|
Plagegeister aller Art und deren Bekämpfung: TR/Spy.8704.364 in C:\eSupport\eDriver\Software\Display\nVidia\N11X_N12X_R260\Win7_64_8.17.12.6643\Display.update\LoginTrigger.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.11.2012, 19:35 | #1 |
| TR/Spy.8704.364 in C:\eSupport\eDriver\Software\Display\nVidia\N11X_N12X_R260\Win7_64_8.17.12.6643\Display.update\LoginTrigger.exe Hallo zusammen , habe durch AntiVir den im Header genannten Trojaner gefundne und direkt in Quarantäne, aber noch nicht gelöscht. Habe Malware drüber laufen lassen und es wurde nichts gefunden. OLT Bericht hängt unten bei. 1. Frage. Soll ich ANtiVir sagen er soll den löschen? Habe ein bißchen Schiss vor dem Trojaner. 2. Frage kann man sehen was genau der für Unheil anrichten soll? 3. Wie gehe ich weiter vor? Jetzt schon mal vielen, vielen Dank für die Hilfe! Falls was fehlt kurz nachfragen bitte. Liebe Grüße Katrin OTL: OTL logfile created on: 21.11.2012 19:05:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Inkeri\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 37,09% Memory free 7,71 Gb Paging File | 5,08 Gb Available in Paging File | 65,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 28,54 Gb Free Space | 38,30% Space Free | Partition Type: NTFS Drive D: | 202,08 Gb Total Space | 127,12 Gb Free Space | 62,91% Space Free | Partition Type: NTFS Computer Name: INKERI-PC | User Name: Inkeri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.21 15:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inkeri\Desktop\OTL.exe PRC - [2012.11.17 15:25:28 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.17 15:25:12 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.17 15:25:11 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.28 19:59:48 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.20 17:18:58 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2012.09.20 17:18:57 | 001,737,728 | ---- | M] (Lavasoft Limited ) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2012.04.26 10:00:19 | 001,380,464 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe PRC - [2011.09.08 14:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.04.18 02:07:09 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.12.27 15:39:28 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.10.07 17:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.09.30 23:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.19 20:26:00 | 000,383,792 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe PRC - [2010.07.19 20:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe PRC - [2010.07.19 20:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.10.01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.07.31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2012.11.17 08:48:39 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll MOD - [2012.11.17 08:43:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012.11.17 08:43:17 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012.11.17 08:43:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.17 08:42:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.17 08:42:54 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012.11.17 08:42:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.17 08:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.17 08:42:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.17 08:42:35 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.17 08:42:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.10.28 19:59:48 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.04.26 10:17:29 | 002,002,032 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wfvie12.dll MOD - [2012.04.26 10:17:24 | 000,319,600 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsguiwinapi47.dll MOD - [2012.04.26 10:17:23 | 001,543,280 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wsteu12.dll MOD - [2012.04.26 10:17:20 | 000,275,056 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rscorewinapi47.dll MOD - [2012.04.26 10:01:32 | 007,921,776 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wgui12.dll MOD - [2012.04.26 10:01:14 | 002,984,560 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wcore12.dll MOD - [2012.04.26 10:01:02 | 004,443,760 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wauff12.dll MOD - [2012.04.26 10:00:34 | 001,640,560 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wreli12.dll MOD - [2012.04.26 10:00:19 | 001,380,464 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe MOD - [2012.04.26 10:00:11 | 000,135,792 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsodbc47.dll MOD - [2012.04.26 10:00:08 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsdcom47.dll MOD - [2012.02.07 11:37:06 | 000,865,280 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtCLuceners47.dll MOD - [2012.02.07 11:37:06 | 000,271,872 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\phononrs47.dll MOD - [2012.02.07 11:37:04 | 011,163,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtWebKitrs47.dll MOD - [2012.02.07 11:37:02 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtTestrs47.dll MOD - [2012.02.07 11:37:00 | 001,340,416 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtScriptrs47.dll MOD - [2012.02.07 11:36:58 | 002,395,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\Qt3Supportrs47.dll MOD - [2012.02.07 11:36:58 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtSqlrs47.dll MOD - [2012.02.07 11:36:58 | 000,281,088 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtSvgrs47.dll