Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.07.2012, 23:07   #1
nosfer
 
Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Standard

Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?



Hej!

Heute hat der Bundespolizei-Trojaner ("Ihr Computer wurde gesperrt", zahle 100 EUR) auch mich erwischt. Nach einigem Suchen bin ich auf dem Trojaner Board gelandet und hoffe, hier nun fachkundigen Rat zu bekommen.

Windows funktioniert im abgesicherten Modus mit Netzwerkunterstuetzung, aber nicht im normalen Modus - egal, welchen Account ich nutze.

Hier ist der Malwarebyte's Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.11.06

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Nosferatu :: NOSFERATU-PC [administrator]

Protection: Disabled

07/11/2012 16:49:10
mbam-log-2012-07-11 (16-49-10).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 407274
Time elapsed: 1 hour(s), 27 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Nosferatu\AppData\Local\dgnbbkkq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Nosferatu\AppData\Local\Temp\liquid9638568.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Nosferatu\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
C:\Users\Nosferatu\0.18070148964744925.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Nosferatu\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)
         
Hier sind die OTL-Logs:

OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07/11/2012 22:36:33 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Nosferatu\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
 
1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.80% Memory free
2.99 Gb Paging File | 2.21 Gb Available in Paging File | 73.79% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.89 Gb Total Space | 86.18 Gb Free Space | 30.68% Space Free | Partition Type: NTFS
Drive D: | 645.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: NOSFERATU-PC | User Name: Nosferatu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/11 22:27:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nosferatu\Desktop\OTL.exe
PRC - [2012/06/18 12:30:21 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/06/18 12:30:21 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes\mbam.exe
PRC - [2011/07/14 03:34:17 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/07/10 09:57:08 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/30 00:23:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/09 18:37:42 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes\mbamservice.exe -- (MBAMService)
SRV - [2012/03/08 19:59:02 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/12/19 20:08:40 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/09/05 11:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/07/01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/05/26 08:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/10 23:01:36 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/04/22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/04/02 23:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/03/07 10:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/08 16:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/06/14 19:42:36 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office 07\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [1999/12/01 13:38:28 | 000,467,968 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/07/11 22:08:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/07/26 11:13:42 | 000,062,240 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2011/07/26 11:13:42 | 000,021,600 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2011/07/26 11:13:42 | 000,016,936 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2011/03/07 05:46:26 | 000,252,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2011/01/04 05:28:54 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/10/08 16:14:55 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2010/07/04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/03/02 23:34:30 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2010/03/02 23:33:54 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/08/02 10:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2004/05/14 06:42:00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/30 00:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/21 22:32:06 | 000,000,000 | ---D | M]
 
