GVU Trojaner ? Freund sucht ...

Redwulf · 03.07.2013, 17:57

Hallo liebes Helferteam

Ich habe via Mail Kontakt zu einem Freund, dessen PC offensichtlich durch einen GVU Virus infiziert wurde. Er beschreibt, dass sein PC durch eine Zahlungsaufforderung geblockt wurde. Der PC ( Standort Florida ) wurde in der Eingabeaufforderung mittels CF "bearbeitet"

Er ist mittlerweile in der Lage auf den Desktop von Windows zu gelangen.

Da das Kind bereits durch CF in den Brunnen geschubst wurde, habe ich ihn gebeten OTL zu nutzen. ( gemäß der Reihenfolge dieses Boards )

Hier seine Logs.

Hier der log txt seines Combofix

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 13-07-02.03 - Robert 07/03/2013  11:34:19.1.4 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3327.2716 [GMT -4:00]
Running from: K:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\44ABC39CBF493A52000044AB7EF74052
c:\documents and settings\All Users\Application Data\44ABC39CBF493A52000044AB7EF74052\44ABC39CBF493A52000044AB7EF74052
c:\documents and settings\All Users\Application Data\44ABC39CBF493A52000044AB7EF74052\44ABC39CBF493A52000044AB7EF74052.exe
c:\documents and settings\All Users\Application Data\44ABC39CBF493A52000044AB7EF74052\44ABC39CBF493A52000044AB7EF74052.ico
c:\documents and settings\All Users\Application Data\Wincert\WIN32C~1.DLL
c:\documents and settings\All Users\Start Menu\Programs\Startup\Setup.exe
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\NetworkService\Local Settings\Application Data\58007ebc-c69e-4e98-a052-de496d8c4160ad
c:\documents and settings\NetworkService\Local Settings\Application Data\58007ebc-c69e-4e98-a052-de496d8c4160ad\ebcceeadedcad.exe
c:\documents and settings\Robert\acrobat.exe
c:\documents and settings\Robert\Application Data\Adobe\plugs
c:\documents and settings\Robert\Application Data\Adobe\shed
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\ebay_ie.ico
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\search_ie.ico
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Robert\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\Robert\Application Data\PriceGong
c:\documents and settings\Robert\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Robert\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Robert\opera.exe
c:\documents and settings\Robert\WINDOWS
c:\program files\DefaultTab
c:\program files\DefaultTab\DefaultTab.crx
c:\program files\DefaultTab\DefaultTabSearch.exe
c:\program files\DefaultTab\uid
c:\program files\OApps\SeLEctionlinks.dll
c:\windows\system32\frapsvid.dll
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected 
Restored copy from - c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe 
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
-------\Service_DefaultTabSearch
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-03 to 2013-07-03  )))))))))))))))))))))))))))))))
.
.
2013-06-29 01:05 . 2013-06-29 01:12	664	----a-w-	c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2013-06-29 01:04 . 2013-06-29 01:04	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-28 21:58 . 2013-06-28 23:54	--------	d-----w-	c:\documents and settings\Admin1
2013-06-28 21:58 . 2013-06-28 21:58	--------	d-----w-	c:\documents and settings\LocalService\Application Data\Yahoo!
2013-06-24 01:19 . 2013-06-24 01:19	--------	d-----w-	C:\USMT.TMP
2013-06-23 15:19 . 2013-05-07 22:30	522240	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
2013-06-23 15:18 . 2011-08-16 10:45	6144	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2013-06-23 15:18 . 2013-05-07 22:30	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2013-06-23 15:18 . 2013-05-07 22:30	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2013-06-23 15:18 . 2013-05-07 22:30	630272	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2013-06-23 15:18 . 2013-05-07 22:30	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2013-06-23 15:18 . 2013-05-07 22:30	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2013-06-23 15:18 . 2013-05-07 22:30	2005504	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2013-06-23 15:18 . 2013-05-07 22:30	11112960	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2013-06-23 04:05 . 2013-06-23 04:05	--------	d-----w-	c:\program files\FileOpenerPro
2013-06-23 03:54 . 2008-06-13 11:05	272128	-c----w-	c:\windows\system32\dllcache\bthport.sys
2013-06-23 03:53 . 2011-07-15 13:29	456320	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2013-06-23 03:48 . 2013-02-12 00:32	12928	-c----w-	c:\windows\system32\dllcache\usb8023x.sys
2013-06-23 03:35 . 2013-05-03 01:30	2149888	-c----w-	c:\windows\system32\dllcache\ntkrnlmp.exe
2013-06-23 03:35 . 2013-05-03 01:26	2193536	-c----w-	c:\windows\system32\dllcache\ntoskrnl.exe
2013-06-23 03:35 . 2013-05-03 00:38	2070144	-c----w-	c:\windows\system32\dllcache\ntkrnlpa.exe
2013-06-23 03:35 . 2013-05-03 00:38	2028544	-c----w-	c:\windows\system32\dllcache\ntkrpamp.exe
2013-06-23 02:31 . 2001-08-18 02:36	26112	-c--a-w-	c:\windows\system32\dllcache\EXCH_seos.dll
2013-06-23 02:30 . 2008-04-14 12:00	13463552	-c--a-w-	c:\windows\system32\dllcache\hwxjpn.dll