MOD - [2012.02.07 11:36:56 | 000,358,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtXmlrs47.dll MOD - [2012.02.07 11:36:54 | 008,934,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtGuirs47.dll MOD - [2012.02.07 11:36:54 | 002,356,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtCorers47.dll MOD - [2012.02.07 11:36:54 | 000,990,208 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtNetworkrs47.dll MOD - [2011.05.26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.12.27 15:39:16 | 000,235,112 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.30 23:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll MOD - [2010.09.30 23:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll MOD - [2010.09.30 23:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll MOD - [2010.09.30 23:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010.07.01 19:21:42 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.08.04 10:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.11.17 15:25:28 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.17 15:25:12 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.28 19:59:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 17:18:57 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.09.17 05:19:27 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Inkeri\AppData\Local\Temp\7zS13E7\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2010.12.27 15:39:28 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.17 15:25:35 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.17 15:25:35 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.02 05:13:58 | 000,029,184 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.29 11:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.11 21:40:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.10.12 02:49:15 | 000,131,552 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2010.09.23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.08 12:39:31 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.09.07 10:19:37 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010.07.14 07:17:27 | 000,735,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.03.03 12:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.02 09:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.18 09:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.13 17:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012.03.02 05:13:58 | 000,021,504 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) DRV - [2011.07.22 15:45:31 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=bcfaea6f000000000000f46d0425dc4b&tlver=1.4.31.2&instlRef=sst&ss=1&affID=100365&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.23 18:25:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 19:59:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.23 18:25:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 19:59:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.22 15:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inkeri\AppData\Roaming\mozilla\Extensions [2012.11.15 20:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inkeri\AppData\Roaming\mozilla\Firefox\Profiles\9wbld0bp.default\extensions [2011.11.19 13:05:10 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Inkeri\AppData\Roaming\mozilla\Firefox\Profiles\9wbld0bp.default\extensions\toolbar@ask.com [2012.11.15 20:44:59 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\Inkeri\AppData\Roaming\mozilla\firefox\profiles\9wbld0bp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.20 22:34:13 | 000,002,057 | ---- | M] () -- C:\Users\Inkeri\AppData\Roaming\mozilla\firefox\profiles\9wbld0bp.default\searchplugins\youtube-videosuche.xml [2012.10.28 19:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.28 19:59:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.28 19:59:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.10.28 19:59:48 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 15:46:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.15 16:17:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.20 15:46:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 15:46:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 15:46:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 15:46:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325D9FCC-FBF8-4472-A32A-B56A721F8B15}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8839DF94-3D2B-4F5B-A1DD-8C606F0E470F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 15:22:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Inkeri\Desktop\OTL.exe [2012.11.21 15:10:47 | 000,000,000 | ---D | C] -- C:\Users\Inkeri\AppData\Roaming\Malwarebytes [2012.11.21 15:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.21 15:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.21 15:10:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.21 15:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.17 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Inkeri\AppData\Roaming\Avira [2012.11.17 09:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.17 09:23:13 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.17 09:23:13 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.17 09:23:13 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.17 09:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.16 20:15:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.10.28 19:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Users\Inkeri\Desktop\*.tmp files -> C:\Users\Inkeri\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.21 19:01:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.21 17:01:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.21 15:25:32 | 000,000,000 | ---- | M] () -- C:\Users\Inkeri\defogger_reenable [2012.11.21 15:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inkeri\Desktop\OTL.exe [2012.11.21 15:22:58 | 000,050,477 | ---- | M] () -- C:\Users\Inkeri\Desktop\Defogger.exe [2012.11.21 15:02:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.20 17:51:00 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 17:51:00 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 17:43:24 | 3105,251,328 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 08:27:28 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.11.19 19:41:21 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.11.19 19:41:21 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.11.17 15:25:35 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.17 15:25:35 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.17 08:41:15 | 000,413,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.16 20:25:51 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.16 20:25:51 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.16 20:25:51 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.16 20:25:51 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.16 20:25:51 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.12 21:36:34 | 000,028,957 | ---- | M] () -- C:\Users\Inkeri\Desktop\ce0aa2c1-b90a-f0bc-0ffa-ed0913cef770.jpg [2012.11.12 21:06:26 | 000,350,206 | ---- | M] () -- C:\Users\Inkeri\Desktop\1289339712-264.jpg [1 C:\Users\Inkeri\Desktop\*.tmp files -> C:\Users\Inkeri\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.21 15:25:32 | 000,000,000 | ---- | C] () -- C:\Users\Inkeri\defogger_reenable [2012.11.21 15:22:48 | 000,050,477 | ---- | C] () -- C:\Users\Inkeri\Desktop\Defogger.exe [2012.11.16 20:24:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 20:16:16 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 21:36:32 | 000,028,957 | ---- | C] () -- C:\Users\Inkeri\Desktop\ce0aa2c1-b90a-f0bc-0ffa-ed0913cef770.jpg [2012.11.12 21:06:23 | 000,350,206 | ---- | C] () -- C:\Users\Inkeri\Desktop\1289339712-264.jpg [2012.11.02 18:41:57 | 003,326,543 | ---- | C] () -- C:\Users\Inkeri\Desktop\IMG_3070.JPG [2012.05.06 17:00:18 | 000,000,000 | ---- | C] () -- C:\Users\Inkeri\.gtk-bookmarks [2012.04.29 17:42:54 | 000,000,638 | ---- | C] () -- C:\Windows\wiso.ini [2011.10.23 18:21:04 | 000,226,450 | ---- | C] () -- C:\Windows\hpoins18.dat [2011.10.23 18:21:04 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2011.07.25 16:23:26 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.07.25 16:23:26 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.04.18 01:42:31 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.07.22 15:50:10 | 000,000,000 | ---D | M] -- C:\Users\Inkeri\AppData\Roaming\Asus WebStorage [2012.04.29 17:38:15 | 000,000,000 | ---D | M] -- C:\Users\Inkeri\AppData\Roaming\Buhl Data Service [2012.10.14 13:00:29 | 000,000,000 | ---D | M] -- C:\Users\Inkeri\AppData\Roaming\calibre [2012.11.18 20:13:10 | 000,000,000 | ---D | M] -- C:\Users\Inkeri\AppData\Roaming\FreeDoko [2011.07.24 11:57:35 | 000,000,000 | ---D | M] -- C:\Users\Inkeri\AppData\Roaming\Nuance [2012.06.17 12:25:28 | 000,000,000 | ---D | M] -- C:\Users\Inkeri\AppData\Roaming\Windows Live Writer [2011.07.24 11:57:08 | 000,000,000 | ---D | M] -- C:\Users\Inkeri\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > OTL Extras logfile created on: 21.11.2012 19:05:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Inkeri\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 37,09% Memory free 7,71 Gb Paging File | 5,08 Gb Available in Paging File | 65,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 28,54 Gb Free Space | 38,30% Space Free | Partition Type: NTFS Drive D: | 202,08 Gb Total Space | 127,12 Gb Free Space | 62,91% Space Free | Partition Type: NTFS Computer Name: INKERI-PC | User Name: Inkeri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0835F6AF-6168-4DC9-8A77-843CC4620E58}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{090A1803-D488-476A-9EB2-9BEE41577CCF}" = rport=138 | protocol=17 | dir=out | app=system | "{0FEC854A-5A66-4382-BD31-8A0C9670A0FD}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{36C4FA1A-50FD-46D9-94B6-74CE38941BA9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3FB32D1B-9AE9-4933-A023-7A23B4114B98}" = lport=139 | protocol=6 | dir=in | app=system | "{44F83B9D-DD3D-4ACB-B581-6B33574A0973}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{46FE6697-312B-4BA0-897C-15DF879A177A}" = lport=138 | protocol=17 | dir=in | app=system | "{482AC371-475A-4A82-A37F-16223EB3F412}" = rport=10243 | protocol=6 | dir=out | app=system | "{50995A00-2FCB-4BAA-B5E6-3BC80BA058F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{539BA237-E850-4C58-8DBC-0FA1EDBCF36D}" = rport=445 | protocol=6 | dir=out | app=system | "{5A8FBEAC-C987-4EEF-AFF4-8D1F787A4759}" = rport=139 | protocol=6 | dir=out | app=system | "{5D4C546F-302F-4F43-887E-9EDF3EB77740}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{65556BAE-80B8-44B5-A707-D3994EF7000F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{7799632C-CAFE-4FF7-B98B-D95CB4EDC80D}" = lport=445 | protocol=6 | dir=in | app=system | "{7B990309-6E03-484F-81A9-58CB9400EB6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7DC0FA27-1339-4C90-B56E-6E10D613765C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9CECB26D-A480-4987-9DA2-623422D1A5C6}" = lport=137 | protocol=17 | dir=in | app=system | "{A6CC7984-D4FC-4DF6-9529-C9A142715FA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AB48C989-3B73-4171-88D8-397C0EA22FF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AD23AEA6-E277-4E49-8E20-1C1617B46260}" = lport=2869 | protocol=6 | dir=in | app=system | "{ADD98EAB-00A8-4C69-873D-FFA030B23323}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B72C70F5-F644-4929-84CB-62FF20EEEC80}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D4109ED8-66B2-4817-9E5A-0F555D7B6B33}" = rport=137 | protocol=17 | dir=out | app=system | "{E05B57C9-C1C5-4F7F-BDA8-7D1BCC4961FA}" = lport=10243 | protocol=6 | dir=in | app=system | "{E85A1E73-EBA3-40FB-99C0-A42F73E355D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F38B20A7-D6A1-48B3-8919-A61481A3F609}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F61414AC-DCDB-4A0B-BB3D-4B7EC440EFA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FE19CF0B-2BE8-4088-875A-80223A82CDE5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09596CBD-3781-4FBB-97EF-EDD086E44A71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{0EA21904-31CD-414F-8F1F-02AAF6CEB138}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{1749CF20-B898-4BA6-8F43-1FA42D636A41}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{19BC6774-CFE1-4DE4-B7EF-00C93277CEDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{240E4CD9-B8DC-4F09-9CF9-15CD25B81976}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{2CEF16C4-0D16-463E-B849-CA02FCB1FC41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{320228C6-2F43-4914-B05C-590036626FE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{36947D65-9972-4A3E-9A59-4AA059A4802F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{375708F5-B94A-43A3-B123-97E7B801CCDE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{37829AB7-D962-4BF5-84B3-E62D0757F9B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{38673867-BF7B-471A-854B-2ECFC68AAAF4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{3B68EB00-5ECE-4F3A-9BE9-BE5149CAF29F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3F52CADE-4A45-4B46-9E90-AA27E499C866}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{435EE048-0865-464F-9745-672362953EF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{47C27D21-4B5A-40D7-8808-A284FAE50DA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{55E3F9FA-FBAB-4A81-8D7D-C68019F71F2C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{5796D10E-8AE2-485C-BE38-1D8879DB391A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5FEBECB6-344E-4A37-8ADF-3F72ED8528D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6389554F-3FDE-45D9-8BE1-CB73A92AA454}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{75A6497D-B3FA-4459-9981-97BD55353BA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{791FA095-A29D-4265-88DA-3F2C3D54B06D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{8331EB7B-2B5A-4EC5-AB7B-0AC8716C9C2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{83F9EFEE-47E3-4C1F-A778-76AC30FD979A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{84CEBA93-4157-47AB-8476-6D179070626B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8A67765D-0612-46C0-B70D-9FF59B45FE7B}" = protocol=6 | dir=out | app=system | "{8FDA2A17-AE20-4E83-9240-FD3886A348CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{947DE259-6064-4666-A0C0-ACB538148FC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97B41062-71AE-48E9-95E1-19D4B00429B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{98D662FB-F938-4597-9FA5-6EBE444B6EA8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{9E128569-9ACD-4490-8184-6EB95FE8A892}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{9F917ABF-32D0-4B56-BA2C-9FBACC6B94B5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{A2B6A073-2C0E-4E0F-B0B4-1CF4948E884B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{AC9BCAEC-6DC8-476A-9D9D-7272EABCBD91}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{B2EB87D1-E7C8-40EE-AF7F-25B0B65D643A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{BA87E3BE-2DB0-4C49-A3A2-0FCB4B212F16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{BFBEDCA5-2F37-43C0-871C-9803244DE6C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C46E0DFA-74AD-44F5-A3A4-BB6F66B81D5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{C700B98A-C565-48BE-96F0-1B29E4ED27C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C7988388-566D-4C2A-A8C0-4FDA563D9D4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C835F1D5-3C2E-4F3B-A69B-B65E92B03E47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C91B5CB9-B3A9-43D5-A0DF-25F7B58C5A76}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{CBA8C42A-FCC3-4165-9F2A-E00EAECDBFE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{D2F09B71-FC52-4FFC-85E0-E09F135BA52E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D47C62EA-BD16-45F3-85A3-4A8CC3A82602}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{DA3B4FB0-C4D3-4338-8374-335CF8013C62}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{DFDAE785-5C85-4024-AACA-F9433BC3B9E4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E5AEC714-BADD-46E2-9131-0BADA96EAF22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{EAB584AA-C5D6-477F-9973-2EF8802E15FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{F1A39389-8DE4-4C1A-B952-C3ABE3AF6A2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F4BDF9A5-04B8-461C-8B56-07BAAD17FF02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{F8EC1F9F-8D74-4871-A3F8-80B1BD893C53}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FA3392D4-B08A-45E9-943F-E4CEC03789C4}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{FB6D9A2E-4550-4F93-AD5E-8E352030180C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{FCFD0ED9-79C2-40AF-B65A-E6EB3EE57B07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "TCP