Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Befall: EXP/2012-4681.AD

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.10.2012, 19:30   #1
Gaudino
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Hallo,

seit ein paar Tagen lande ich beim Login auf der Targobank Website auf einer Site, die nach meinen sämtlichen iTans fragt. Beim Scannen mit Avira wurde der Trojaner aus dem Titel gefunden. Ich habe dann nach der Anweisung hier im Board Malwarebytes runtergeladen und laufen lassen. Dabei kam folgendes Log zustande:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: LAPTOP [Administrator]

07.10.2012 17:35:54
mbam-log-2012-10-07 (17-35-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250644
Laufzeit: 5 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Michael\AppData\Roaming\Muezp\ibcue.exe (Trojan.Agent.GNI) -> 6596 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ibcue.exe (Trojan.Agent.GNI) -> Daten: C:\Users\Michael\AppData\Roaming\Muezp\ibcue.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Michael\AppData\Roaming\Muezp\ibcue.exe (Trojan.Agent.GNI) -> Löschen bei Neustart.

(Ende)


Ich habe sämtliche Funde entfernen lassen und einen Neustart durchgeführt.
Ein zweiter Scan hat keine Funde mehr ergeben.

Muss ich nun noch etwas tun oder bin ich wieder virenfrei.

Vielen Dank für Eure Hilfe.

Viele Grüße,
Michael

Alt 08.10.2012, 19:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 14.10.2012, 21:56   #3
Gaudino
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Hallo,

das ist das log von Malwarebytes nach dem Full Scan:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: LAPTOP [Administrator]

09.10.2012 21:47:14
mbam-log-2012-10-09 (21-47-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 492203
Laufzeit: 1 Stunde(n), 33 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Und das ist der log vom ESET Scan:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
         
ESET hat auch den gleichen Trojaner wieder gefunden.

Inzwischen ist auch noch folgendenes Problem aufgetaucht: Wenn ich ein Avira Update durchführen will, bekommen ich die Fehlermeldung, dass der Zugriff verweigert wird.

Vielen Dank für die Hilfe
__________________

Alt 15.10.2012, 11:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.10.2012, 15:35   #5
Gaudino
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



So, jetzt hat es wohl geklappt.

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9fef5e85ac31a1469cf0dd27da142262
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-17 11:45:07
# local_time=2012-10-17 01:45:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 31710579 31710579 0 0
# compatibility_mode=5893 16776573 100 94 49820 102092182 0 0
# compatibility_mode=8192 67108863 100 0 643634 643634 0 0
# scanned=270528
# found=1
# cleaned=0
# scan_time=11974
C:\Users\Michael\AppData\Local\Temp\jar_cache4353190836909369558.tmp	a variant of Java/Exploit.CVE-2012-4681.BD trojan (unable to clean)	00000000000000000000000000000000	I
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9fef5e85ac31a1469cf0dd27da142262
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-23 01:18:58
# local_time=2012-10-23 03:18:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 32240199 32240199 0 0
# compatibility_mode=5893 16776573 100 94 15646 102621802 0 0
# compatibility_mode=8192 67108863 100 0 1173254 1173254 0 0
# scanned=264836
# found=0
# cleaned=0
# scan_time=6386
         
"Netterweise" bekomme ich inzwischen Unmengen von Unzustellbarkeitserklärungen zu Mails, die ich nie verschickt habe. Auch die Email-Adressen sind mir unbekannt.

Das Avira-Update funktioniert jetzt aber wieder.


Alt 23.10.2012, 21:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\Installer\*. /s
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Installer\*. /s
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Befall: EXP/2012-4681.AD

Alt 24.10.2012, 10:08   #7
Gaudino
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Hab jetzt den OTL Quick Scan gemacht.