[2011/12/13 15:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nosferatu\AppData\Roaming\Mozilla\Extensions
[2012/05/08 01:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nosferatu\AppData\Roaming\Mozilla\Firefox\Profiles\bv776mfq.default\extensions
[2012/01/14 18:34:20 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Nosferatu\AppData\Roaming\Mozilla\Firefox\Profiles\bv776mfq.default\extensions\DeviceDetection@logitech.com
[2012/02/14 20:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/30 00:23:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/05 00:18:14 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/02/14 20:08:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 20:08:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 07\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office 07\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Program Files\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Program Files\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [qkwgqgdovvkdaje] C:\ProgramData\qkwgqgdo.exe ()
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup File not found
O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [qkwgqgdovvkdaje] C:\ProgramData\qkwgqgdo.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nosferatu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LastFM.lnk = C:\Program Files\Last.fm\LastFM.exe (Last.fm)
O4 - Startup: C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZuseMe.lnk = C:\Program Files\ZuseMe ZuneScrobbler\ZuseMe\ZuseMe.exe (Arnold Vink)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 07\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office 07\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.30.255.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A8F4154-EF73-45CD-A536-588AE591EA66}: DhcpNameServer = 172.30.255.250
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 07\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office 07\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/10/04 18:14:44 | 000,011,925 | R--- | M] () - D:\automenu.apm -- [ CDFS ]
O32 - AutoRun File - [1996/11/07 19:19:30 | 000,450,560 | R--- | M] () - D:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [1999/10/07 20:13:36 | 000,011,928 | R--- | M] () - D:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/04/15 16:44:06 | 000,000,029 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [1996/11/07 19:19:30 | 000,450,560 | R--- | M] () - E:\automenu.exe -- [ CDFS ]
O32 - AutoRun File - [1999/10/07 20:11:58 | 000,011,902 | R--- | M] () - E:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/04/15 16:40:06 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\Shell - "" = AutoRun
O33 - MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\Shell\AutoRun\command - "" = E:\autorun.exe -- [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation)
O33 - MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\Shell - "" = AutoRun
O33 - MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\Shell\AutoRun\command - "" = D:\autorun.exe -- [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/11 22:27:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Nosferatu\Desktop\OTL.exe
[2012/07/11 22:08:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/07/11 19:56:54 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/07/11 19:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012/07/11 19:47:42 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\ElevatedDiagnostics
[2012/07/11 16:47:36 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Roaming\Malwarebytes
[2012/07/11 16:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2012/07/11 16:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/11 16:47:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/11 16:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2012/07/11 16:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\bnssakmxqqhkgka
[2012/07/10 23:26:32 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\Sophos
[2012/07/06 20:27:50 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\Windows Live
[2012/07/06 20:27:29 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\{C1645665-301D-4CB9-A9AD-FE72723C6F23}
[2012/07/06 20:27:23 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Roaming\Windows Live Writer
[2012/07/06 20:27:23 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\Windows Live Writer
[2012/06/27 13:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gnuplot
[2012/06/27 13:28:28 | 000,000,000 | ---D | C] -- C:\gnuplot
[2012/06/26 09:38:17 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\Desktop\borda
[2012/06/26 09:35:25 | 000,000,000 | -H-D | C] -- C:\8c9fed112fd56d2844c26c709c
[2012/06/21 01:46:53 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\Desktop\new pics
[2012/06/20 20:13:33 | 000,000,000 | -H-D | C] -- C:\4293886b4fa57bb37fc1f3
[2012/06/18 22:58:34 | 000,000,000 | -H-D | C] -- C:\1675e327f73e0484452fcd1acc1b00
[2012/06/15 12:58:11 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Roaming\Winamp
[2012/06/13 19:17:58 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\AppData\Local\Macromedia
[2012/06/12 20:36:50 | 000,000,000 | ---D | C] -- C:\Users\Nosferatu\Desktop\hurricane
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/11 22:27:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nosferatu\Desktop\OTL.exe