2013-06-23 02:29 . 2004-05-13 04:39	598071	-c--a-w-	c:\windows\system32\dllcache\fpmmc.dll
2013-06-23 02:27 . 2008-04-14 12:00	16384	-c--a-w-	c:\windows\system32\dllcache\isignup.exe
2013-06-23 02:27 . 2008-04-14 12:00	16384	----a-w-	c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2013-06-23 01:05 . 2008-04-14 12:00	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2013-06-23 01:05 . 2008-04-14 12:00	24661	----a-w-	c:\windows\system32\spxcoins.dll
2013-06-23 01:05 . 2008-04-14 12:00	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2013-06-23 01:05 . 2008-04-14 12:00	13312	----a-w-	c:\windows\system32\irclass.dll
2013-06-22 20:53 . 2013-06-22 20:53	--------	d-----w-	c:\windows\msapps
2013-06-22 01:32 . 2013-06-24 00:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\yoav
2013-06-21 23:43 . 2013-06-29 10:30	--------	d-----w-	c:\documents and settings\Robert\Local Settings\Application Data\58007ebc-c69e-4e98-a052-de496d8c4160ad
2013-06-19 23:28 . 2013-06-22 19:23	--------	d-----w-	c:\documents and settings\Guest\AppData
2013-06-17 01:28 . 2013-07-03 15:41	--------	d-----w-	c:\documents and settings\Robert\Application Data\DefaultTab
2013-06-17 01:26 . 2013-07-03 15:41	--------	d-----w-	c:\program files\OApps
2013-06-17 01:25 . 2013-06-17 01:25	--------	d-----w-	c:\program files\SearchProtect
2013-06-17 01:25 . 2013-06-17 01:25	--------	d-----w-	c:\documents and settings\Robert\Application Data\SearchProtect
2013-06-17 01:24 . 2013-06-17 01:24	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2013-06-17 01:24 . 2012-06-14 22:20	157608	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-06-17 01:24 . 2012-06-14 22:20	113120	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-06-17 01:24 . 2012-06-14 22:19	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2013-06-17 01:24 . 2012-06-14 22:19	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2013-06-16 21:53 . 2013-06-16 21:53	60872	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AB42340B-0E33-4CFF-B289-D4F7F7BF6998}\offreg.dll
2013-06-15 23:46 . 2013-05-13 06:19	7016152	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AB42340B-0E33-4CFF-B289-D4F7F7BF6998}\mpengine.dll
2013-06-14 00:24 . 2013-05-13 06:19	7016152	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 01:04 . 2011-06-04 11:14	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 21:15 . 2012-05-20 16:13	692104	----a-w-	c:\windows\system32\sflashplayerapp.exe
2013-05-08 06:10 . 2011-06-11 05:58	770384	----a-w-	c:\windows\system32\msvcr100.dll
2013-05-08 06:10 . 2011-06-11 05:58	421200	----a-w-	c:\windows\system32\msvcp100.dll
2013-05-07 22:30 . 2008-04-14 12:00	920064	----a-w-	c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2008-04-14 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2008-04-14 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2008-04-14 12:00	385024	------w-	c:\windows\system32\html.iec
2013-05-03 01:30 . 2008-04-14 12:00	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2008-04-14 00:01	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2011-04-03 01:00	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-10 01:31 . 2008-04-14 12:00	1876352	----a-w-	c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2009-04-22 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-14 22:20 . 2012-02-27 04:16	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"cdloader"="c:\documents and settings\Robert\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-07 68856]
"SearchProtect"="c:\documents and settings\Robert\Application Data\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-01-03 5381632]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2010-01-18 139944]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
"Gpu Boost Driver"="c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe" [2010-03-27 1137280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe" [2011-04-11 734544]
"Six Engine"="c:\program files\ASUS\EPU\EPU.exe" [2011-04-11 5402752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"TimeServer"="c:\documents and settings\Robert\Application Data\Download Manager\WINED.exe" [2013-06-21 136704]
"RTHDCPL"="RTHDCPL.EXE" [2011-06-24 20053608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAyADMANwA4ADkAMAAzADUALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Robert^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Robert\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Robert^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Robert\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2010-10-01 00:56	1290240	----a-w-	c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-12-03 12:39	50592	----a-w-	c:\documents and settings\Robert\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-12-01 22:38	38400	----a-r-	c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2011-06-21 21:18	225280	----a-w-	c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-02-25 03:20	1103216	----a-w-	c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-10-29 20:06	5915480	----a-w-	c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 17:18	205336	----a-w-	c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaturalPoint]