Der Text aus dem OTL.txt File:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/24/2012 9:50:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.31% Memory free
7.60 Gb Paging File | 5.92 Gb Available in Paging File | 77.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 546.25 Gb Total Space | 458.21 Gb Free Space | 83.88% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 24.92 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/24 09:47:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2012/08/08 22:05:21 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/08 11:44:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 11:44:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/29 06:07:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/10/27 14:00:48 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/10/27 13:59:10 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/06/21 23:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2010/04/27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/04 06:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/14 21:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2009/12/12 01:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2009/12/10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/23 03:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/10/11 20:47:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/08 11:44:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 11:44:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/27 14:00:48 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/10/27 13:59:10 | 000,236,136 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 06:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/10/23 03:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/08 11:44:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 11:44:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/29 06:07:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/10/28 01:27:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/06/21 16:15:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/05/24 16:46:36 | 000,246,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/01 10:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/03/04 18:53:02 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 05:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/10 20:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/18 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\..\SearchScopes,DefaultScope = {08300607-E312-4A1A-B115-727AE5321361}
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\..\SearchScopes\{08300607-E312-4A1A-B115-727AE5321361}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\..\SearchScopes,DefaultScope = {08300607-E312-4A1A-B115-727AE5321361}
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\..\SearchScopes\{08300607-E312-4A1A-B115-727AE5321361}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_deDE429
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1002..\Run: [Bkbpb] C:\Users\Michael\AppData\Roaming\JJsSM.exe File not found
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1002..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\RunOnce: [HKCU] C:\Windows\SysWOW64\oobe\Info\HKCU.vbs ()
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\RunOnce: [WLConfig] C:\PROGRA~2\WLANMO~1\wlconfig.exe -autostart File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD0937BB-79A4-4B2C-A8C6-5D18E0FD8718}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BEC6CA-6CB9-41F2-814D-28C04FDB7390}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BsScanner - Service
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BsScanner - Service
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/24 09:47:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/10/09 23:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/07 17:34:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2012/10/07 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/07 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/07 17:34:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/07 17:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/06 18:38:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Muezp
[2012/10/06 18:38:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Abygpo
[2012/09/29 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Zaewwa
[2012/09/29 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Uvloy
[2012/09/29 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Ocos
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/24 09:51:15 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 09:51:15 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 09:47:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/10/24 09:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/24 09:43:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/24 09:43:33 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/10/24 09:43:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/24 09:43:13 | 3061,911,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/23 22:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/23 13:32:25 | 001,528,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/23 13:32:25 | 000,665,014 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/23 13:32:25 | 000,625,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/23 13:32:25 | 000,135,150 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/23 13:32:25 | 000,110,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/07 17:34:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/28 23:50:36 | 063,746,468 | ---- | M] () -- C:\Users\Michael\Desktop\coll.psd
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/07 17:34:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/28 23:50:35 | 063,746,468 | ---- | C] () -- C:\Users\Michael\Desktop\coll.psd
[2011/12/29 01:39:01 | 000,000,095 | ---- | C] () -- C:\Users\Michael\AppData\Local\fusioncache.dat
[2011/12/29 01:37:23 | 001,555,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/01 12:01:06 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/25 02:55:48 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/11/24 18:58:39 | 000,072,017 | ---- | C] () -- C:\Windows\SysWow64\Uninstall ALDI SÜD Mah Jong.exe
[2010/11/24 18:48:23 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/11/22 19:35:59 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/11/22 19:35:58 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/07 19:07:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Abygpo
[2011/06/10 21:40:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ashampoo
[2011/02/26 14:36:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2011/11/05 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Epson
[2011/05/30 22:16:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GARMIN
[2012/10/07 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Muezp
[2012/10/02 23:31:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ocos
[2012/10/01 19:25:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uvloy
[2012/09/29 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Zaewwa
[2011/06/01 22:34:40 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Epson
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/10/07 19:07:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Abygpo
[2012/09/23 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Adobe
[2011/06/10 21:40:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ashampoo
[2011/10/16 09:56:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Avira
[2011/08/20 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CyberLink
[2011/02/26 14:36:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2011/11/05 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Epson
[2011/05/30 22:16:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GARMIN
[2011/04/28 20:06:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Google
[2011/02/26 14:32:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Identities
[2011/06/01 15:48:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\InstallShield
[2010/10/13 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Macromedia
[2012/10/07 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Center Programs
[2012/10/23 13:34:15 | 000,000,000 | --SD | M] -- C:\Users\Michael\AppData\Roaming\Microsoft
[2011/12/29 02:00:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla
[2012/10/07 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Muezp
[2012/10/02 23:31:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ocos
[2012/10/01 19:25:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uvloy
[2012/09/29 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Zaewwa
[2011/06/01 13:42:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2010/11/30 20:28:13 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Michael\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\Installer\*. /s >
[2010/07/07 17:48:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$
[2010/11/30 19:39:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
[2011/06/01 15:48:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}
[2011/02/26 14:30:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{07B62101-7EBD-434A-94B1-B38063BE5516}
[2011/05/30 22:16:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}
[2011/07/11 14:46:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{09266808-537A-43C1-8B4D-D411169F1E3B}
[2011/02/26 14:30:24 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}
[2011/06/01 11:59:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
[2011/02/26 14:30:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{19AC095C-3520-4999-AA15-93B6D0248A50}
[2011/02/26 14:30:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}
[2010/11/30 19:39:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
[2011/06/01 11:59:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
[2011/02/26 14:30:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{34A9406E-1994-4C20-AC72-04CFA2B24545}
[2011/02/26 14:30:31 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3576C335-958D-4D60-A812-F68F9A2796AF}
[2010/11/30 19:32:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}
[2011/05/21 20:48:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{510D2239-6C2E-457B-9590-485EC552D94D}
[2010/11/24 18:47:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5442DAB8-7177-49E1-8B22-09A049EA5996}
[2011/02/26 14:30:32 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5500BB35-1C21-4328-9F16-F894B860FADE}
[2012/06/26 21:46:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
[2010/11/30 19:27:46 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}
[2011/02/26 14:30:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}
