Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: CouponDropDown entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.02.2013, 01:12   #1
universalism
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



Hallo zusammen !

Habe das "CouponDropDown entfernen" Problem und mich eben an diese Anleitung gehalten:


http://www.trojaner-board.de/51187-a...i-malware.html


wäre euch superdankbar wenn Ihr mir helfen könntet damit ---->

----------------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.12.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: WIN-2KODA36PANK [Administrator]

13.02.2013 00:36:24
mbam-log-2013-02-13 (00-36-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222553
Laufzeit: 8 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Daten: hxxp://u-search.net/?a=1&e=1 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Daten: hxxp://u-search.net/?a=1&e=1 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://u-search.net/?a=1&e=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://u-search.net/?a=1&e=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 13.02.2013, 10:45   #2
markusg
/// Malware-holic
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



hi

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 13.02.2013, 13:24   #3
universalism
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



Danke für die schnelle Antowrt . Hier der Text


----------------------------------------------------------------------------------------OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.02.2013 12:37:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,36% Memory free
7,99 Gb Paging File | 6,22 Gb Available in Paging File | 77,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,35 Gb Total Space | 95,42 Gb Free Space | 48,84% Space Free | Partition Type: NTFS
Drive D: | 245,41 Gb Total Space | 201,67 Gb Free Space | 82,18% Space Free | Partition Type: NTFS
 