2011-03-17 22:40	7953960	----a-w-	c:\program files\NaturalPoint\TrackIR5\TrackIR5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-04-17 20:33	95536	----a-w-	c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 17:33	17418928	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-25 01:38	1597864	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-07 15:03	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 17:29	159456	----a-w-	c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [12/15/2009 5:40 PM 122880]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [4/9/2012 2:08 AM 109056]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\SearchProtect\bin\CltMngSvc.exe [5/8/2013 2:18 AM 97056]
R2 DatamngrCoordinator;Datamngr Coordinator;c:\program files\Settings Alerter\Datamngr\DatamngrCoordinator.exe [5/12/2013 9:53 AM 3019824]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [11/26/2008 11:36 AM 323584]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [3/27/2010 10:16 PM 193192]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [4/9/2012 2:04 AM 27424]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 5:26 AM 450848]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [4/9/2012 12:55 AM 101352]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [4/9/2012 12:55 AM 317416]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/20/2012 1:09 AM 101904]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2/12/2010 12:58 AM 37408]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [12/27/2011 12:30 PM 28344]
S1 MpKsl3ed064ab;MpKsl3ed064ab;\??\c:\windows\Temp\MpKsl3ed064ab.sys --> c:\windows\Temp\MpKsl3ed064ab.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/9/2012 12:36 AM 1691480]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 7:44 PM 183560]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [4/17/2011 10:24 PM 16968]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [4/9/2012 2:04 AM 34208]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [4/9/2012 2:04 AM 17664]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4/15/2009 5:01 PM 2136224]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 01:04]
.
2013-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-07-03 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-06-25 20:50]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:47]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:47]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-884357618-725345543-1004Core.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-14 03:07]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-884357618-725345543-1004UA.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-14 03:07]
.
2013-06-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\qn49utgt.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.fantastigames.com/465
FF - prefs.js: keyword.URL - hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=107&systemid=465&q=
FF - ExtSQL: !HIDDEN! 2012-06-19 11:08; 64ffxtbr@TelevisionFanatic.com; c:\program files\TelevisionFanatic\bar\1.bin
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 44a53a52000000000000c860005ad7b8
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15791
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.021:11
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
c:\documents and settings\Robert\Start Menu\Programs\Startup\ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe /6/13/2011 6:04 PM /game= /language=English /country=United States /url=http://register-it.ubi.com/register.asp
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-TelevisionFanatic Browser Plugin Loader - c:\progra~1\TELEVI~2\bar\1.bin\64brmon.exe
MSConfigStartUp-TelevisionFanatic Search Scope Monitor - c:\progra~1\TELEVI~2\bar\1.bin\64srchmn.exe
MSConfigStartUp-Yontoo Desktop - c:\documents and settings\Robert\Application Data\Yontoo\YontooDesktop.exe
AddRemove-DefaultTab - c:\documents and settings\Robert\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-03 11:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-884357618-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:da,f0,af,57,d6,e0,e8,12,bd,eb,bf,60,e9,3c,37,d9,71,e4,a9,35,3d,
   b1,07,b6,76,78,b1,46,37,da,a4,51,e7,36,39,9e,d9,6f,c6,0c,8a,78,84,62,c6,fe,\
"rkeysecu"=hex:bf,cf,1f,1f,01,a8,fc,97,b5,7b,f7,89,6e,e1,55,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2264)
c:\windows\system32\WININET.dll
c:\progra~1\ASUS\ASUSWE~1\3094~1.193\ASUSWS~1.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxeecoms.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WinMsgBalloonServer.exe
c:\windows\system32\WinMsgBalloonClient.exe
c:\program files\Settings Alerter\Datamngr\DatamngrUI.exe
c:\windows\RTHDCPL.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2013-07-03  11:55:32 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-03 15:55
.
Pre-Run: 26,510,159,872 bytes free
Post-Run: 28,527,521,792 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E80D753F025583696BE4DB17B24F7852
         
