 5:39:17 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Desktop\esetsmartinstaller_enu(4).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 3/15/2013 5:39:21 PM | Computer Name = MariasRechner | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Aquaria.MariasRechner\Desktop\esetsmartinstaller_enu(4).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 3/15/2013 5:07:51 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 3/15/2013 5:07:51 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 3/15/2013 5:07:51 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 3/15/2013 5:07:51 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 3/15/2013 5:07:53 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 3/15/2013 5:07:53 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 3/15/2013 5:07:53 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 3/15/2013 5:07:53 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 3/15/2013 5:07:53 PM | Computer Name = MariasRechner | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 3/15/2013 5:36:18 PM | Computer Name = MariasRechner | Source = DCOM | ID = 10010 Description = < End of report > |
16.03.2013, 00:21 | #29 |
| Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware Dann ist noch ein anderes Problem (wieder) aufgetaucht, was mich stark annehmen lässt, dass da was noch nicht okay ist: Mbam (das parallel zu Avira aktiviert ist) macht regelmäßig die Meldung, dass der Zugang zu einer potenziell gefährlichen Weseite geblockt würde. Es wird eine IP-Adresse angegeben. Der Prozess ist ausgehend - avwegbgrd.exe oder so was ist angegeben. Mbam begann mit diesen Meldungen um den 26. Februar herum, als das aktuelle Trojaner-Theater losging. Früher lief Mbam problemlos parallel zu Avira. Den Log mit den Meldungen von gestern gebe ich hier noch mal durch: Code:
ATTFilter 2013/03/15 13:43:01 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51475, Process: avwebgrd.exe) 2013/03/15 13:44:33 +0100 MARIASRECHNER Aquaria MESSAGE Starting database refresh 2013/03/15 13:44:33 +0100 MARIASRECHNER Aquaria MESSAGE Stopping IP protection 2013/03/15 13:44:33 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection stopped successfully 2013/03/15 13:44:38 +0100 MARIASRECHNER Aquaria MESSAGE Database refreshed successfully 2013/03/15 13:44:38 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 13:44:55 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 14:05:14 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51825, Process: avwebgrd.exe) 2013/03/15 14:08:16 +0100 MARIASRECHNER Aquaria MESSAGE Stopping protection 2013/03/15 14:08:16 +0100 MARIASRECHNER Aquaria MESSAGE Protection stopped successfully 2013/03/15 14:08:21 +0100 MARIASRECHNER Aquaria MESSAGE Stopping IP protection 2013/03/15 14:08:22 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection stopped successfully 2013/03/15 14:18:44 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 14:19:04 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 14:19:10 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 14:19:10 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 14:19:28 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51869, Process: avwebgrd.exe) 2013/03/15 14:22:33 +0100 MARIASRECHNER Aquaria MESSAGE Stopping protection 2013/03/15 14:22:33 +0100 MARIASRECHNER Aquaria MESSAGE Protection stopped successfully 2013/03/15 14:22:38 +0100 MARIASRECHNER Aquaria MESSAGE Stopping IP protection 2013/03/15 14:22:39 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection stopped successfully 2013/03/15 14:29:21 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 14:29:21 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 14:29:26 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 14:29:45 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 14:33:31 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51947, Process: avwebgrd.exe) 2013/03/15 15:00:38 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 15:00:38 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 15:00:38 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 15:00:59 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 15:01:07 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49365, Process: avwebgrd.exe) 2013/03/15 16:34:45 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49840, Process: avwebgrd.exe) 2013/03/15 16:36:54 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49951, Process: avwebgrd.exe) 2013/03/15 16:37:10 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49966, Process: avwebgrd.exe) 2013/03/15 16:38:46 +0100 MARIASRECHNER Aquaria MESSAGE Stopping protection 2013/03/15 16:38:46 +0100 MARIASRECHNER Aquaria MESSAGE Protection stopped successfully 2013/03/15 16:38:50 +0100 MARIASRECHNER Aquaria MESSAGE Stopping IP protection 2013/03/15 16:38:51 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection stopped successfully 2013/03/15 16:50:09 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 16:50:28 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 16:50:30 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 16:50:30 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 16:50:44 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50045, Process: avwebgrd.exe) 2013/03/15 19:41:39 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 19:41:39 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 19:41:39 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 19:41:51 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 19:43:21 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49164, Process: avwebgrd.exe) 2013/03/15 19:44:56 +0100 MARIASRECHNER Aquaria MESSAGE Stopping protection 2013/03/15 19:44:56 +0100 MARIASRECHNER Aquaria MESSAGE Protection stopped successfully 2013/03/15 