[2012/07/11 22:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/11 22:03:31 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/11 22:00:44 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/11 22:00:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/11 21:16:23 | 713,338,880 | ---- | M] () -- C:\Users\Nosferatu\Desktop\xubuntu-12.04-desktop-i386.iso
[2012/07/11 20:47:22 | 000,619,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/11 20:47:22 | 000,108,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/11 16:36:04 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 16:36:04 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 16:18:41 | 000,000,051 | ---- | M] () -- C:\ProgramData\hdszbkfocetpsus
[2012/07/11 16:18:32 | 000,065,536 | ---- | M] () -- C:\ProgramData\qkwgqgdo.exe
[2012/07/11 13:08:31 | 000,000,926 | ---- | M] () -- C:\Users\Nosferatu\Desktop\Master Thesis.lnk
[2012/07/11 09:41:13 | 000,686,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/10 09:57:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/10 09:57:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/07 08:16:27 | 000,000,600 | ---- | M] () -- C:\Users\Nosferatu\PUTTY.RND
[2012/06/28 17:31:56 | 000,907,596 | ---- | M] () -- C:\Users\Nosferatu\Desktop\DSC03044.jpg
[2012/06/28 17:31:49 | 004,413,677 | ---- | M] () -- C:\Users\Nosferatu\Desktop\DSC03044.png
[2012/06/27 14:38:03 | 000,000,166 | ---- | M] () -- C:\Users\Nosferatu\AppData\Roaming\gnuplot_history
[2012/06/26 09:33:11 | 000,170,190 | ---- | M] () -- C:\Users\Nosferatu\Desktop\Linienuebersichtplan.pdf
[2012/06/18 10:25:55 | 000,544,897 | ---- | M] () -- C:\Users\Nosferatu\Desktop\Arrigo et al. 2012.pdf
[2012/06/18 10:25:37 | 000,213,936 | ---- | M] () -- C:\Users\Nosferatu\Desktop\Stief et al 2002.pdf
[2012/06/15 12:59:12 | 000,000,974 | ---- | M] () -- C:\Users\Nosferatu\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/06/13 16:57:40 | 000,428,865 | ---- | M] () -- C:\Users\Nosferatu\Desktop\lion.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/11 20:46:49 | 713,338,880 | ---- | C] () -- C:\Users\Nosferatu\Desktop\xubuntu-12.04-desktop-i386.iso
[2012/07/11 16:18:39 | 000,065,536 | ---- | C] () -- C:\ProgramData\qkwgqgdo.exe
[2012/07/11 16:18:35 | 000,000,051 | ---- | C] () -- C:\ProgramData\hdszbkfocetpsus
[2012/06/28 17:31:39 | 004,413,677 | ---- | C] () -- C:\Users\Nosferatu\Desktop\DSC03044.png
[2012/06/28 17:31:09 | 000,907,596 | ---- | C] () -- C:\Users\Nosferatu\Desktop\DSC03044.jpg
[2012/06/27 14:38:03 | 000,000,166 | ---- | C] () -- C:\Users\Nosferatu\AppData\Roaming\gnuplot_history
[2012/06/26 09:33:11 | 000,170,190 | ---- | C] () -- C:\Users\Nosferatu\Desktop\Linienuebersichtplan.pdf
[2012/06/18 10:25:53 | 000,544,897 | ---- | C] () -- C:\Users\Nosferatu\Desktop\Arrigo et al. 2012.pdf
[2012/06/18 10:25:37 | 000,213,936 | ---- | C] () -- C:\Users\Nosferatu\Desktop\Stief et al 2002.pdf
[2012/06/15 12:59:12 | 000,000,974 | ---- | C] () -- C:\Users\Nosferatu\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/06/13 16:57:40 | 000,428,865 | ---- | C] () -- C:\Users\Nosferatu\Desktop\lion.jpg
[2012/04/10 15:59:31 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012/04/10 15:59:31 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2012/04/02 15:06:07 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2012/03/26 00:15:57 | 000,000,660 | ---- | C] () -- C:\Windows\System32\http--www.google.com-imgresum=1&hl=en&client=opera&sa=N&rls=en&channel=suggest&biw=991&bih=510&tbm=isch&tbnid=7UJUfM9sJF9TDM&imgrefurl=http--mescritiques.be-spip.php%3Farticle1221&docid=SDJOB-.jpg.lnk
[2012/03/25 23:47:50 | 000,000,040 | ---- | C] () -- C:\Users\Nosferatu\AppData\Roaming\cdr.ini
[2012/03/04 15:03:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012/03/04 15:01:34 | 000,000,009 | ---- | C] () -- C:\Windows\sierra.ini
[2012/01/30 23:28:40 | 000,044,680 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/01/19 22:20:07 | 000,000,000 | ---- | C] () -- C:\Users\Nosferatu\AppData\Local\{30D90EDC-D15A-4460-B056-C6895CC333E3}
[2012/01/14 22:37:01 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2012/01/10 18:38:46 | 000,001,156 | ---- | C] () -- C:\Users\Nosferatu\Study - Shortcut.lnk
[2012/01/09 13:59:21 | 000,007,602 | ---- | C] () -- C:\Users\Nosferatu\AppData\Local\Resmon.ResmonCfg
[2011/12/30 22:38:50 | 000,001,166 | ---- | C] () -- C:\Users\Nosferatu\AppData\Roaming\PdfView.ini
[2011/12/24 15:45:03 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011/12/19 12:24:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/12/19 12:24:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011/12/18 14:58:22 | 000,006,656 | ---- | C] () -- C:\Users\Nosferatu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/16 01:10:35 | 000,000,600 | ---- | C] () -- C:\Users\Nosferatu\PUTTY.RND
[2011/07/26 10:15:57 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011/07/26 10:15:57 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2011/07/26 10:15:57 | 000,029,494 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2011/07/26 10:15:57 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/07/26 10:15:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2011/07/26 10:15:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011/07/26 10:15:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011/07/26 10:15:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/07/26 10:15:57 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2011/07/26 10:15:57 | 000,000,040 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/07/26 10:12:54 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