Computer Name: WIN-2KODA36PANK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21DDF95C-0F4C-4636-93C6-9D97A938A382}" = lport=137 | protocol=17 | dir=in | app=system | 
"{34C6F54D-DD50-492D-9ABB-350B2EFC3B76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{392C13B3-1252-4579-93C9-93ACBA66B490}" = rport=139 | protocol=6 | dir=out | app=system | 
"{396C280D-D1BE-44E2-AD6D-F97EF6554669}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{69FE8E16-C5B6-423D-81A8-91041074B327}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{77EA69BF-82EC-435D-A40F-2E80932A3E73}" = rport=138 | protocol=17 | dir=out | app=system | 
"{94B82F72-9774-4518-8428-C02000D7F0A5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9E925CDA-80BD-4177-A0EE-E2F949FC9BBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FF3AD81-DA5F-4EDD-B807-4112ABE03FAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C32DEA2D-429E-4F4E-BD40-7B75F514ED50}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D391A336-A543-4182-998A-A49A7F5DBF8F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EC523C2E-7BEF-48B1-97C7-40D79E20D45E}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032A7CE4-CF3C-43F3-83B5-2A713158C295}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0A3B7457-456C-4B3F-B689-6E506A05592E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0C4BFF05-E6A2-4779-95E0-2273F65DE2ED}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1A8A0F04-5201-4D49-AD38-6AC4801472C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{1EDE5397-607F-4BC0-88CF-9B24F86D1001}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{424B7EFC-1DCE-4822-AF25-82FFC06F87C0}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{4714965C-9574-46AD-BBD3-F3932CE824C3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4D8B619B-DF45-4305-A0C5-EA053593076A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{524CF19B-637A-4345-BD1B-02EFBF3344E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{68D387BE-7044-4201-A769-28D6796AC4B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6AD59200-CD5B-4587-824E-10503F3D6C0E}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{6D9DAB9A-C306-44D9-8007-4CFA6A0A03CC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7FEA9D69-EDD3-459F-81D6-7996D1F572C5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{810DEE21-1E65-4C8D-909B-63B07FAAEC66}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{858132AF-A05F-444B-93BF-E8DB792BF4DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{890F027C-92C6-4EAA-9AAA-EF054A1C5ED3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8F884E4E-7413-49BF-BB41-5EB3D74713B8}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{901E363E-3BBD-434D-9828-046C9949E075}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9E0E0308-B7D3-4710-AF6D-CFA7F7A334B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A1EBFEC7-A612-4A37-8C8B-A8809BC8A007}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{BA43DDEC-A581-4DD3-BD8C-48D41ADF65CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1495D61-5DFF-427F-994F-CADBC48B73D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2AA43CA-FFA8-4141-9CFA-86EF2D130141}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{E5F12161-4E7B-431B-93F3-AC27DD2C4429}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EDB903FF-AD86-47D9-A560-6331098ADB12}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"TCP Query User{4E1699E7-FC7E-4FBF-9007-B0416D27C122}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{4D47410C-12ED-44E0-BA5F-93E399DC7A22}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{3AB49270-1A18-D672-48AA-74F211D18B67}" = AMD Fuel
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E72DB65B-E2B7-4025-9245-27FEFAB2679C}" = Lenovo Display Adapter
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CA575D0-4A39-13B7-C3F6-C12DCECB5BE4}" = CCC Help Finnish
"{2D12DFC6-4C5E-2734-5979-2D94798738F1}" = CCC Help Italian
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A51566-5216-B590-472F-D626C407E332}" = CCC Help Hungarian
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5F2CE-F3B8-95C8-E2D2-E668ECF12FB3}" = CCC Help Greek
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41B4578A-520D-375F-0702-51608CFDDA0F}" = CCC Help Norwegian
"{43233BDA-5837-0AA5-1624-4746516BCB01}" = CCC Help Dutch
"{44FAF589-DA07-039F-A7BF-09A846640A43}" = Catalyst Control Center Graphics Full Existing
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{4D409740-7A1C-52B4-D7E6-BB6C4F343140}" = CCC Help Spanish
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5EFDCD2E-1218-5101-747C-C9AA9443CB85}" = CCC Help Japanese
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E08F573-FCF7-C933-5BC5-7B14FD5564E3}" = CCC Help Korean
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7AC9FA44-609F-8D70-5CC3-9C6A1E59CA4D}" = Catalyst Control Center Graphics Light
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = AMD VISION Engine Control Center
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B30B1C24-863A-B8D3-DB04-7037EE242486}" = CCC Help French
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BC3F09E3-E113-1856-855D-E90B073190D1}" = CCC Help Danish
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0A0FA0B-9C4C-1653-0A8D-5F1D92F38D16}" = CCC Help English
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9A00809-0A5A-39DD-C70F-B2CBDD4EA35A}" = Catalyst Control Center Graphics Previews Vista
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21D5B3B-0BCB-1809-5701-E59EFB4358E8}" = Catalyst Control Center Core Implementation
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEC9A274-AD86-3A16-4F17-22490EF597B4}" = CCC Help German
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{EF6ADCD6-C463-24C9-EEE0-6E07F5CC5182}" = CCC Help Czech
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF783F26-3A11-FD83-4B2E-7A7C423323C7}" = Catalyst Control Center Graphics Full New
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Bestpoker Classic_is1" = Bestpoker Classic 1.0.0
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"FreeCommander_is1" = FreeCommander 2009.02b
"Goalwin Poker_is1" = Goalwin Poker 1.0.0
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"Groovedown" = Groovedown
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"Jewel Quest 3" = Jewel Quest 3
"LastFM_is1" = Last.fm Scrobbler 2.1.33
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Plants vs Zombies" = Plants vs Zombies
"Poker 770" = Poker 770
"PokerStars.eu" = PokerStars.eu
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.02.2013 19:54:50 | Computer Name = WIN-2KODA36PANK | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\freecommander\DelZip179.dll".Error
 in manifest or policy file "c:\program files (x86)\freecommander\DelZip179.dll"
 on line 8.  The value "*" of attribute "language" in element "assemblyIdentity" is
 invalid.
 
Error - 01.02.2013 19:55:29 | Computer Name = WIN-2KODA36PANK | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Last.fm\ext_messengernotify.dll".
Dependent
 Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 01.02.2013 19:55:29 | Computer Name = WIN-2KODA36PANK | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Last.fm\ext_skypenotify.dll".
Dependent
 Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 01.02.2013 19:59:15 | Computer Name = WIN-2KODA36PANK | Source = System Restore | ID = 8193
Description = 
 
Error - 01.02.2013 19:59:15 | Computer Name = WIN-2KODA36PANK | Source = System Restore | ID = 8211
Description = 
 
Error - 01.02.2013 21:38:25 | Computer Name = WIN-2KODA36PANK | Source = Application Error | ID = 1000
Error - 01.02.2013 22:22:50 | Computer Name = WIN-2KODA36PANK | Source = Bonjour
 Service | ID = 100
 
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.02.2013 22:22:50 | Computer Name = WIN-2KODA36PANK | Source = Bonjour
 Service | ID = 100
 
Description = Task Scheduling Error: m->NextScheduledEvent 267604
Error - 01.02.2013 22:22:50 | Computer Name = WIN-2KODA36PANK | Source = Bonjour
 Service | ID = 100
 