19:44:59 +0100 MARIASRECHNER Aquaria MESSAGE Stopping IP protection 2013/03/15 19:45:00 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection stopped successfully 2013/03/15 19:46:01 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 19:46:01 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 19:46:07 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 19:46:23 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 19:54:19 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49483, Process: avwebgrd.exe) 2013/03/15 20:14:23 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 20:14:23 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 20:14:23 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 20:14:42 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 20:14:52 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49205, Process: avwebgrd.exe) 2013/03/15 21:08:11 +0100 MARIASRECHNER BERGKRISTALL IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50036, Process: avwebgrd.exe) 2013/03/15 21:12:18 +0100 MARIASRECHNER BERGKRISTALL MESSAGE Stopping protection 2013/03/15 21:12:18 +0100 MARIASRECHNER BERGKRISTALL MESSAGE Protection stopped successfully 2013/03/15 21:12:24 +0100 MARIASRECHNER BERGKRISTALL MESSAGE Stopping IP protection 2013/03/15 21:12:25 +0100 MARIASRECHNER BERGKRISTALL MESSAGE IP Protection stopped successfully 2013/03/15 21:19:50 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 21:19:50 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 21:19:53 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 21:20:13 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 21:20:21 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50132, Process: avwebgrd.exe) 2013/03/15 22:10:42 +0100 MARIASRECHNER (null) MESSAGE Starting protection 2013/03/15 22:10:42 +0100 MARIASRECHNER (null) MESSAGE Protection started successfully 2013/03/15 22:10:42 +0100 MARIASRECHNER (null) MESSAGE Starting IP protection 2013/03/15 22:10:54 +0100 MARIASRECHNER (null) MESSAGE IP Protection started successfully 2013/03/15 22:12:23 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49171, Process: avwebgrd.exe) 2013/03/15 22:23:17 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49326, Process: avwebgrd.exe) 2013/03/15 22:34:38 +0100 MARIASRECHNER (null) MESSAGE Executing scheduled update: Daily 2013/03/15 22:34:42 +0100 MARIASRECHNER (null) MESSAGE Starting protection 2013/03/15 22:34:44 +0100 MARIASRECHNER (null) MESSAGE Protection started successfully 2013/03/15 22:34:44 +0100 MARIASRECHNER (null) MESSAGE Starting IP protection 2013/03/15 22:34:54 +0100 MARIASRECHNER (null) MESSAGE IP Protection started successfully 2013/03/15 22:35:05 +0100 MARIASRECHNER Aquaria MESSAGE Scheduled update executed successfully: database updated from version v2013.03.15.05 to version v2013.03.15.08 2013/03/15 22:35:05 +0100 MARIASRECHNER Aquaria MESSAGE Starting database refresh 2013/03/15 22:35:05 +0100 MARIASRECHNER Aquaria MESSAGE Stopping IP protection 2013/03/15 22:35:05 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection stopped successfully 2013/03/15 22:35:09 +0100 MARIASRECHNER Aquaria MESSAGE Database refreshed successfully 2013/03/15 22:35:09 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 22:35:17 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 22:36:14 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49186, Process: avwebgrd.exe) 2013/03/15 22:37:40 +0100 MARIASRECHNER Aquaria MESSAGE Stopping protection 2013/03/15 22:37:40 +0100 MARIASRECHNER Aquaria MESSAGE Protection stopped successfully 2013/03/15 22:37:43 +0100 MARIASRECHNER Aquaria MESSAGE Stopping IP protection 2013/03/15 22:37:44 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection stopped successfully 2013/03/15 22:37:48 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 22:38:06 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 22:38:11 +0100 MARIASRECHNER Aquaria MESSAGE Stopping IP protection 2013/03/15 22:38:12 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection stopped successfully 2013/03/15 22:41:10 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 22:41:28 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 22:41:36 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 22:41:36 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 23:20:06 +0100 MARIASRECHNER Aquaria MESSAGE Stopping protection 2013/03/15 23:20:06 +0100 MARIASRECHNER Aquaria MESSAGE Protection stopped successfully 2013/03/15 23:20:10 +0100 MARIASRECHNER Aquaria MESSAGE Stopping IP protection 2013/03/15 23:20:10 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection stopped successfully 2013/03/15 23:23:07 +0100 MARIASRECHNER Aquaria MESSAGE Starting protection 2013/03/15 23:23:07 +0100 MARIASRECHNER Aquaria MESSAGE Protection started successfully 2013/03/15 23:23:10 +0100 MARIASRECHNER Aquaria MESSAGE Starting IP protection 2013/03/15 23:23:29 +0100 MARIASRECHNER Aquaria MESSAGE IP Protection started successfully 2013/03/15 23:31:24 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 49484, Process: avwebgrd.exe) 2013/03/15 23:42:24 +0100 MARIASRECHNER Aquaria IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49511, Process: avwebgrd.exe) Esmeralda |
16.03.2013, 01:54 | #30 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere MalwareZitat:
Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall Wise Registry Cleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware |
antivirus, avira, betriebssystem windows 7, desktop, dllhost.exe, entfernen, escan, eudora, explorer, fehlermeldung, gfiltersvc.exe, home, infizierte, löschen, malware, ntdll.dll, problem, programme, prozess, prozesse, registry, services.exe, starten, suche, svchost.exe, taskhost.exe, trojan.agent.ed, warnung, windows, winlogon.exe, wmp, wuauclt.exe |