< End of report >
         
--- --- ---

[/code]

Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07/11/2012 22:36:33 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Nosferatu\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
 
1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.80% Memory free
2.99 Gb Paging File | 2.21 Gb Available in Paging File | 73.79% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.89 Gb Total Space | 86.18 Gb Free Space | 30.68% Space Free | Partition Type: NTFS
Drive D: | 645.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: NOSFERATU-PC | User Name: Nosferatu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C9EBC5A-0BD3-446F-A260-4B928BFAA926}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{269A9E0C-F3FD-4C91-8E2A-A7AEACA2DDB9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{272C9E1E-DA43-4E21-ACC9-4C03FB991903}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{892D499B-457C-4359-AA81-B6F476E08795}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF983A2E-4CF6-4281-9ACF-B98C2ECF7BB3}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe | 
"{F32753B3-6C6B-446C-883A-567ED4534334}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{FF3D4753-CEAF-4C3F-88CF-53C7F7A251B2}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A7358D-174E-4794-B742-C7A40558212F}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{0A3A2F4C-6D53-4178-9995-3C5530A36650}" = protocol=17 | dir=in | app=c:\program files\microsoft office 07\office12\groove.exe | 
"{167D30FA-43A4-4B4C-8EA2-CF8BD5B04D68}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 
"{18FEC579-3B35-4810-8F24-5A0FCDA13285}" = protocol=6 | dir=out | app=system | 
"{23A2454B-DCB5-4C07-8AAF-39C3AD7F2591}" = protocol=17 | dir=in | app=c:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe | 
"{37208718-B0F4-445D-B26F-082AD186E1DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office 07\office12\groove.exe | 
"{46FDD054-A124-4A4A-9FE5-14C5A302D5E8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{4E6B70EA-3828-43C2-8BFC-70B8CE79E03D}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{51F5CCC6-4B1D-448A-AE89-DD43D4F4F046}" = protocol=6 | dir=in | app=c:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe | 
"{66AD603B-F1EE-4A9D-A0C6-FFE3E8203885}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{692DD4D1-6969-477D-8B96-67DF3891A514}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{6C2A4E2C-B54F-4562-84EE-D5B80091C935}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{6F1B0B40-28B4-479F-9859-CFDB4980E911}" = protocol=17 | dir=in | app=c:\program files\ease todo backup\bin\agent.exe | 
"{77C5B203-A691-4E67-94F4-32F7806AFA30}" = protocol=6 | dir=in | app=c:\program files\ease todo backup\bin\agent.exe | 
"{794DC11F-DB2A-4726-8E6D-60DC0AEB1EE3}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{7E029CAD-CF96-4CFC-ABF8-E3E644FAA0C1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8D2B6000-10D1-477F-8F69-027F4AF85F4C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{9AC5061F-8A8F-49DF-B40B-02A3266A13E0}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{A05CF5DD-7796-4E77-886A-B7E6BF816F04}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B039994B-B2D8-407E-A078-99A2B0C9935C}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{B70F37CB-79EB-481A-995B-046DE99B3FD1}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{DD809069-5613-4886-917C-73C9AC216CEE}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{E7AB8E98-66A8-4A8E-8422-074399ED0BF0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F0794409-54B1-42B1-B79A-56637EB2ECE6}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{F33176B2-09E6-4498-89A8-9F1DA9073FA9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{F671BFB3-E235-495C-9003-B2C19712AEA2}" = protocol=6 | dir=out | app=system | 
"{F6C57710-D06E-461E-88D9-C1C99E15E96F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{FC15D026-7D5C-4100-8D3D-963CF6C3DF5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{3E49CD46-EAC9-46AB-B530-3EFFD8EE24C6}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{4429D8A1-AE79-4EDE-A68B-992E0AF91CDB}C:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{46E6FB21-9FD1-41BF-8537-FF4385679476}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{64748D20-5648-4651-B912-C24FCCD99220}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{83927FA9-1D82-45F3-9E2F-7D7AB4501456}C:\program files\spss20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\spss20\jre\bin\javaw.exe | 
"TCP Query User{D4EBCD00-9459-487F-88C9-4B35210211A0}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{0D4A1E4E-3B78-4FA5-BA76-57CECD65AE91}C:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nosferatu\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{177122FF-82E3-4525-91B7-B8E81A04B400}C:\program files\spss20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\spss20\jre\bin\javaw.exe | 
"UDP Query User{51C9D726-C63A-46F5-9466-65B381BCE155}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{792602ED-6718-4549-A7FC-B80455F5F35D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{8AA5F03E-DDE2-4656-8B82-AAB931AB0581}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{A87EBC2F-1366-4126-A137-8DB8AE517DA0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01D2EB2D-0560-3473-8300-7FF46FD7EC85}" = Strawberry Perl
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{05E47624-97C4-4B22-83C8-D4E30EC3EF02}" = Windows Live Remote Client Resources
"{065241D0-A178-4F24-8A09-691761A8957B}" = Windows Live Remote Service Resources
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E6B3568-2337-4429-9E14-0D9D8157D45A}" = Network Recording Player
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{143DB9C9-3F0D-4DC7-A57B-A7E4F26FA12E}" = Windows Live Remote Client Resources
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{244C5A67-39DC-4C6C-BF1B-BCC9D342A4C4}" = Windows Live Remote Client Resources
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2852BC06-B850-4518-97E6-CD136FE75683}" = Windows Live Remote Client Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2B3EA5DA-D040-48FB-813F-1CF8C0123698}" = Windows Live Remote Client Resources
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2BAE6A53-E241-11D5-873A-0050DABC2539}" = Tropico: Paradise Island