[2011/10/02 11:25:06 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{7D542452-84EB-47C0-97BA-735C523AB555}
[2010/11/30 19:30:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{80E158EA-7181-40FE-A701-301CE6BE64AB}
[2011/10/02 11:25:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{88B746D6-1956-4D98-BE82-46E45AAA5BC2}
[2012/05/15 22:10:43 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2011/02/27 21:01:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90140000-002A-0000-1000-0000000FF1CE}
[2011/11/29 21:09:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90140000-006E-0407-0000-0000000FF1CE}
[2011/02/26 14:30:05 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9043B9A0-9505-405B-8202-E7167A38A89C}
[2012/10/11 07:04:19 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}
[2012/04/07 20:38:26 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}
[2011/06/01 12:00:23 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
[2011/04/28 17:21:49 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
[2011/02/26 14:30:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{ABD8B955-1C69-4AF3-949B-13CD587C175F}
[2012/09/19 14:29:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AA1000000001}
[2012/04/06 20:35:42 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}
[2010/11/30 19:37:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B7A0CE06-068E-11D6-97FD-0050BACBF861}
[2011/02/26 14:30:10 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}
[2011/02/26 14:30:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{BA9319FE-BCEF-4C99-8039-F464648D046E}
[2011/02/26 14:30:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}
[2011/10/06 20:17:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C1940CF0-E2DD-11E0-BB25-B8AC6F97B88E}
[2010/11/30 19:28:06 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
[2011/02/26 14:30:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C682F3F0-00A6-4379-B083-4F3273624D7B}
[2010/11/30 19:35:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
[2012/05/09 22:35:02 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}
[2011/02/26 14:30:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}
[2011/11/11 15:49:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}
[2010/11/30 19:39:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D36DD326-7280-11D8-97C8-000129760CBE}
[2010/12/10 12:31:34 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}
[2011/05/21 20:33:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DE659AC8-EEF0-4115-AA0C-6500D194FB10}
[2010/11/30 19:36:45 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
[2010/10/28 00:43:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48}
[2010/11/30 19:31:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E3739848-5329-48E3-8D28-5BBD6E8BE384}
[2010/11/30 19:26:09 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
[2010/11/30 19:32:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E3D04529-6EDB-11D8-A372-0050BAE317E1}
[2011/04/28 17:21:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
[2010/10/28 00:42:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2011/06/01 11:59:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
[2011/02/26 14:30:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F16841F6-5F0F-4DBE-B318-63CEB916F21D}
[2010/07/07 17:49:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2011/06/01 15:47:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F9000000-0018-0000-0000-074957833700}
[2012/09/19 14:28:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed
[2011/11/29 21:09:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC
[2011/11/29 21:09:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109440070400000000000F01FEC
[2011/11/29 21:09:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109510070400000000000F01FEC
[2011/11/29 21:09:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109610070400000000000F01FEC
[2011/11/29 21:09:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109810070400000000000F01FEC
[2011/02/27 21:01:26 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109910070400000000000F01FEC
[2011/11/29 21:09:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC
[2011/11/29 21:08:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC
[2011/11/29 21:08:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20070400100000000F01FEC
[2011/11/29 21:09:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109AB0070400000000000F01FEC
[2011/11/29 21:09:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109B10070400000000000F01FEC
[2011/11/29 21:12:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109C20070400000000000F01FEC
[2011/11/29 21:09:05 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC
[2011/12/16 11:26:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC
[2011/12/16 11:26:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC
[2011/12/16 11:26:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC
[2011/12/16 11:26:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC
[2011/11/29 21:10:27 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC
[2011/04/28 17:21:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE
[2011/02/26 14:30:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0A9B34095059B50428207E61A7838AC9
[2012/04/13 19:09:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581
[2011/02/26 14:30:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\10126B70DBE7A434491B3B0836EB5561
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\11B786265B8581A4B93CD94FEC301F49
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\123E05E274745BE4E9BCBB6C3CCAF013
[2011/10/17 23:34:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A
[2011/06/13 21:11:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1E4ACFA687B90463F8277AFB33442800
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\20489D9EBA12F9E4FBB674FA63FEE779
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\266A727EF9FAEED4185C4F1A86F6D3CF
[2012/04/06 20:37:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2DAB2DCC9190BC0408CC9E35B8E0C4E2
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\331B09E774FFBB84198B63CFA545F89E
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3B464E39570D989478DF8A825B3C801B
[2011/04/28 17:21:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066
[2011/04/28 17:21:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4A59BDD1B7DF71543B1FB2AC9A86976E
[2011/06/16 22:31:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D
[2011/04/28 17:21:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440
[2011/04/28 17:21:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8
[2012/09/19 14:29:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010
[2011/06/16 22:31:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6E58EC68CABDDFF39B774E7BF9389C90
[2011/04/28 17:21:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\7B144B41D477071489AE1A6376EA2681
[2011/04/28 17:21:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\884FD4BEFEAAF6043A14BCA2AA13B509
[2011/05/21 20:48:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\8CA956ED0FEE5114AAC056001D49BF01
[2011/06/16 22:31:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A3878338869058B3FA7CABEAA036CD05
[2011/04/28 17:21:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03
[2011/02/27 21:47:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A6C64DD86500CEF47BA082BB611A1FF1
[2011/06/16 22:31:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A7C639EE04AE5D13B956E8E380C98382
[2011/12/29 01:40:01 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0
[2011/04/28 17:21:27 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E
[2011/06/20 21:42:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C70C3E627FF72634E999E9943E38FC61
[2011/02/27 21:47:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98
[2011/02/27 20:47:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D42CAC96CD1B79B41AEBEF12481380EF
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D51CF92CB48ECEE45850D4DE4914C495
[2012/05/15 22:09:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
[2011/12/29 01:36:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDE7F2BCF1D91C3409CFF425AE1E271A
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DF99F8ED7CF289C4AA767292DF1E0F04
[2010/10/27 23:57:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E18D5725DA384ED4CBB2E6B63A3A2344
[2011/02/27 21:47:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E5D9D200AB92D6E3B94CD3D7D6CB37C5
[2011/04/28 17:21:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ED401437FB2CF214BB79CFECE19C2492
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ED9D5213A7D87894593FA8248389338D
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276
[2011/05/13 13:49:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC
[2011/04/28 17:21:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571
[2011/04/28 17:21:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B
[2011/11/29 21:09:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC\14.0.6029
[2011/11/29 21:09:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109440070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109510070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109610070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109810070400000000000F01FEC\14.0.4763
[2011/02/27 21:01:26 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109910070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC\14.0.4763
[2012/04/13 19:11:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC\14.0.6029
[2011/11/29 21:08:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763
[2012/02/17 16:56:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.6029
[2011/11/29 21:08:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20070400100000000F01FEC\14.0.4763
[2011/11/29 21:09:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109AB0070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109B10070400000000000F01FEC\14.0.4763
[2011/11/29 21:12:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109C20070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC\14.0.6029
[2011/11/29 21:12:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC\14.0.4763
[2011/12/16 11:26:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC\14.0.6029
[2011/12/16 11:26:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC\14.0.4763
[2011/12/16 11:26:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC\14.0.6029
[2011/12/16 11:26:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\14.0.4763
[2012/08/15 23:13:01 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\14.0.6029
[2011/11/29 21:12:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\14.0.4763
[2011/12/16 11:26:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\14.0.6029
[2012/04/16 00:01:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763