 --- --- ---
8F558EB6672622401DA993E1E865C861

und OTL Extras:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 7/3/2013 12:05:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 80.44% Memory free
5.09 Gb Paging File | 4.58 Gb Available in Paging File | 90.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 26.61 Gb Free Space | 17.85% Space Free | Partition Type: NTFS
Drive E: | 37.20 Gb Total Space | 15.86 Gb Free Space | 42.65% Space Free | Partition Type: NTFS
Drive K: | 7.45 Gb Total Space | 3.03 Gb Free Space | 40.68% Space Free | Partition Type: FAT32
 
Computer Name: BOB-90C805ABDF4 | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1454471165-884357618-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E016E9-4D64-4747-AD7F-7EA990E8897E}" = Eagles Lair 2.0
"{02E24DA0-3CE5-E505-C47C-EDA70E236725}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0746EA50-4969-1B7C-F36D-C0CF75977A93}" = ATI AVIVO Codecs
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190601AF-7BE4-046E-CEBF-14EE74434250}" = AMD Catalyst Install Manager
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1B339913-4259-A059-8F62-3C43E72A1BAC}" = Catalyst Control Center Localization All
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}" = Google Talk Plugin
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7524763B-0D8A-4DF4-984D-6D90A319463D}" = IL-2 Sturmovik 1946
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7A34F050-4ABE-8BDB-4ABE-F3B649173F34}" = ccc-core-static
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C4E8D-6F79-495E-8C9A-FAAC8A31BEAB}" = tazti 2.0.2
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A7D32074-FCF8-4A0A-BD4D-E594E7130573}" = Eagles Lair
"{A869FEA9-B223-4324-B130-008AC50B054B}" = HyperLobby client
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3DAD62-8464-43F7-8A00-1E5442D9EBA0}" = Eagles Lair Free
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B41069C7-7E24-473F-B400-BF48B82D9948}" = AMD OverDrive
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA7B13B2-D0A9-B4F8-CB34-C300C3AF843D}" = Skins
"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC67DD84-77C6-C9F8-FA03-953F1C1C92A9}" = Catalyst Control Center InstallProxy
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE58CC8D-CCF4-8D4F-BD04-9AC4A32FA1DB}" = CCC Help English
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DD54CF66-090B-43E7-97C1-110EF526474D}" = ArcSoft Multimedia Email
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FAAA508A-05C0-488B-BFC2-F9217E545A81}" = Logitech Gaming Software
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{FC888095-A35E-4993-A9E0-366BF6F0CCE0}" = ArcSoft PhotoImpression 5
"{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}" = HydraVision
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"7-Zip" = 7-zip v9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"AnalogX HyperTrace" = AnalogX HyperTrace
"AnalogX ITR Client" = AnalogX ITR Client
"ASUS WebStorage" = ASUS WebStorage
"BOXEE" = Boxee
"CCleaner" = CCleaner
"Centipede with Pong" = Centipede with Pong
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative WebCam Center" = Creative WebCam Center
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DivX Setup" = DivX Setup
"doPDF 6  printer_is1" = doPDF 6.2  printer
"Download Manager" = Download Manager 2.3.8
"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4
"Excel" = Microsoft Excel 97
"Family Tree Builder" = MyHeritage Family Tree Builder
"fileopenerpro" = File Opener Pro
"FinalTorrent_is1" = FinalTorrent 2011
"Fraps" = Fraps
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money2008b" = Microsoft Money Plus
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"PE Builder_is1" = PE Builder 3.1.10a
"PFPortChecker" = PFPortChecker 1.0.39
"SearchProtect" = Search Protect by conduit
"Settings Alerter" = Settings Alerter
"sl-adk" = SelectionLinks
"Steam App 44320" = DiRT 3
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1454471165-884357618-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Applet" = Applet
"magicJack" = magicJack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/29/2013 6:46:23 AM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 6/29/2013 6:48:30 AM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 6/29/2013 10:00:05 AM | Computer Name = BOB-90C805ABDF4 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 49ef8e09, P4 atidemgx,
 P5 2.0.3882.23348, P6 4c6b8b91, P7 355, P8 6b, P9 system.exception, P10 NIL.
 