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30E82CD5-6E97-4381-86EB-548202A6D5B7}" = Windows Live Remote Client Resources
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources
"{3BFB2388-64EE-4AAA-9235-5FE725FED6DE}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{41E4FA4B-9376-4C32-AA46-65FCC0087CD5}" = Windows Live Remote Service Resources
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{448702D4-83DD-4EFC-B09B-94AD6CA0D978}" = Windows Live Remote Service Resources
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{5008BC55-FD3D-4A32-A1B7-610E18F4D220}" = Windows Live Remote Service Resources
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61A5DE19-BE38-45AF-A9BC-73E49703315E}" = Windows Live Remote Service Resources
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6255D9FC-427F-4867-84DB-164DBEA0661F}" = Windows Live Remote Client Resources
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{7612E28A-C4DB-4259-AA91-CB02B1BCF623}" = Windows Live Remote Service Resources
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{7846B719-862C-468A-9FD0-4769D2590535}" = Windows Live Remote Client Resources
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7962DFC7-BBD8-4FA1-B510-46A993C2BF94}" = Windows Live Remote Client Resources
"{7A143876-9658-4A58-82E7-B5F02D942957}" = Windows Live Remote Client Resources
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{84D3CB13-C7EE-4A29-817E-D82697320BF5}" = Windows Live Remote Client Resources
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93C6647F-AFE0-4CC2-8809-28A0B320D11B}" = Windows Live Remote Service Resources
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97124033-1253-4474-8B25-1AB314A920E6}" = Windows Live Remote Service Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4C16B19-10AA-4990-AA87-D14F653E3345}" = Windows Live Remote Client Resources
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1" = gnuplot 4.6.0
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC259A12-6CD9-486D-A97A-B619EB46225A}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B512307E-543D-457E-B759-75E0D5B0BCDF}" = Windows Live Remote Client Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6F55C3E-30EE-4D25-8BAD-CEE4BF8C78EB}" = Windows Live Remote Client Resources
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BA8D4CEF-D23D-44AB-8A89-66E602253791}" = Windows Live Remote Service Resources
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1015024-0BF1-4B51-8A06-C28953687DA7}" = Windows Live Remote Service Resources
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2ED3B35-5980-4496-B32B-1DE76D61DF63}" = STAN 2.0.1703
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C411942C-C26B-4450-8B9A-173DCC22AEC6}" = Windows Live Remote Service Resources
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB240A71-3AFC-4429-B4D4-F965B8C4267E}" = Windows Live Remote Service Resources
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD6CB7F1-1B8E-424A-9B81-F8D2F03958EC}" = Windows Live Remote Client Resources
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}" = Windows Live Remote Service Resources
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDF8BAB-98D7-4CFA-9C42-27431EC4BD1F}" = Windows Live Remote Service Resources
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1629C45-9CEF-498E-83CD-D6A09CADA176}" = Windows Live Remote Client Resources
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7FB0043-24A5-4B30-AED6-01B47B44CB67}" = Windows Live Remote Client Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F02598C2-2A5F-4593-8F09-439F3317B2C8}" = Sentinel System Driver 5.42.1 (32-bit)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F81DB83D-A016-45A6-A6A0-135B1E6939EF}" = Windows Live Remote Service Resources
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB61162-F860-4490-97FE-8E33EF6072D2}" = Kurso de Esperanto 3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ArcGIS License Manager" = ArcGIS License Manager
"Boxoft Flac to MP3 (freeware)_is1" = Boxoft Flac to MP3 (freeware)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"IrfanView" = IrfanView (remove only)
"LameACM" = Lame ACM MP3 Codec
"LastFM_is1" = Last.fm 1.5.4.27091
"Launchy_21344213_is1" = Launchy 2.5
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.00.1467" = Opera 12.00
"Picasa 3" = Picasa 3
"Python 2.4.1" = Python 2.4.1
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SopCast" = SopCast 3.4.8
"sp6" = Logitech SetPoint 6.32
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"UltraStar Deluxe" = UltraStar Deluxe
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WildTangent acer Master Uninstall" = Acer Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.0.7
"WTA-076dc1c4-bff5-4258-95c9-6b189b804c78" = Virtual Villagers 4 - The Tree of Life
"WTA-1703119c-2b1e-4d84-9088-bd1a57e952d0" = Jewel Match 3
"WTA-1d91f406-91dd-483a-b76a-1e2021079b80" = Insaniquarium Deluxe
"WTA-289728b4-fea1-4041-b260-83f95ddb7af9" = Agatha Christie - Death on the Nile
"WTA-42e2e7d2-38d1-47ea-b8f9-fabfa9d44769" = Slingo Deluxe
"WTA-442f5303-3eda-49ee-a546-cf5a0f30fcc7" = Polar Bowler
"WTA-5a1fae77-1c99-4665-8195-284134059d01" = Zuma Deluxe
"WTA-62d8d729-8c12-43e9-bc80-09d98a2504ca" = Skip-Bo - Castaway Caper
"WTA-64df0eb8-1084-4e88-9540-eb8b61a96a35" = Penguins!
"WTA-6daa3c1b-f63e-4a12-a63c-d270a4bec5c2" = Torchlight
"WTA-847fa9c4-6136-4c4e-bea7-0f7ad50c97e8" = Bejeweled 2 Deluxe
"WTA-89e336fe-a6ef-4315-9a33-fe65ca59c4f1" = Wedding Dash
"WTA-a0a683d4-3d72-4563-a3cc-3b5702218d03" = Plants vs. Zombies - Game of the Year
"WTA-ad4bafeb-c91a-4dab-b167-747041dc514e" = Tradewinds Legends
"WTA-bd42aa28-e4a7-44aa-a155-6806543031e4" = Final Drive: Nitro
"WTA-d3eb8269-182d-4684-a8ec-ff8b9bc99f1d" = FATE
"WTA-faa2ec55-fee2-466f-93d8-a830146fab2e" = Jewel Quest Solitaire
"WTA-fce960de-bcc3-48bb-98d5-1133ade0ad60" = Chuzzle Deluxe
"Zenses2" = Zenses2 Beta2
"Zune" = Zune
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06/15/2012 04:40:26 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
 0x4ee2440b  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x002168b8  Faulting process id: 0x2b1c  Faulting application
 start time: 0x01cd4ad27d046167  Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
 module path: unknown  Report Id: c0bf0f83-b6c5-11e1-9122-e89a8fe1819a
 