[2012/10/11 07:03:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029
[2011/04/28 17:21:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE\15.4.3502
[2012/04/13 19:09:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0A9B34095059B50428207E61A7838AC9\4.0.0
[2012/04/13 19:09:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581\8.0.50727
[2011/02/26 14:30:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\10126B70DBE7A434491B3B0836EB5561\4.0.0
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\11B786265B8581A4B93CD94FEC301F49\15.4.3502
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\123E05E274745BE4E9BCBB6C3CCAF013\15.4.3502
[2011/10/17 23:34:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219
[2011/06/13 21:11:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1E4ACFA687B90463F8277AFB33442800\9.0.30729
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\20489D9EBA12F9E4FBB674FA63FEE779\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\266A727EF9FAEED4185C4F1A86F6D3CF\15.4.3502
[2012/05/09 22:34:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2DAB2DCC9190BC0408CC9E35B8E0C4E2\17.2.0
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\331B09E774FFBB84198B63CFA545F89E\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3B464E39570D989478DF8A825B3C801B\15.4.3502
[2011/04/28 17:21:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502
[2011/04/28 17:21:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4A59BDD1B7DF71543B1FB2AC9A86976E\15.4.3502
[2011/06/16 22:31:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D\15.4.2862
[2011/04/28 17:21:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440\15.4.3502
[2011/04/28 17:21:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722
[2012/09/19 14:29:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0
[2011/06/16 22:31:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6E58EC68CABDDFF39B774E7BF9389C90\9.0.30729
[2011/04/28 17:21:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\7B144B41D477071489AE1A6376EA2681\15.4.3502
[2011/04/28 17:21:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\884FD4BEFEAAF6043A14BCA2AA13B509\15.4.3502
[2011/05/21 20:48:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\8CA956ED0FEE5114AAC056001D49BF01\4.0.0
[2011/06/16 22:31:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A3878338869058B3FA7CABEAA036CD05\9.0.30729
[2011/04/28 17:21:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03\15.4.3502
[2011/02/27 21:47:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A6C64DD86500CEF47BA082BB611A1FF1\15.4.2862
[2011/06/16 22:31:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A7C639EE04AE5D13B956E8E380C98382\9.0.30729
[2012/04/13 19:09:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0\8.0.56336
[2011/04/28 17:21:27 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502
[2012/04/13 19:09:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\8.0.61001
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C70C3E627FF72634E999E9943E38FC61\15.4.3502
[2011/05/13 13:49:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98\9.0.30729
[2011/02/27 20:47:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D42CAC96CD1B79B41AEBEF12481380EF\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D51CF92CB48ECEE45850D4DE4914C495\15.4.3502
[2012/05/15 22:09:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
[2011/12/29 01:36:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDE7F2BCF1D91C3409CFF425AE1E271A\1.1.4322
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DF99F8ED7CF289C4AA767292DF1E0F04\15.4.3502
[2012/05/12 18:19:00 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E18D5725DA384ED4CBB2E6B63A3A2344\15.4.3502
[2011/02/27 21:47:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E5D9D200AB92D6E3B94CD3D7D6CB37C5\9.0.30729
[2011/04/28 17:21:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F\15.4.3502
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ED401437FB2CF214BB79CFECE19C2492\15.4.3502
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ED9D5213A7D87894593FA8248389338D\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276\15.4.3502
[2011/05/13 13:49:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC\9.0.30729
[2011/04/28 17:21:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502
[2011/04/28 17:21:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B\15.4.3502
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Installer\*. /s >
[2010/07/07 17:48:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$
[2010/11/30 19:39:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
[2011/06/01 15:48:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}
[2011/02/26 14:30:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{07B62101-7EBD-434A-94B1-B38063BE5516}
[2011/05/30 22:16:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}
[2011/07/11 14:46:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{09266808-537A-43C1-8B4D-D411169F1E3B}
[2011/02/26 14:30:24 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}
[2011/06/01 11:59:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
[2011/02/26 14:30:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{19AC095C-3520-4999-AA15-93B6D0248A50}
[2011/02/26 14:30:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}
[2010/11/30 19:39:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
[2011/06/01 11:59:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
[2011/02/26 14:30:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{34A9406E-1994-4C20-AC72-04CFA2B24545}
[2011/02/26 14:30:31 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3576C335-958D-4D60-A812-F68F9A2796AF}
[2010/11/30 19:32:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}
[2011/05/21 20:48:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{510D2239-6C2E-457B-9590-485EC552D94D}
[2010/11/24 18:47:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5442DAB8-7177-49E1-8B22-09A049EA5996}
[2011/02/26 14:30:32 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5500BB35-1C21-4328-9F16-F894B860FADE}
[2012/06/26 21:46:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
[2010/11/30 19:27:46 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}
[2011/02/26 14:30:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}
[2011/10/02 11:25:06 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{7D542452-84EB-47C0-97BA-735C523AB555}
[2010/11/30 19:30:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{80E158EA-7181-40FE-A701-301CE6BE64AB}
[2011/10/02 11:25:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{88B746D6-1956-4D98-BE82-46E45AAA5BC2}
[2012/05/15 22:10:43 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2011/02/27 21:01:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90140000-002A-0000-1000-0000000FF1CE}
[2011/11/29 21:09:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90140000-006E-0407-0000-0000000FF1CE}
[2011/02/26 14:30:05 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9043B9A0-9505-405B-8202-E7167A38A89C}
[2012/10/11 07:04:19 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}
[2012/04/07 20:38:26 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}
[2011/06/01 12:00:23 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
[2011/04/28 17:21:49 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
[2011/02/26 14:30:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{ABD8B955-1C69-4AF3-949B-13CD587C175F}
[2012/09/19 14:29:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AA1000000001}
[2012/04/06 20:35:42 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}
[2010/11/30 19:37:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B7A0CE06-068E-11D6-97FD-0050BACBF861}
[2011/02/26 14:30:10 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}
[2011/02/26 14:30:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{BA9319FE-BCEF-4C99-8039-F464648D046E}
[2011/02/26 14:30:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}
[2011/10/06 20:17:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C1940CF0-E2DD-11E0-BB25-B8AC6F97B88E}
[2010/11/30 19:28:06 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
[2011/02/26 14:30:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C682F3F0-00A6-4379-B083-4F3273624D7B}
[2010/11/30 19:35:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
[2012/05/09 22:35:02 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}
[2011/02/26 14:30:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}
[2011/11/11 15:49:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}
[2010/11/30 19:39:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D36DD326-7280-11D8-97C8-000129760CBE}
[2010/12/10 12:31:34 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}
[2011/05/21 20:33:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DE659AC8-EEF0-4115-AA0C-6500D194FB10}
[2010/11/30 19:36:45 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
[2010/10/28 00:43:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48}
[2010/11/30 19:31:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E3739848-5329-48E3-8D28-5BBD6E8BE384}
[2010/11/30 19:26:09 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
[2010/11/30 19:32:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E3D04529-6EDB-11D8-A372-0050BAE317E1}
[2011/04/28 17:21:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
[2010/10/28 00:42:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2011/06/01 11:59:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
[2011/02/26 14:30:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F16841F6-5F0F-4DBE-B318-63CEB916F21D}
[2010/07/07 17:49:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2011/06/01 15:47:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F9000000-0018-0000-0000-074957833700}
[2012/09/19 14:28:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed
[2011/11/29 21:09:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC
[2011/11/29 21:09:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109440070400000000000F01FEC
[2011/11/29 21:09:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109510070400000000000F01FEC
[2011/11/29 21:09:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109610070400000000000F01FEC
[2011/11/29 21:09:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109810070400000000000F01FEC
[2011/02/27 21:01:26 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109910070400000000000F01FEC
[2011/11/29 21:09:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC
[2011/11/29 21:08:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC
[2011/11/29 21:08:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20070400100000000F01FEC
[2011/11/29 21:09:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109AB0070400000000000F01FEC
[2011/11/29 21:09:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109B10070400000000000F01FEC
[2011/11/29 21:12:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109C20070400000000000F01FEC