Error - 6/29/2013 2:14:45 PM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 7/3/2013 8:50:05 AM | Computer Name = BOB-90C805ABDF4 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Security Client -- The installer has encountered
 an unexpected error installing this package. This may indicate a problem with this
 package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft
 Security Client\SymSrv.yes, 
 
Error - 7/3/2013 8:50:06 AM | Computer Name = BOB-90C805ABDF4 | Source = Microsoft Security Client | ID = 5000
Description = 
 
Error - 7/3/2013 8:50:15 AM | Computer Name = BOB-90C805ABDF4 | Source = Microsoft Security Client | ID = 5000
Description = 
 
[ Application Events ]
Error - 6/29/2013 6:46:23 AM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 6/29/2013 6:48:30 AM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 6/29/2013 10:00:05 AM | Computer Name = BOB-90C805ABDF4 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 49ef8e09, P4 atidemgx,
 P5 2.0.3882.23348, P6 4c6b8b91, P7 355, P8 6b, P9 system.exception, P10 NIL.
 
Error - 6/29/2013 2:14:45 PM | Computer Name = BOB-90C805ABDF4 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 7/3/2013 8:50:05 AM | Computer Name = BOB-90C805ABDF4 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Security Client -- The installer has encountered
 an unexpected error installing this package. This may indicate a problem with this
 package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft
 Security Client\SymSrv.yes, 
 
Error - 7/3/2013 8:50:06 AM | Computer Name = BOB-90C805ABDF4 | Source = Microsoft Security Client | ID = 5000
Description = 
 
Error - 7/3/2013 8:50:15 AM | Computer Name = BOB-90C805ABDF4 | Source = Microsoft Security Client | ID = 5000
Description = 
 
[ System Events ]
Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034
Description = The lxee_device service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031
Description = The Zune Bus Enumerator service terminated unexpectedly.  It has done
 this 2 time(s).  The following corrective action will be taken in 0 milliseconds:
 Restart the service.
 
Error - 6/30/2013 12:21:41 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034
Description = The Zune Bus Enumerator service terminated unexpectedly.  It has done
 this 3 time(s).
 
Error - 6/30/2013 12:21:50 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
  It has done this 2 time(s).  The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 6/30/2013 12:22:01 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
  It has done this 3 time(s).
 
Error - 7/3/2013 8:31:39 AM | Computer Name = BOB-90C805ABDF4 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.7 for the Network Card with network
 address C860005AD7B8 has been  denied by the DHCP server 192.168.2.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/3/2013 8:33:18 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
 following error:   %%1920
 
Error - 7/3/2013 8:33:18 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error: 
  %%1060
 
Error - 7/3/2013 11:08:02 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
 following error:   %%1920
 
[ System Events ]
Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034
Description = The lxee_device service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 6/30/2013 12:21:40 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031
Description = The Zune Bus Enumerator service terminated unexpectedly.  It has done
 this 2 time(s).  The following corrective action will be taken in 0 milliseconds:
 Restart the service.
 
Error - 6/30/2013 12:21:41 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034
Description = The Zune Bus Enumerator service terminated unexpectedly.  It has done
 this 3 time(s).
 
Error - 6/30/2013 12:21:50 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
  It has done this 2 time(s).  The following corrective action will be taken in 
10000 milliseconds: Restart the service.
 
Error - 6/30/2013 12:22:01 PM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7034
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
  It has done this 3 time(s).
 
Error - 7/3/2013 8:31:39 AM | Computer Name = BOB-90C805ABDF4 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.7 for the Network Card with network
 address C860005AD7B8 has been  denied by the DHCP server 192.168.2.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 7/3/2013 8:33:18 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
 following error:   %%1920
 
Error - 7/3/2013 8:33:18 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error: 
  %%1060
 
Error - 7/3/2013 11:08:02 AM | Computer Name = BOB-90C805ABDF4 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
 following error:   %%1920
 
 
< End of report >

--- --- ---

Leider hat er die OTL.txt nicht angehängt. Diese habe ich bereits angefordert...

Ich hoffe ihr könnt, trotz des umständlichen Umwegs, helfen.

GVU Trojaner ? Freund sucht ...

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner ? Freund sucht ...

GVU Trojaner ? Freund sucht ...

Ähnliche Themen: GVU Trojaner ? Freund sucht ...