Error - 06/15/2012 04:40:29 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
 0x4ee2440b  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x002168b8  Faulting process id: 0x2b1c  Faulting application
 start time: 0x01cd4ad27d046167  Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
 module path: unknown  Report Id: c2420bad-b6c5-11e1-9122-e89a8fe1819a
 
Error - 06/15/2012 04:56:20 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
 0x4ee2440b  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x001cf2c0  Faulting process id: 0x153c  Faulting application
 start time: 0x01cd4ad4b4735bb5  Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
 module path: unknown  Report Id: f95e9f07-b6c7-11e1-9122-e89a8fe1819a
 
Error - 06/15/2012 04:56:23 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
 0x4ee2440b  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x001cf2c0  Faulting process id: 0x153c  Faulting application
 start time: 0x01cd4ad4b4735bb5  Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
 module path: unknown  Report Id: fb18d8a0-b6c7-11e1-9122-e89a8fe1819a
 
Error - 06/15/2012 04:56:32 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
 0x4ee2440b  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00302850  Faulting process id: 0x8e4  Faulting application
 start time: 0x01cd4ad4be4f4e6a  Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
 module path: unknown  Report Id: 009bc129-b6c8-11e1-9122-e89a8fe1819a
 
Error - 06/15/2012 04:56:35 | Computer Name = Nosferatu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3199, time stamp:
 0x4ee2440b  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00302850  Faulting process id: 0x8e4  Faulting application
 start time: 0x01cd4ad4be4f4e6a  Faulting application path: C:\Program Files\Winamp\winamp.exe
Faulting
 module path: unknown  Report Id: 02084ed0-b6c8-11e1-9122-e89a8fe1819a
 
Error - 06/15/2012 06:50:22 | Computer Name = Nosferatu-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: ecc    Start
 Time: 01cd4a761420e339    Termination Time: 395    Application Path: C:\Windows\Explorer.EXE

Report
 Id:   
 
Error - 06/16/2012 09:44:27 | Computer Name = Nosferatu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06/16/2012 10:10:26 | Computer Name = Nosferatu-PC | Source = MsiInstaller | ID = 11935
Description = 
 
Error - 06/16/2012 15:39:22 | Computer Name = Nosferatu-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 04/18/2012 06:23:23 | Computer Name = Nosferatu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1126
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 06/27/2012 09:21:55 | Computer Name = Nosferatu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6425.1000, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 1471 seconds with 840 seconds of active time.  This session ended with a 
crash.
 
Error - 07/11/2012 06:47:29 | Computer Name = Nosferatu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6611.1000, Microsoft Office Version: 12.0.4518.1014. This session lasted 4892
 seconds with 1860 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07/11/2012 15:59:20 | Computer Name = Nosferatu-PC | Source = Service Control Manager | ID = 7000
Description = The ArcGIS License Manager service failed to start due to the following
 error:   %%1053
 
Error - 07/11/2012 16:03:34 | Computer Name = Nosferatu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:02:20 on ?11.?07.?2012 was unexpected.
 
Error - 07/11/2012 16:03:37 | Computer Name = Nosferatu-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 07/11/2012 16:03:38 | Computer Name = Nosferatu-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   discache  mwlPSDFilter  mwlPSDNServ  mwlPSDVDisk  SAVOnAccess  spldr  Wanarpv6
 
Error - 07/11/2012 16:04:11 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07/11/2012 16:04:17 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07/11/2012 16:04:19 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07/11/2012 16:04:19 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07/11/2012 16:04:20 | Computer Name = Nosferatu-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07/11/2012 16:05:38 | Computer Name = Nosferatu-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
 Provider Host service which failed to start because of the following error:   %%1068
 
< End of report >
         
--- --- ---

[/code]


Ich hoffe, Ihr koennt mir helfen und waere Euch wirklich sehr dankbar.

Vielen Dank schonmal fuer Eure Zeit und fuer's Durchlesen. Wenn Ihr noch weitere Infos braucht, stelle ich die gern zur Verfuegung!

Gruss
/Jan

Alt 12.07.2012, 13:17   #2
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Standard

Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKLM..\Run: [qkwgqgdovvkdaje] C:\ProgramData\qkwgqgdo.exe () 
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () 
O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe () 
O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup File not found 
O4 - HKU\S-1-5-21-3670744698-4203180153-3131893109-1000..\Run: [qkwgqgdovvkdaje] C:\ProgramData\qkwgqgdo.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\Shell - "" = AutoRun 
O33 - MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\Shell\AutoRun\command - "" = E:\autorun.exe -- [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) 
O33 - MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\Shell - "" = AutoRun 
O33 - MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\Shell\AutoRun\command - "" = D:\autorun.exe -- [1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) 
[2012/07/11 22:00:44 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012/07/11 22:00:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
:Files
C:\ProgramData\qkwgqgdo.exe

:Commands
ipconfig /flushdns /c
[emptytemp]
[emptyflash]
[resethosts]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 13.07.2012, 10:37   #3
nosfer
 
Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Standard

Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?



Also, schonmal tausend Dank fuer diese Hilfe t'john. Das System lauft jetzt wieder 'normal' - hoffe mal, dass sich da nichts schwerwiegenderes eingenistet hat. Gibt es jetzt noch etwas zu tun, damit das Zeug ganz runter ist?