Description = Task Scheduling Error: m->NextScheduledSPRetry 267604
Error - 01.02.2013 22:25:33 | Computer Name = WIN-2KODA36PANK | Source = VmbService
 | ID = 0
 
Description = conflictManagerTypeValue
Error - 01.02.2013 22:46:48 | Computer Name = WIN-2KODA36PANK | Source = System 
Restore | ID = 8193
 
Description = 
Error - 01.02.2013 22:46:48 | Computer Name = WIN-2KODA36PANK | Source = System 
Restore | ID = 8193
 
Description = 
Error - 01.02.2013 22:47:34 | Computer Name = WIN-2KODA36PANK | Source = System 
Restore | ID = 8193
 
Description = 
Error - 01.02.2013 22:47:36 | Computer Name = WIN-2KODA36PANK | Source = System 
Restore | ID = 8193
 
Description = 
Error - 02.02.2013 07:26:31 | Computer Name = WIN-2KODA36PANK | Source = VmbService
 | ID = 0
 
Description = conflictManagerTypeValue
Error - 02.02.2013 07:29:24 | Computer Name = WIN-2KODA36PANK | Source = System 
Restore | ID = 8193
 
Description = 
Error - 02.02.2013 10:32:32 | Computer Name = WIN-2KODA36PANK | Source = Application
 Error | ID = 1000
 
Error - 02.02.2013 10:35:19 | Computer Name = WIN-2KODA36PANK | Source = Application Error | ID = 1000
Error - 02.02.2013 11:10:18 | Computer Name = WIN-2KODA36PANK | Source = Application
 Error | ID = 1000
 
[ System Events ]
Error - 03.02.2013 11:02:24 | Computer Name = WIN-2KODA36PANK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 03.02.2013 11:02:25 | Computer Name = WIN-2KODA36PANK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 03.02.2013 11:02:27 | Computer Name = WIN-2KODA36PANK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 03.02.2013 11:02:28 | Computer Name = WIN-2KODA36PANK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 03.02.2013 11:57:44 | Computer Name = WIN-2KODA36PANK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error - 03.02.2013 11:57:45 | Computer Name = WIN-2KODA36PANK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error - 03.02.2013 11:57:45 | Computer Name = WIN-2KODA36PANK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error - 03.02.2013 11:57:46 | Computer Name = WIN-2KODA36PANK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error - 07.02.2013 10:26:28 | Computer Name = WIN-2KODA36PANK | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Error Reporting Service service to connect.
 
Error - 08.02.2013 10:01:35 | Computer Name = WIN-2KODA36PANK | Source = NetBT | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the interface
 with IP address 192.168.178.21.  The computer with the IP address 192.168.178.1 did
 not allow the name to be claimed by  this computer.
 
 
< End of report >
         
--- --- ---
__________________

Alt 13.02.2013, 18:55   #4
markusg
/// Malware-holic
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



hmm, otl.txt fehlt leider
was ist d: für ein Laufwerk? externe festplatte?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.02.2013, 23:44   #5
universalism
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



externe festplatte.. kann aber sein das ich meine festplatte ausversehen dran hatte,das weiß ich gerade nicht mehr.
Soll ich den scan nochmal machen ?


Alt 14.02.2013, 11:16   #6
markusg
/// Malware-holic
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



nein.
Wie alt ist die platte denn, die könnte n Schaden haben.
otl.txt fehlt immernoch :-)
__________________
--> CouponDropDown entfernen

Alt 14.02.2013, 17:55   #7
universalism
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



noch nicht sehr alt .. Habe den Laptop vor ca. 2 1/2 Jahren gekauft.
Dann sollte ich wahrscheinlich mal ein Spezialisten genauer gucken lassen und ihn abgeben...