[2011/11/29 21:09:05 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC
[2011/12/16 11:26:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC
[2011/12/16 11:26:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC
[2011/12/16 11:26:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC
[2011/12/16 11:26:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC
[2011/11/29 21:10:27 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC
[2011/04/28 17:21:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE
[2011/02/26 14:30:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0A9B34095059B50428207E61A7838AC9
[2012/04/13 19:09:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581
[2011/02/26 14:30:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\10126B70DBE7A434491B3B0836EB5561
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\11B786265B8581A4B93CD94FEC301F49
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\123E05E274745BE4E9BCBB6C3CCAF013
[2011/10/17 23:34:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A
[2011/06/13 21:11:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1E4ACFA687B90463F8277AFB33442800
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\20489D9EBA12F9E4FBB674FA63FEE779
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\266A727EF9FAEED4185C4F1A86F6D3CF
[2012/04/06 20:37:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2DAB2DCC9190BC0408CC9E35B8E0C4E2
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\331B09E774FFBB84198B63CFA545F89E
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3B464E39570D989478DF8A825B3C801B
[2011/04/28 17:21:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066
[2011/04/28 17:21:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4A59BDD1B7DF71543B1FB2AC9A86976E
[2011/06/16 22:31:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D
[2011/04/28 17:21:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440
[2011/04/28 17:21:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8
[2012/09/19 14:29:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010
[2011/06/16 22:31:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6E58EC68CABDDFF39B774E7BF9389C90
[2011/04/28 17:21:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\7B144B41D477071489AE1A6376EA2681
[2011/04/28 17:21:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\884FD4BEFEAAF6043A14BCA2AA13B509
[2011/05/21 20:48:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\8CA956ED0FEE5114AAC056001D49BF01
[2011/06/16 22:31:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A3878338869058B3FA7CABEAA036CD05
[2011/04/28 17:21:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03
[2011/02/27 21:47:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A6C64DD86500CEF47BA082BB611A1FF1
[2011/06/16 22:31:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A7C639EE04AE5D13B956E8E380C98382
[2011/12/29 01:40:01 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0
[2011/04/28 17:21:27 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E
[2011/06/20 21:42:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C70C3E627FF72634E999E9943E38FC61
[2011/02/27 21:47:28 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98
[2011/02/27 20:47:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D42CAC96CD1B79B41AEBEF12481380EF
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D51CF92CB48ECEE45850D4DE4914C495
[2012/05/15 22:09:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
[2011/12/29 01:36:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDE7F2BCF1D91C3409CFF425AE1E271A
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DF99F8ED7CF289C4AA767292DF1E0F04
[2010/10/27 23:57:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E18D5725DA384ED4CBB2E6B63A3A2344
[2011/02/27 21:47:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E5D9D200AB92D6E3B94CD3D7D6CB37C5
[2011/04/28 17:21:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ED401437FB2CF214BB79CFECE19C2492
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ED9D5213A7D87894593FA8248389338D
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276
[2011/05/13 13:49:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC
[2011/04/28 17:21:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571
[2011/04/28 17:21:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B
[2011/11/29 21:09:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC\14.0.6029
[2011/11/29 21:09:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109440070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109510070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109610070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109810070400000000000F01FEC\14.0.4763
[2011/02/27 21:01:26 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109910070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:37 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC\14.0.4763
[2012/04/13 19:11:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC\14.0.6029
[2011/11/29 21:08:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763
[2012/02/17 16:56:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.6029
[2011/11/29 21:08:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A20070400100000000F01FEC\14.0.4763
[2011/11/29 21:09:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109AB0070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109B10070400000000000F01FEC\14.0.4763
[2011/11/29 21:12:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109C20070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC\14.0.4763
[2011/11/29 21:09:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC\14.0.6029
[2011/11/29 21:12:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC\14.0.4763
[2011/12/16 11:26:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC\14.0.6029
[2011/12/16 11:26:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC\14.0.4763
[2011/12/16 11:26:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC\14.0.6029
[2011/12/16 11:26:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\14.0.4763
[2012/08/15 23:13:01 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\14.0.6029
[2011/11/29 21:12:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\14.0.4763
[2011/12/16 11:26:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\14.0.6029
[2012/04/16 00:01:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763
[2012/10/11 07:03:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029
[2011/04/28 17:21:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE\15.4.3502
[2012/04/13 19:09:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0A9B34095059B50428207E61A7838AC9\4.0.0
[2012/04/13 19:09:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581\8.0.50727
[2011/02/26 14:30:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\10126B70DBE7A434491B3B0836EB5561\4.0.0
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\11B786265B8581A4B93CD94FEC301F49\15.4.3502
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\123E05E274745BE4E9BCBB6C3CCAF013\15.4.3502
[2011/10/17 23:34:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219
[2011/06/13 21:11:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1E4ACFA687B90463F8277AFB33442800\9.0.30729
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\20489D9EBA12F9E4FBB674FA63FEE779\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\266A727EF9FAEED4185C4F1A86F6D3CF\15.4.3502
[2012/05/09 22:34:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2DAB2DCC9190BC0408CC9E35B8E0C4E2\17.2.0
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\331B09E774FFBB84198B63CFA545F89E\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3B464E39570D989478DF8A825B3C801B\15.4.3502
[2011/04/28 17:21:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502
[2011/04/28 17:21:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\4A59BDD1B7DF71543B1FB2AC9A86976E\15.4.3502
[2011/06/16 22:31:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D\15.4.2862
[2011/04/28 17:21:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440\15.4.3502
[2011/04/28 17:21:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722
[2012/09/19 14:29:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0
[2011/06/16 22:31:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\6E58EC68CABDDFF39B774E7BF9389C90\9.0.30729
[2011/04/28 17:21:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\7B144B41D477071489AE1A6376EA2681\15.4.3502
[2011/04/28 17:21:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\884FD4BEFEAAF6043A14BCA2AA13B509\15.4.3502
[2011/05/21 20:48:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\8CA956ED0FEE5114AAC056001D49BF01\4.0.0
[2011/06/16 22:31:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A3878338869058B3FA7CABEAA036CD05\9.0.30729
[2011/04/28 17:21:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03\15.4.3502
[2011/02/27 21:47:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A6C64DD86500CEF47BA082BB611A1FF1\15.4.2862
[2011/06/16 22:31:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A7C639EE04AE5D13B956E8E380C98382\9.0.30729
[2012/04/13 19:09:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0\8.0.56336
[2011/04/28 17:21:27 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502
[2012/04/13 19:09:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\8.0.61001
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C70C3E627FF72634E999E9943E38FC61\15.4.3502
[2011/05/13 13:49:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98\9.0.30729
[2011/02/27 20:47:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D42CAC96CD1B79B41AEBEF12481380EF\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D51CF92CB48ECEE45850D4DE4914C495\15.4.3502
[2012/05/15 22:09:49 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
[2011/12/29 01:36:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDE7F2BCF1D91C3409CFF425AE1E271A\1.1.4322
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DF99F8ED7CF289C4AA767292DF1E0F04\15.4.3502
[2012/05/12 18:19:00 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E18D5725DA384ED4CBB2E6B63A3A2344\15.4.3502
[2011/02/27 21:47:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E5D9D200AB92D6E3B94CD3D7D6CB37C5\9.0.30729
[2011/04/28 17:21:38 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F\15.4.3502
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ED401437FB2CF214BB79CFECE19C2492\15.4.3502
[2011/04/28 17:21:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\ED9D5213A7D87894593FA8248389338D\15.4.3502
[2011/04/28 17:21:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276\15.4.3502
[2011/05/13 13:49:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC\9.0.30729
[2011/04/28 17:21:43 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502
[2011/04/28 17:21:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B\15.4.3502