Ist denn irgendwie bekannt, wie sich dieser Trojaner in die Systeme einschleicht? Es scheinen ja doch einige Leute davon betroffen zu sein.

Hier ist der Log von OTL - da hat sich ganz schoen viel angesammelt in den temporaeren Dateien...

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qkwgqgdovvkdaje deleted successfully.
C:\ProgramData\qkwgqgdo.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UnlockerAssistant deleted successfully.
C:\Program Files\Unlocker\UnlockerAssistant.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Boxoft Tools deleted successfully.
C:\ProgramData\Boxtools\Boxofttoolbox.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3670744698-4203180153-3131893109-1000\Software\Microsoft\Windows\CurrentVersion\Run\\qkwgqgdovvkdaje deleted successfully.
File C:\ProgramData\qkwgqgdo.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{631ac28b-27c3-11e1-adfd-e89a8fe1819a}\ not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f410b939-ad85-11e1-b157-e89a8fe1819a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f410b939-ad85-11e1-b157-e89a8fe1819a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f410b939-ad85-11e1-b157-e89a8fe1819a}\ not found.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\qkwgqgdo.exe not found.
========== COMMANDS ==========
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Nosferatu
->Temp folder emptied: 30140967 bytes
->Temporary Internet Files folder emptied: 120494460 bytes
->Java cache emptied: 2892122 bytes
->FireFox cache emptied: 134764713 bytes
->Opera cache emptied: 30682960 bytes
->Flash cache emptied: 63050 bytes
 
User: Presentation
->Temp folder emptied: 49547 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: work
->Temp folder emptied: 49547 bytes
->Temporary Internet Files folder emptied: 8383312 bytes
->Flash cache emptied: 624 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3688550 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 440708737 bytes
RecycleBin emptied: 1508730 bytes
 
Total Files Cleaned = 738.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Nosferatu
->Flash cache emptied: 0 bytes
 
User: Presentation
 
User: Public
 
User: work
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07132012_101754

Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
C:\Windows\temp\dd_vcredistMSI14A8.txt moved successfully.
C:\Windows\temp\dd_vcredistUI14A8.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
[1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) E:\autorun.exe : MD5=868B8A84FB177209D42154251F55C2F3
[1999/02/03 04:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) D:\autorun.exe : MD5=868B8A84FB177209D42154251F55C2F3
File C:\Windows\temp\dd_vcredistMSI14A8.txt not found!
File C:\Windows\temp\dd_vcredistUI14A8.txt not found!
[2012/07/13 10:27:28 | 000,789,352 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
[2012/07/13 10:27:18 | 000,381,744 | ---- | M] () C:\Windows\temp\LMutilps32.log : Unable to obtain MD5

Registry entries deleted on Reboot...
         
__________________

Alt 13.07.2012, 12:38   #4
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Standard

Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?



Sehr gut!


1. Schritt

Neue Version! Bitte neu runterladen!
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 13.07.2012, 17:18   #5
nosfer
 
Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Standard

Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?



Ja, Rechner laeuft wieder wie zuvor Allerdings hat Sophos zwei Datein in die Quarantaene verbannt:

- eine aus dem OTL mover folder "qkwgqgdo.exe" (Mal/Generic-L)
- und eine .htm-Datei aus den Temporary Internet Files/Conten.IE5 (aber ich benutze doch nur Opera, wie kommt da dennoch was hin?)

Naja, jedenfall fand Malwarebyte's nichts mehr und hier ist der adwCleaner-Log:

Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/13/2012 at 17:08:32
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Nosferatu - NOSFERATU-PC
# Running from : C:\Users\Nosferatu\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Nosferatu\AppData\Local\Conduit
Folder Found : C:\Users\Nosferatu\AppData\Local\TempDir
Folder Found : C:\Users\Nosferatu\AppData\LocalLow\Conduit
Folder Found : C:\Program Files\Conduit

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default 
File : C:\Users\Nosferatu\AppData\Roaming\Mozilla\Firefox\Profiles\bv776mfq.default\prefs.js

Found : user_pref("CT3072253.autoDisableScopes", -1);

-\\ Opera v12.0.1467.0

File : C:\Users\Nosferatu\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1450 octets] - [13/07/2012 17:08:32]

########## EOF - C:\AdwCleaner[R1].txt - [1578 octets] ##########
         


Alt 13.07.2012, 17:24   #6
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Standard

Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?



Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



danach:
Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?

Alt 15.07.2012, 00:30   #7
nosfer
 
Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Standard

Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?