Alt 14.02.2013, 17:56   #8
markusg
/// Malware-holic
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



nicht die im Laptop, die externe, die könnte einen schaden haben.

wir können uns deinen Laptop angucken, wenn du mir endlich otl.txt postest, da ist nur extras.txt :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.02.2013, 18:56   #9
universalism
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.02.2013 18:04:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,85% Memory free
7,99 Gb Paging File | 5,92 Gb Available in Paging File | 74,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,35 Gb Total Space | 94,91 Gb Free Space | 48,58% Space Free | Partition Type: NTFS
Drive D: | 245,41 Gb Total Space | 201,67 Gb Free Space | 82,18% Space Free | Partition Type: NTFS
 
Computer Name: WIN-2KODA36PANK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.14 17:58:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013.02.06 09:12:47 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.29 03:06:47 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012.10.05 00:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.08.16 03:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011.07.14 15:45:14 | 000,279,552 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2010.06.09 17:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.05.06 00:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 10:21:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.02.14 10:21:03 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\31a8f96f8939ac18a867ee26cc37eda8\System.Design.ni.dll
MOD - [2013.02.14 10:20:57 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.02.14 10:20:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.06 09:12:17 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.01.09 13:01:40 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.01.09 13:01:35 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.09 12:42:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 12:41:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 12:41:42 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.09 12:41:41 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.09 12:41:30 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.09 12:41:07 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 12:41:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013.01.09 12:41:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.09 12:40:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 12:40:50 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll
MOD - [2013.01.09 12:40:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 12:40:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 12:40:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 12:40:37 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.29 03:06:47 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.08.28 05:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.28 05:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.07.14 15:43:08 | 000,381,952 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2011.02.19 05:23:27 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.02.23 23:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010.02.23 23:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010.02.23 23:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010.02.23 23:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010.02.23 23:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2012.09.28 23:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.09.13 05:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.09.13 05:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.10.26 10:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.04.10 21:07:33 | 009,663,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.09.17 09:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.02.06 09:12:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 15:19:46 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.29 03:22:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011.04.13 03:33:32 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.29 06:35:01 | 000,017,408 | ---- | M] (libusb-Win32) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2012.10.29 06:04:40 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2012.10.29 06:04:19 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.31 06:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 21:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.09 18:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.26 11:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.26 09:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.20 17:15:54 | 000,058,880 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cdc_ecm.sys -- (vodafone_zte_cdc_ecm)
DRV:64bit: - [2011.05.20 17:15:54 | 000,056,320 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_ecm_enum_filter.sys -- (vodafone_zte_ecm_enum_filter)
DRV:64bit: - [2011.05.20 17:15:54 | 000,056,320 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_ecm_enum.sys -- (vodafone_zte_ecm_enum)
DRV:64bit: - [2011.05.20 17:15:52 | 000,079,872 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cdc_acm.sys -- (vodafone_zte_cdc_acm)
DRV:64bit: - [2011.05.20 17:15:52 | 000,014,336 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cpo.sys -- (vodafone_zte_cpo)
DRV:64bit: - [2011.04.10 21:07:57 | 000,206,960 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2011.04.10 21:07:57 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.17 09:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 09:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 09:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 09:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.09.01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.09 09:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.01.04 13:14:14 | 000,011,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Preload64\Patch\AsPrOb64.sys -- (ASUSProcObsrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = {A6A56E5C-9685-466F-976A-905949AA1A48}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A6A56E5C-9685-466F-976A-905949AA1A48}: "URL" = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {A6A56E5C-9685-466F-976A-905949AA1A48}
IE - HKCU\..\SearchScopes\{A6A56E5C-9685-466F-976A-905949AA1A48}: "URL" = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "u-Search"
FF - prefs.js..browser.search.defaultenginename: "u-Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://u-search.net/?a=1&e=2&q="
FF - prefs.js..browser.search.order.1: "u-Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://u-search.net/?a=1&e=1"
FF - prefs.js..extensions.enabledAddons: ck%40everygain.com:1.4.9.2
FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "hxxp://u-search.net/?a=1&e=2&q="
 