< End of report >
         
--- --- ---

Alt 24.10.2012, 16:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\RunOnce: [HKCU] C:\Windows\SysWOW64\oobe\Info\HKCU.vbs ()
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs ()
:Files
C:\Users\Michael\AppData\Roaming\Muezp
C:\Users\Michael\AppData\Roaming\Abygpo
C:\Users\Michael\AppData\Roaming\Zaewwa
C:\Users\Michael\AppData\Roaming\Uvloy
C:\Users\Michael\AppData\Roaming\Ocos
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2012, 18:45   #9
Gaudino
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Muss ich vorher auch die Firewall deaktivieren?

Hab ich jetzt gemacht.

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-923248821-3982213027-3402639681-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKCU deleted successfully.
C:\Windows\SysWOW64\oobe\Info\HKCU.vbs moved successfully.
Registry value HKEY_USERS\S-1-5-21-923248821-3982213027-3402639681-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver deleted successfully.
C:\Windows\Web\Wallpaper\MEDION\start.vbs moved successfully.
========== FILES ==========
C:\Users\Michael\AppData\Roaming\Muezp folder moved successfully.
C:\Users\Michael\AppData\Roaming\Abygpo folder moved successfully.
C:\Users\Michael\AppData\Roaming\Zaewwa folder moved successfully.
C:\Users\Michael\AppData\Roaming\Uvloy folder moved successfully.
C:\Users\Michael\AppData\Roaming\Ocos folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Michael\Desktop\cmd.bat deleted successfully.
C:\Users\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 283738365 bytes
->Temporary Internet Files folder emptied: 7896121781 bytes
->Java cache emptied: 15578333 bytes
->Google Chrome cache emptied: 21928808 bytes
->Flash cache emptied: 96523 bytes
 
User: Public
 
User: Sonja
->Temp folder emptied: 71846223 bytes
->Temporary Internet Files folder emptied: 830924901 bytes
->Java cache emptied: 61900 bytes
->Google Chrome cache emptied: 39136019 bytes
->Flash cache emptied: 87875 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 413081595 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 9,129.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10242012_194618

Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2A5C9DC7-2DF6-4D4B-853A-9DB4600FC1E6}.tmp not found!
File\Folder C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C122C1F3-2761-44D3-B42D-9698BBD8CBF6}.tmp not found!
File\Folder C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CB3E63DE-051E-411A-B5FE-50B81FF48240}.tmp not found!
File\Folder C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ED3DECB2-347D-4D70-8FCF-AE3E0964F042}.tmp not found!
C:\Users\Sonja\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 24.10.2012, 20:51   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Ok, eine Kontrolle bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2012, 21:19   #11
Gaudino
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



OK.

OLT.Txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/24/2012 9:09:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 64.03% Memory free
7.60 Gb Paging File | 6.02 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 546.25 Gb Total Space | 466.03 Gb Free Space | 85.31% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 24.92 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Garmin\gStart.exe (GARMIN Corp.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\..\SearchScopes,DefaultScope = {08300607-E312-4A1A-B115-727AE5321361}
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\..\SearchScopes\{08300607-E312-4A1A-B115-727AE5321361}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\..\SearchScopes,DefaultScope = {08300607-E312-4A1A-B115-727AE5321361}
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\..\SearchScopes\{08300607-E312-4A1A-B115-727AE5321361}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_deDE429
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012/10/24 19:50:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKU\S-1-5-21-923248821-3982213027-3402639681-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1002..\Run: [Bkbpb] C:\Users\Michael\AppData\Roaming\JJsSM.exe File not found
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1002..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-923248821-3982213027-3402639681-1001..\RunOnce: [WLConfig] C:\PROGRA~2\WLANMO~1\wlconfig.exe -autostart File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD0937BB-79A4-4B2C-A8C6-5D18E0FD8718}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BEC6CA-6CB9-41F2-814D-28C04FDB7390}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/24 19:46:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/24 09:47:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/10/10 13:21:10 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 13:21:09 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 13:21:09 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 13:20:52 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 13:20:52 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 13:20:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 13:20:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 13:20:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 13:20:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 13:20:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 13:20:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 13:20:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 13:20:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 13:20:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 13:20:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 13:20:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 13:20:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 13:20:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 13:20:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 13:20:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 13:20:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 13:20:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 13:20:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 13:20:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 13:20:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 13:20:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 13:20:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 13:20:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 13:20:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 13:20:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 13:20:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 13:20:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 13:20:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 13:20:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 13:20:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 13:20:43 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 13:20:33 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 13:20:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/09 23:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/07 17:34:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2012/10/07 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/07 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/07 17:34:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/07 17:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/26 15:04:10 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/24 21:01:14 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/10/24 20:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/24 20:45:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/24 20:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 20:01:34 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 20:01:34 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 19:54:09 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/10/24 19:54:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/24 19:53:55 | 3061,911,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 19:50:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/24 09:47:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/10/23 13:32:25 | 001,528,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/23 13:32:25 | 000,665,014 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/23 13:32:25 | 000,625,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/23 13:32:25 | 000,135,150 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/23 13:32:25 | 000,110,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/11 20:47:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/11 20:47:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/07 17:34:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/28 23:50:36 | 063,746,468 | ---- | M] () -- C:\Users\Michael\Desktop\coll.psd
 
========== Files Created - No Company Name ==========
 
[2012/10/07 17:34:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/28 23:50:35 | 063,746,468 | ---- | C] () -- C:\Users\Michael\Desktop\coll.psd
[2011/12/29 01:39:01 | 000,000,095 | ---- | C] () -- C:\Users\Michael\AppData\Local\fusioncache.dat
[2011/12/29 01:37:23 | 001,555,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/01 12:01:06 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/25 02:55:48 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/11/24 18:58:39 | 000,072,017 | ---- | C] () -- C:\Windows\SysWow64\Uninstall ALDI SÜD Mah Jong.exe
[2010/11/24 18:48:23 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/11/22 19:35:59 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/11/22 19:35:58 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