Query User{5FBB1B05-1A60-4FE9-9B69-1572F03C0342}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{6A95C8AF-6F93-41B9-9375-090E29378510}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety "{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety "{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety "{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.43 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.43 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.43 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour "{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "CNXT_AUDIO_HDA" = Conexant HD Audio "Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Shop for HP Supplies" = Shop for HP Supplies "USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100 "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery "{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack "{ED8DE18A-421A-46CE-884B-E913EB16AB49}" = calibre "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F027C8E3-6DBD-492A-9959-7B36B1DE0D65}" = Ad-Aware "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "Avira AntiVir Desktop" = Avira Free Antivirus "Bookworm Deluxe" = Bookworm Deluxe "Cooking Dash" = Cooking Dash "ENTERPRISE" = Microsoft Office Enterprise 2007 "FreeDoko" = FreeDoko 0.7.11 "Google Chrome" = Google Chrome "Governor of Poker" = Governor of Poker "Hotel Dash Suite Success" = Hotel Dash Suite Success "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Jewel Quest 3" = Jewel Quest 3 "K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN "Kobo" = Kobo "Luxor 3" = Luxor 3 "Mahjongg dimensions" = Mahjongg dimensions "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Plants vs Zombies" = Plants vs Zombies "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "World of Goo" = World of Goo ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.10.2012 11:50:42 | Computer Name = Inkeri-PC | Source = System Restore | ID = 8193 Description = Error - 27.10.2012 02:17:55 | Computer Name = Inkeri-PC | Source = Outlook | ID = 34 Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8001010d. Error - 27.10.2012 03:04:16 | Computer Name = Inkeri-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 27.10.2012 03:07:35 | Computer Name = Inkeri-PC | Source = System Restore | ID = 8193 Description = Error - 28.10.2012 13:31:20 | Computer Name = Inkeri-PC | Source = Outlook | ID = 34 Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8001010d. Error - 28.10.2012 13:33:04 | Computer Name = Inkeri-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 28.10.2012 13:33:04 | Computer Name = Inkeri-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 28.10.2012 14:07:46 | Computer Name = Inkeri-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 28.10.2012 14:11:13 | Computer Name = Inkeri-PC | Source = System Restore | ID = 8193 Description = Error - 29.10.2012 14:27:31 | Computer Name = Inkeri-PC | Source = Outlook | ID = 34 Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8001010d. [ OSession Events ] Error - 08.01.2012 06:29:31 | Computer Name = Inkeri-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 10.06.2012 11:13:57 | Computer Name = Inkeri-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error - 10.06.2012 11:13:57 | Computer Name = Inkeri-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error - 10.06.2012 11:13:58 | Computer Name = Inkeri-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error - 10.06.2012 12:43:44 | Computer Name = Inkeri-PC | Source = DCOM | ID = 10005 Description = Error - 10.06.2012 12:43:44 | Computer Name = Inkeri-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 10.06.2012 12:43:44 | Computer Name = Inkeri-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.06.2012 14:34:39 | Computer Name = Inkeri-PC | Source = DCOM | ID = 10005 Description = Error - 11.06.2012 14:34:39 | Computer Name = Inkeri-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 11.06.2012 14:34:39 | Computer Name = Inkeri-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.06.2012 13:28:24 | Computer Name = Inkeri-PC | Source = DCOM | ID = 10010 Description = < End of report > |
22.11.2012, 15:28 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.8704.364 in C:\eSupport\eDriver\Software\Display\nVidia\N11X_N12X_R260\Win7_64_8.17.12.6643\Display.update\LoginTrigger.exe Hallo und
__________________Zitat:
Sonst noch Funde zu verzeichnen?
__________________ |
22.11.2012, 20:07 | #3 |
| TR/Spy.8704.364 in C:\eSupport\eDriver\Software\Display\nVidia\N11X_N12X_R260\Win7_64_8.17.12.6643\Display.update\LoginTrigger.exe Dann bin ich aber erleichtert. Malware findet auch nichts mehr.
__________________Vielen Dank Trotzdem!! Lg Katrin |
Themen zu TR/Spy.8704.364 in C:\eSupport\eDriver\Software\Display\nVidia\N11X_N12X_R260\Win7_64_8.17.12.6643\Display.update\LoginTrigger.exe |
ad-aware, antivir, avira, avira searchfree toolbar, bho, bonjour, error, fehler, firefox, flash player, helper, home, hängt, install.exe, libusb0.sys, logfile, löschen?, malware, mozilla, office 2007, plug-in, registry, richtlinie, safer networking, scan, security, senden, software, svchost.exe, trojaner, unlock, usb 2.0, windows, wiso |