FF - user.js..browser.search.defaultengine: "u-Search"
FF - user.js..browser.search.defaultenginename: "u-Search"
FF - user.js..browser.search.order.1: "u-Search"
FF - user.js..browser.startup.homepage: "hxxp://u-search.net/?a=1&e=1"
FF - user.js..browser.search.defaulturl: "hxxp://u-search.net/?a=1&e=2&q="
FF - user.js..keyword.URL: "hxxp://u-search.net/?a=1&e=2&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 03:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.31 01:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 09:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.29 05:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013.01.31 02:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wn9j2ppc.default\extensions
[2013.01.31 02:11:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wn9j2ppc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.01.12 00:49:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wn9j2ppc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.17 18:38:23 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wn9j2ppc.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.11.17 15:03:19 | 000,151,473 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wn9j2ppc.default\extensions\ck@everygain.com.xpi
[2013.01.19 22:41:18 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wn9j2ppc.default\extensions\client@anonymox.net.xpi
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wn9j2ppc.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.11.03 05:54:09 | 000,003,915 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wn9j2ppc.default\searchplugins\sweetim.xml
[2012.11.09 16:39:10 | 000,002,017 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wn9j2ppc.default\searchplugins\u-search.xml
[2013.02.06 09:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.06 09:12:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - homepage: 
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Google Mail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Google Mail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DisableS3S4] c:\Windows\Temp\DisableS3S464\sethigh.cmd ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{752F7472-DD40-46FA-AC9B-FFB20C040CFD}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A5BA99F-AD5B-4138-8374-D2F3CB9D5E58}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e9dc6816-5eba-11e2-bc42-485b3999859a}\Shell - "" = AutoRun
O33 - MountPoints2\{e9dc6816-5eba-11e2-bc42-485b3999859a}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e9dc68d9-5eba-11e2-bc42-485b3999859a}\Shell - "" = AutoRun
O33 - MountPoints2\{e9dc68d9-5eba-11e2-bc42-485b3999859a}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9793EDE2-499E-4A14-8220-523691D8F91B} - .NET Framework
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: PowerSkin - hkey= - key= - c:\Windows\Temp\PowerSkin\PowerSkin.exe (TODO: <Company name>)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.14 17:58:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.02.14 09:50:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 09:50:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 09:50:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 09:50:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 09:50:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 09:50:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 09:50:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 09:50:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 09:50:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 09:50:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 09:50:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 09:50:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 09:50:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 09:50:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 09:50:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 00:05:22 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 00:05:20 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 00:05:19 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 00:05:12 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 00:05:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 00:05:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 00:05:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 00:05:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 00:05:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 00:05:05 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 13:06:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Nuance
[2013.02.13 00:34:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013.02.13 00:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.13 00:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.13 00:29:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.13 00:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.13 00:29:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
[2013.02.06 09:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.05 14:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.05 14:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.02 16:39:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Uni Farina
[2013.02.02 15:29:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A46E10F3-DFBE-4767-A6AA-C16BF18A5B59}
[2013.02.02 15:28:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E11BB0A9-2B4E-4C8F-BD74-CA79B8884435}
[2013.02.02 03:49:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2013.02.02 03:48:37 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.02.02 03:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.02.02 02:33:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C74ED175-F1F4-4084-8B58-22AA4CAB3DB3}
[2013.01.31 01:49:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.31 01:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.31 01:49:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
[2013.01.31 01:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.31 01:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.30 19:22:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{930DEA53-C225-4E14-9DFC-DEDFF4C19F84}
[2013.01.25 21:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013.01.25 15:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.14 17:58:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.02.14 17:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.14 17:17:03 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 17:17:03 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 17:12:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.14 17:09:28 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.02.14 17:09:13 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.14 17:08:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.14 17:08:34 | 3219,509,248 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 10:16:19 | 000,298,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 09:54:18 | 008,726,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 09:54:18 | 000,705,842 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.02.14 09:54:18 | 000,704,866 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013.02.14 09:54:18 | 000,702,604 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013.02.14 09:54:18 | 000,700,520 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.02.14 09:54:18 | 000,690,754 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013.02.14 09:54:18 | 000,687,370 