Extras.Txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10/24/2012 9:09:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 64.03% Memory free
7.60 Gb Paging File | 6.02 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 546.25 Gb Total Space | 466.03 Gb Free Space | 85.31% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 24.92 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E92F2-71E1-40CC-9BC6-96E52325AD84}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0589DB8F-9368-472C-ADCE-2EBCE7C5BC24}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1242FE8D-89F9-45B5-929E-0DC6FF66F59E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{125C3766-D4DC-49FF-9CCD-9C6CCF214F12}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1695DEDE-DA5E-45ED-BFBE-E90629A551D7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1A912C0C-075C-4CEA-B365-8B4BB6100BDE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1CD4741B-5160-4261-B403-E338DA0D80B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1D825DEC-4B01-4343-AD74-2DE8D1C8F868}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2DBA2185-9E64-4846-BAF8-5F4FFC99C4D2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3B53EAEA-60AA-4ACA-8D5F-00DB76011848}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5A5138FF-C7E4-4E35-BE80-BF8272397DB1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6120DDFB-B3A3-4EFC-83F1-3F3B083D5CA6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{625D0BA0-C3D1-4C01-86C2-D6AEECB2E1CE}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{73607147-67A6-409E-B72A-BCF0C39C006E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7BD8522A-DEA2-46BA-AC64-25524B3F97E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF610214-64AB-4C6E-9178-9F2B8F857EF7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BD04DC2D-FED8-4A52-B093-4C5580C4A877}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C714FD25-F8A5-452F-8EFF-B062E459A62A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E9DF3260-6881-42D9-B4F7-D66E6E63F41C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F6F610B5-DDF5-48C6-9502-E6FDE84BF710}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{FDD6BA0A-151A-4D6B-B19D-048969461301}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018209D7-7908-466B-BED7-E8AF1B598B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{11391612-851D-481B-A760-65DBAF30ABD8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{15A35B2D-AEDF-4A46-B359-3E504D5BB2EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2216BDE2-9DA3-428C-8216-0D3272F751EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{30C10B6E-9655-489A-AAB6-7F0FF424FD97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4C7154FA-1B36-417B-B2E4-3A33A2847ABF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D6532C5-FAFA-464C-9E9F-337DDB972D35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4EC8A141-4525-4E0B-A3C5-2D68E5DD2E89}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{4F69C5B9-D59A-48D9-A2E5-19326C10E5FE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{505D5409-05EF-4967-9869-090B67C4EC32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53C0CB3D-A73A-4890-BE33-4F784A864443}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59B78E29-1503-498B-8AD2-2579EA41F687}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{59FDCBF0-EB0B-4DE4-8E2E-52B3701DDF34}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{60BD55EA-5D7F-474A-B66C-3B7A385E7843}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{6C63FCD3-2A33-4B99-B0CD-4CCFFA5261B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{6E363FBF-9A89-4317-8D56-8415C2957979}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{717E7C93-4AAF-4BB3-9E9F-2A01204DD26E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{76CE054D-B0F6-4A5F-8927-B4F40C5AB595}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7873F782-012B-4B6E-8347-B5ABCDC9C7B7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{89924650-D43F-4504-AFCB-D8DF5AB37A5F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{8AEBC1BD-9304-402D-B53A-BEA5B085C714}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{95661389-F74C-4599-BBF5-B1173070EA04}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9C6FCB89-5BD7-42D3-8ABD-496F42BF0F91}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B82AEDC3-B102-4936-8852-4E30DD5CB57D}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{BA5C3D34-3C26-42FC-8717-0E106B9A3DFD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BDFF778C-6E43-4F7B-BF7D-BB052E8E066E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe | 
"{C1059266-06DA-4ECB-BCEB-2A11F1C65475}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{DA1370F6-A41F-4ABD-862F-6D6178237D59}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E03A180F-3505-47EE-9CBF-6D58461F68C3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"TCP Query User{257FF1BB-EECB-4ACC-B8B6-6D0BD57157E5}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{633B488A-B0BF-4697-9B75-870692AAF9C2}C:\users\michael\appdata\roaming\ocos\erki.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\ocos\erki.exe | 
"TCP Query User{7F82CCF2-8DB6-46C7-B4FB-57F52809C5E2}C:\users\michael\appdata\roaming\muezp\ibcue.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\muezp\ibcue.exe | 
"TCP Query User{9F613544-7C41-4B08-95F2-0FB988A76DE6}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{B77A2E49-7A0D-4976-8862-8E7337032EDC}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | 
"UDP Query User{4D22858C-E55A-48C4-BCF9-D6E9E7F03E5B}C:\users\michael\appdata\roaming\ocos\erki.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\ocos\erki.exe | 
"UDP Query User{55EC792E-D21A-45B7-8492-DE861B006617}C:\users\michael\appdata\roaming\muezp\ibcue.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\muezp\ibcue.exe | 
"UDP Query User{7D3AA671-E313-4121-8B10-D82CF120DBB4}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | 
"UDP Query User{B3538BDF-DBA3-4DC9-BEF7-08050A122D16}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{D097A6DC-92E5-4C77-942E-5713EB9D504B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = RemoteCapture 2.7.5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = File Viewer Utility 1.3.2
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F00635B-B2EC-4E67-9339-2590824AA61A}" = In Company Second Edition Intermediate
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{822586CA-0B15-428C-859A-64B3728F28E7}" = RemoteCapture Task
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Camera Window
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = RAW Image Task
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v4
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9618EB0-D09E-496B-A425-689271F5571B}" = Windows Live UX Platform Language Pack
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.12.1
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON Scanner" = EPSON Scan
"EPSON SX420W Series Manual" = EPSON SX420W Series Handbuch
"EPSON SX420W Series Network Guide" = EPSON SX420W Series Netzwerk-Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA-Treiber
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{822586CA-0B15-428C-859A-64B3728F28E7}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-923248821-3982213027-3402639681-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"STANLY Track" = STANLY Track
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/10/2012 4:20:38 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10/10/2012 6:40:11 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10/11/2012 1:30:04 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10/11/2012 3:50:28 AM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WButton.exe, Version: 1.0.9.4, Zeitstempel:
 0x4c1efc99  Name des fehlerhaften Moduls: WButton.exe, Version: 1.0.9.4, Zeitstempel:
 0x4c1efc99  Ausnahmecode: 0x40000015  Fehleroffset: 0x0003c171  ID des fehlerhaften Prozesses:
 0x7c  Startzeit der fehlerhaften Anwendung: 0x01cda784f5caa1f0  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Launch Manager\WButton.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Launch Manager\WButton.exe  Berichtskennung: 522e39e6-1378-11e2-8869-00262dc46063
 