Wunderbar! Hier ist der neue adwcleaner-Log:

Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/14/2012 at 10:30:11
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Nosferatu - NOSFERATU-PC
# Running from : C:\Users\Nosferatu\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Nosferatu\AppData\Local\Conduit
Folder Deleted : C:\Users\Nosferatu\AppData\Local\TempDir
Folder Deleted : C:\Users\Nosferatu\AppData\LocalLow\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default 
File : C:\Users\Nosferatu\AppData\Roaming\Mozilla\Firefox\Profiles\bv776mfq.default\prefs.js

Deleted : user_pref("CT3072253.autoDisableScopes", -1);

-\\ Opera v12.0.1467.0

File : C:\Users\Nosferatu\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1579 octets] - [13/07/2012 17:08:32]
AdwCleaner[S1].txt - [1534 octets] - [14/07/2012 10:30:11]

########## EOF - C:\AdwCleaner[S1].txt - [1662 octets] ##########
         
Und hier der von ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b0031f04063fb4f9cece23ad49d5faa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-14 02:00:34
# local_time=2012-07-14 04:00:34 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 63302 93886603 0 0
# compatibility_mode=8192 67108863 100 0 258 258 0 0
# compatibility_mode=8449 16775165 50 99 1341 74693379 0 0
# scanned=187636
# found=1
# cleaned=0
# scan_time=19023
C:\Users\Nosferatu\AppData\Local\Opera\Opera\temporary_downloads\Unlocker1.9.1.exe	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
         
Der Unlocker sollte aber ein Prgram sein zum entfernen von Datei unter Windows. Habe ihn aber auch schon nicht mehr drauf, muss wohl noch die alte Installationsdatei sein.

Alt 15.07.2012, 11:36   #8
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Standard

Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?



Sehr gut!

Du bist sauber und entlassen

Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 13:38   #9
nosfer
 
Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Standard

Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?



Ja, wunderbar! Tausend Dank auf jeden Fall fuer diesen super Support t'john und ich werde mich jetzt mal in den naechsten Tagen um die empfohlene Lektuere kuemmern Auf dass mir sowas nicht wieder vorkommt.

Cheers!

Antwort

Themen zu Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?
7-zip, adobe, autorun, cftmon.lnk, computer, defender, excel, failed, flash player, format, google earth, go_0molg.pad, gvu trojaner, gvu trojaner entfernen, gvu trojaner mit webcam, helper, install.exe, launch, locker, logfile, microsoft office word, msiinstaller, office 2007, pmmupdate.exe, problem, pup.bundleinstaller.somoto, realtek, recuva, rundll, searchscopes, security, svchost.exe, system, trojan.agent.ge, trojaner board, udp, webcam gvu trojaner, webcamfenster, wildtangent games



Ähnliche Themen: Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?


  1. Dateien nach Bundespolizei Trojaner verschlüsselt
    Log-Analyse und Auswertung - 17.01.2014 (15)
  2. win xp / verschlüsselung nach Trojaner , komme nicht weiter
    Diskussionsforum - 25.12.2013 (4)
  3. Fedpol bundespolizei trojaner auf pc windows 7 - wie weiter?
    Log-Analyse und Auswertung - 14.10.2013 (1)
  4. Ebenfalls GVU Trojaner - OTL und Malwarebytes Log- wie geht`s weiter?
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (8)
  5. Bundes Trojaner! Wie gehts weiter nach Systemwiederherstellung!
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (13)
  6. Komme nicht weiter mit Entschlüsselung nach einem Trojaner-Befall
    Überwachung, Datenschutz und Spam - 14.07.2012 (1)
  7. Bundespolizei Trojaner / OTL.txt vorhanden komme nicht weiter und schnelle HILFE
    Log-Analyse und Auswertung - 12.07.2012 (2)
  8. Trojaner - wie weiter vorgehen nach Malwarebytes Suchlauf?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  9. Bundespolizei Trojaner - weg nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  10. Bundespolizei Ich komme nicht weiter bin Anfänger
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (2)
  11. Bundestrojaner - abgesicherter Modus in Vista - wie geht's mit / nach Malwarebytes weiter?
    Log-Analyse und Auswertung - 29.12.2011 (1)
  12. bundespolizei trojaner komme nicht weiter
    Log-Analyse und Auswertung - 21.12.2011 (25)
  13. Bundespolizei Virus, OTL Scan gemacht. Wie weiter?
    Log-Analyse und Auswertung - 10.10.2011 (24)
  14. Malware-log nach Bundespolizei-trojaner
    Log-Analyse und Auswertung - 01.09.2011 (5)
  15. Bundespolizei-Trojaner nach Systemwiederherstellung
    Log-Analyse und Auswertung - 12.08.2011 (34)
  16. eeePC nach Bundespolizei-Trojaner mit REATOGO gebootet - wie geht's nun weiter?
    Log-Analyse und Auswertung - 01.07.2011 (31)
  17. Malwarebytes und OT Log nach cycbot.b - wie gehts jetzt weiter ?
    Log-Analyse und Auswertung - 03.04.2011 (5)

Zum Thema Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? - Hej! Heute hat der Bundespolizei-Trojaner ("Ihr Computer wurde gesperrt", zahle 100 EUR) auch mich erwischt. Nach einigem Suchen bin ich auf dem Trojaner Board gelandet und hoffe, hier nun fachkundigen - Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log?...
Archiv
Du betrachtest: Bundespolizei-Trojaner: Wie weiter nach Malwarebytes und OTL Log? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.