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013.02.14 09:54:18 | 000,663,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 09:54:18 | 000,627,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 09:54:18 | 000,563,182 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013.02.14 09:54:18 | 000,445,898 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013.02.14 09:54:18 | 000,396,732 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013.02.14 09:54:18 | 000,364,934 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013.02.14 09:54:18 | 000,140,814 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013.02.14 09:54:18 | 000,137,504 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013.02.14 09:54:18 | 000,136,692 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013.02.14 09:54:18 | 000,136,268 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013.02.14 09:54:18 | 000,133,892 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.02.14 09:54:18 | 000,133,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 09:54:18 | 000,130,896 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.02.14 09:54:18 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013.02.14 09:54:18 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.14 09:54:18 | 000,093,188 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013.02.14 09:54:18 | 000,082,736 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013.02.14 09:54:18 | 000,072,846 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013.02.13 00:29:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.13 00:04:44 | 000,002,253 | ---- | M] () -- C:\Users\Administrator\URPreferences.xml
[2013.02.05 14:25:14 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 03:49:20 | 000,001,237 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.31 01:49:44 | 000,001,400 | ---- | M] () -- C:\Users\Administrator\Desktop\Free YouTube to MP3 Converter.lnk
[2013.01.25 21:02:20 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2013.01.25 15:40:46 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.13 00:29:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.02 03:49:20 | 000,001,237 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.31 01:49:44 | 000,001,400 | ---- | C] () -- C:\Users\Administrator\Desktop\Free YouTube to MP3 Converter.lnk
[2013.01.25 15:40:46 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2013.01.17 22:40:30 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2012.11.16 17:08:45 | 000,089,816 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.10.29 23:56:28 | 000,002,253 | ---- | C] () -- C:\Users\Administrator\URPreferences.xml
[2012.10.29 06:35:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.10.29 06:35:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012.10.29 06:35:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.10.29 06:17:20 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012.10.28 23:17:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.26 09:38:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.10.26 09:38:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 06:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.12 14:02:16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.29 06:21:06 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetWallpaper.exe
[2009.07.29 06:21:06 | 000,000,223 | ---- | C] () -- C:\ProgramData\setwallpaper.cmd
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.29 03:15:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.04.13 02:19:19 | 000,000,000 | ---D | M] -- C:\Adobe
[2012.10.29 04:31:39 | 000,000,000 | ---D | M] -- C:\AMD
[2011.04.13 03:49:40 | 000,000,000 | ---D | M] -- C:\AsusVibeData
[2012.12.10 23:27:30 | 000,000,000 | ---D | M] -- C:\BestPokerClassic
[2009.07.29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.10.28 23:12:31 | 000,000,000 | ---D | M] -- C:\CIMTEMP
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.10.29 00:05:38 | 000,000,000 | ---D | M] -- C:\eSupport
[2013.01.31 20:32:10 | 000,000,000 | ---D | M] -- C:\Goalwin
[2011.04.13 02:20:23 | 000,000,000 | ---D | M] -- C:\NIS
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.10 14:57:25 | 000,000,000 | ---D | M] -- C:\Poker
[2012.10.29 00:05:39 | 000,000,000 | ---D | M] -- C:\Preload64
[2013.01.06 00:29:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.13 00:29:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.13 00:29:20 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.07.29 06:22:15 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.29 00:13:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.07.29 06:10:27 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.29 00:04:13 | 000,000,000 | ---D | M] -- C:\WIMAPPLY
[2013.01.03 15:39:55 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 14:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.02.14 18:37:22 | 002,097,152 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2013.02.14 18:37:22 | 000,262,144 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG1
[2009.07.29 06:10:28 | 000,000,000 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG2
[2009.07.29 06:23:23 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.07.29 06:23:23 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.07.29 06:23:23 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.07.29 06:10:29 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
[2013.02.13 00:04:44 | 000,002,253 | ---- | M] () -- C:\Users\Administrator\URPreferences.xml
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
[2012.11.09 16:39:09 | 000,426,496 | ---- | M] () -- C:\Users\Administrator\Local Settings\Temp\chroma.exe
[2012.11.18 22:35:26 | 000,662,808 | ---- | M] (Last.fm                                                     ) -- C:\Users\Administrator\Local Settings\Temp\iTunesPluginWinSetup_3.0.4.0.exe
[2012.11.03 05:51:45 | 001,113,728 | ---- | M] () -- C:\Users\Administrator\Local Settings\Temp\JDownloaderSetup.exe
[2013.01.17 22:40:05 | 019,022,064 | ---- | M] (Last.fm                                                     ) -- C:\Users\Administrator\Local Settings\Temp\Last.fm-2.1.30.exe
[2012.10.23 03:58:32 | 007,739,736 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Administrator\Local Settings\Temp\Shortcut_bundlesweetimsetup.exe
[2012.11.03 05:53:47 | 002,962,432 | ---- | M] (SweetIM Technologies Lt) -- C:\Users\Administrator\Local Settings\Temp\SIMEEI2Installer.exe
[2012.11.03 05:53:47 | 003,380,216 | ---- | M] (SweetIM Technologies Lt) -- C:\Users\Administrator\Local Settings\Temp\SIMEEIInstaller.exe
[2013.02.04 18:36:34 | 030,755,584 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Administrator\Local Settings\Temp\SkypeSetup.exe
[110 C:\Users\Administrator\Local Settings\Temp\*.tmp files -> C:\Users\Administrator\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
[2012.11.14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Users\Administrator\Local Settings\Temp\ieframe.dll
[2012.11.07 15:32:56 | 000,013,312 | ---- | M] () -- C:\Users\Administrator\Local Settings\Temp\k9mmcm47.dll
[2012.11.03 05:53:48 | 000,393,016 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Administrator\Local Settings\Temp\mgsqlite3.dll
[2013.01.29 16:30:53 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\Local Settings\Temp\or5tduej.dll
[2012.11.09 16:39:09 | 000,522,752 | ---- | M] () -- C:\Users\Administrator\Local Settings\Temp\sqlite3.dll
[110 C:\Users\Administrator\Local Settings\Temp\*.tmp files -> C:\Users\Administrator\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---