Error - 10/12/2012 8:25:18 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10/18/2012 8:16:30 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10/19/2012 12:41:16 PM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10/21/2012 8:26:55 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10/23/2012 12:53:08 PM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10/24/2012 4:49:01 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 10/24/2012 2:36:56 PM | Computer Name = Laptop | Source = ipnathlp | ID = 30013
Description = 
 
Error - 10/24/2012 2:43:06 PM | Computer Name = Laptop | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/24/2012 2:56:33 PM | Computer Name = Laptop | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/24/2012 2:56:36 PM | Computer Name = Laptop | Source = ipnathlp | ID = 30013
Description = 
 
Error - 10/24/2012 2:56:49 PM | Computer Name = Laptop | Source = ipnathlp | ID = 30013
Description = 
 
Error - 10/24/2012 2:58:06 PM | Computer Name = Laptop | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10/24/2012 2:58:08 PM | Computer Name = Laptop | Source = ipnathlp | ID = 30013
Description = 
 
Error - 10/24/2012 3:01:14 PM | Computer Name = Laptop | Source = ipnathlp | ID = 30013
Description = 
 
Error - 10/24/2012 3:02:51 PM | Computer Name = Laptop | Source = ipnathlp | ID = 34001
Description = 
 
Error - 10/24/2012 3:05:50 PM | Computer Name = Laptop | Source = ipnathlp | ID = 34001
Description = 
 
 
< End of report >
         
--- --- ---

Alt 24.10.2012, 22:01   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2012, 22:31   #13
Gaudino
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Hier kommt die aswMBR.txt

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 22:28:27
-----------------------------
22:28:27.550    OS Version: Windows x64 6.1.7601 Service Pack 1
22:28:27.550    Number of processors: 4 586 0x2505
22:28:27.550    ComputerName: LAPTOP  UserName: 
22:28:28.939    Initialize success
22:28:35.210    AVAST engine defs: 12102400
22:28:57.596    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:28:57.596    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
22:28:57.658    Disk 0 MBR read successfully
22:28:57.658    Disk 0 MBR scan
22:28:57.674    Disk 0 unknown MBR code
22:28:57.705    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:28:57.721    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       559355 MB offset 206848
22:28:57.752    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        50000 MB offset 1145765888
22:28:57.783    Disk 0 Partition 4 00     12  Compaq diag NTFS         1023 MB offset 1248165888
22:28:57.845    Disk 0 scanning C:\Windows\system32\drivers
22:29:10.497    Service scanning
22:29:37.282    Modules scanning
22:29:37.298    Disk 0 trace - called modules:
22:29:37.314    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
22:29:37.329    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800454e060]
22:29:37.329    3 CLASSPNP.SYS[fffff88001a2843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004274050]
22:29:37.329    Scan finished successfully
22:30:14.598    Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
22:30:14.598    The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
         

Alt 24.10.2012, 22:39   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2012, 23:19   #15
Gaudino
 
Befall: EXP/2012-4681.AD - Standard

Befall: EXP/2012-4681.AD



MBR ist gefixt.

Die aswMBR.txt lautet jetzt:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 23:16:56
-----------------------------
23:16:56.088    OS Version: Windows x64 6.1.7601 Service Pack 1
23:16:56.088    Number of processors: 4 586 0x2505
23:16:56.104    ComputerName: LAPTOP  UserName: 
23:16:59.551    Initialize success
23:17:10.752    AVAST engine defs: 12102400
23:17:34.526    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:17:34.526    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
23:17:34.573    Disk 0 MBR read successfully
23:17:34.573    Disk 0 MBR scan
23:17:34.604    Disk 0 Windows 7 default MBR code
23:17:34.620    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:17:34.651    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       559355 MB offset 206848
23:17:34.682    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        50000 MB offset 1145765888
23:17:34.698    Disk 0 Partition 4 00     12  Compaq diag NTFS         1023 MB offset 1248165888
23:17:34.776    Disk 0 scanning C:\Windows\system32\drivers
23:17:48.386    Service scanning
23:18:17.776    Modules scanning
23:18:17.776    Disk 0 trace - called modules:
23:18:18.306    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
23:18:18.306    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800454b060]
23:18:18.306    3 CLASSPNP.SYS[fffff88001ae943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004290050]
23:18:18.306    Scan finished successfully
23:19:03.354    Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
23:19:03.354    The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
         

Antwort

Themen zu Befall: EXP/2012-4681.AD
administrator, anti-malware, appdata, autostart, avira, befall, board, dateien, entfernen, exp/2012-4681.ad, explorer, folge, gelöscht, laptop, löschen, malwarebytes, microsoft, quarantäne, roaming, scan, scannen, service, software, speicher, trojan.agent.gni, trojaner, version



Ähnliche Themen: Befall: EXP/2012-4681.AD


  1. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Log-Analyse und Auswertung - 02.05.2015 (21)
  2. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Mülltonne - 08.04.2015 (3)
  3. Avira meldet JAVA/Agent-Viren sowie EXP/Dldr.Java.O und EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (8)
  4. Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen
    Log-Analyse und Auswertung - 30.01.2013 (15)
  5. "HEUR:Exploit.Java.CVE-2012-4681.gen" entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (2)
  6. Wie entferne ich HEUR:Exploit.Java.CVE-2012-4681.gen von meinem Rechner ?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (29)
  7. EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (28)
  8. HEUR:Exploit.Java.CVE-2012-4681.gen
    Log-Analyse und Auswertung - 26.11.2012 (23)
  9. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  10. HEUR:Exploit.Java.CVE-2012-4681.gen -wie entfernen
    Mülltonne - 15.11.2012 (1)
  11. HEUR:Exploit Java. CVE-2012-4681.gen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (24)
  12. Trijaner-Downloader.JS.Agent.gmg+Heur:Exploit.Java.CVE.2012-4681.ger
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  13. Avira meldet Fund von EXP/2012-4681.AD
    Log-Analyse und Auswertung - 22.10.2012 (25)
  14. Viren-Warnung Avira: Exploit EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (1)
  15. EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden
    Log-Analyse und Auswertung - 19.09.2012 (29)
  16. EXP/2012-4681.N.1 & TR/Agent.trvv.2 erkannt. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (2)
  17. Qurantäne Datei Avira EXP/CVE-2012-4681 (unter anderem)
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (5)

Zum Thema Befall: EXP/2012-4681.AD - Hallo, seit ein paar Tagen lande ich beim Login auf der Targobank Website auf einer Site, die nach meinen sämtlichen iTans fragt. Beim Scannen mit Avira wurde der Trojaner aus - Befall: EXP/2012-4681.AD...
Archiv
Du betrachtest: Befall: EXP/2012-4681.AD auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.