Oh sorry . Die Festplatte ist auch noch nicht sonderlich alt.. 3 Jahre vielleicht.

Danke für die Hilfe

Oh sorry . Die Festplatte ist auch noch nicht sonderlich alt.. 3 Jahre vielleicht.

Danke für die Hilfe

Alt 14.02.2013, 19:15   #10
markusg
/// Malware-holic
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



Hallo
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.02.2013, 15:49   #11
universalism
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1137070083 bytes
->Temporary Internet Files folder emptied: 289574984 bytes
->Java cache emptied: 20402729 bytes
->FireFox cache emptied: 137536465 bytes
->Google Chrome cache emptied: 6458244 bytes
->Flash cache emptied: 46607 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 366782369 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 2371393949 bytes

Total Files Cleaned = 4.129,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02152013_154316

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 15.02.2013, 15:53   #12
markusg
/// Malware-holic
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



hi,
[OTLFIX]
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.02.2013, 17:28   #13
universalism
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1137070083 bytes
->Temporary Internet Files folder emptied: 289574984 bytes
->Java cache emptied: 20402729 bytes
->FireFox cache emptied: 137536465 bytes
->Google Chrome cache emptied: 6458244 bytes
->Flash cache emptied: 46607 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 366782369 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 2371393949 bytes

Total Files Cleaned = 4.129,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02152013_154316

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 15.02.2013, 17:28   #14
markusg
/// Malware-holic
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.02.2013, 17:29   #15
universalism
 
CouponDropDown entfernen - Standard

CouponDropDown entfernen



Dachte mein Eintrag wäre nicht reingestellt worden deswegen habe ich es gerade ausversehen nochmal rein..

Antwort

Themen zu CouponDropDown entfernen
anleitung, autostart, bösartige, dateien, entferne, entfernen, erfolgreich, ersetzt, explorer, gefunde, gelöscht, gen, hallo zusammen, leitung, microsoft, minute, problem, quarantäne, registrierung, service, software, speicher, version, verzeichnisse, zusammen



Ähnliche Themen: CouponDropDown entfernen


  1. Ad by CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (8)
  2. coupondropdown
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (5)
  3. Win 7: CouponDropDown entfernen
    Log-Analyse und Auswertung - 24.08.2013 (10)
  4. CouponDropDown Virus
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (83)
  5. CouponDropDown entfernen?
    Log-Analyse und Auswertung - 18.07.2013 (12)
  6. CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (21)
  7. Virus Coupondropdown auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 15.07.2013 (33)
  8. CouponDropDown
    Log-Analyse und Auswertung - 14.07.2013 (21)
  9. CouponDropDown - Virus?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (13)
  10. CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (15)
  11. CouponDropDown entfernen
    Log-Analyse und Auswertung - 26.04.2013 (9)
  12. CouponDropDown
    Log-Analyse und Auswertung - 16.04.2013 (24)
  13. coupondropdown lässt sich immer noch nicht unter Firefox entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (20)
  14. 2x | coupondropdown lässt sich immer noch nicht unter Firefox entfernen
    Mülltonne - 08.04.2013 (0)
  15. Coupondropdown
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (58)
  16. Malware: "Click to Continue > by CouponDropDown" entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (7)

Zum Thema CouponDropDown entfernen - Hallo zusammen ! Habe das "CouponDropDown entfernen" Problem und mich eben an diese Anleitung gehalten: http://www.trojaner-board.de/51187-a...i-malware.html wäre euch superdankbar wenn Ihr mir helfen könntet damit ----> ---------------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.70.0.1100 - CouponDropDown entfernen...
Archiv
Du betrachtest: CouponDropDown entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.