| |
| |||||||
Log-Analyse und Auswertung: Tojaner - Start im abgesicherten Modus nicht möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.05.2013, 00:19
| #16 |
 |  Tojaner - Start im abgesicherten Modus nicht möglich Hallo Cosinus, der Rechner ist von meinem Bruder und der hatte Probleme mit dem GVU-Virus. Da hat er galube ich mit den Programmen den Trojanere beseitigen können. Ich dachte man könnte die Programme noch verwenden.. falsch gedacht...? |
|
20.05.2013, 21:47
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Tojaner - Start im abgesicherten Modus nicht möglich Naja, es ist kein Vorwurf. Ich frage mich nur, warum ohne Anweisung dieses Tool genutzt wurde. Was ihr mit eurem Rechner macht müsste ihr selbst wissen.
__________________Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
21.05.2013, 08:59
| #18 |
| | Tojaner - Start im abgesicherten Modus nicht möglich Hi Cosinus,
__________________anbei erhältst du beide Dateien. Vielen Dank |
|
21.05.2013, 13:12
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tojaner - Start im abgesicherten Modus nicht möglich Warum denn jetzt im Anhang?! Poste die Logs bitte in CODE-Tags
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.05.2013, 20:19
| #20 |
| | Tojaner - Start im abgesicherten Modus nicht möglich ok Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.20.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: BASIS [limited]
21.05.2013 01:07:08
mbar-log-2013-05-21 (01-07-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31108
Time elapsed: 30 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Users\Daniel\AppData\Local\Temp\dgwmjou (Trojan.Zbot.ED) -> Delete on reboot.
(end)
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-21 00:16:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0003SDM1 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\fxldqpod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031b6000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff800031b6042 4 bytes [00, 00, 00, 00]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000f4000 7 bytes [80, 93, F3, FF, 01, 9D, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000f4008 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.1 ----
.text C:\Users\Daniel\Downloads\gmer_2.1.19163.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077561465 2 bytes [56, 77]
.text C:\Users\Daniel\Downloads\gmer_2.1.19163.exe[6060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775614bb 2 bytes [56, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [756:1832] 000007fefc232154
Thread C:\Windows\system32\svchost.exe [980:4424] 000007fef4c75124
Thread C:\Windows\system32\svchost.exe [980:5844] 000007fefb584164
Thread C:\Windows\system32\svchost.exe [980:1480] 000007fef0ff1ab0
Thread C:\Windows\SysWOW64\ntdll.dll [312:840] 000000000040ce17
Thread C:\Windows\SysWOW64\ntdll.dll [312:1208] 00000000744a17a4
Thread C:\Windows\SysWOW64\ntdll.dll [312:1292] 00000000563aa680
Thread C:\Windows\SysWOW64\ntdll.dll [312:1296] 0000000055c94d60
Thread C:\Windows\SysWOW64\ntdll.dll [312:1300] 00000000561c82a0
Thread C:\Windows\SysWOW64\ntdll.dll [312:1304] 0000000055c94d60
Thread C:\Windows\SysWOW64\ntdll.dll [312:1308] 0000000055ca1190
Thread C:\Windows\SysWOW64\ntdll.dll [312:1312] 0000000055c94d60
Thread C:\Windows\SysWOW64\ntdll.dll [312:1316] 0000000055e37240
Thread C:\Windows\SysWOW64\ntdll.dll [312:1320] 00000000563aa680
Thread C:\Windows\SysWOW64\ntdll.dll [312:1328] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1676] 00000000555d7290
Thread C:\Windows\SysWOW64\ntdll.dll [312:1684] 0000000055f8a790
Thread C:\Windows\SysWOW64\ntdll.dll [312:1756] 0000000055c94d60
Thread C:\Windows\SysWOW64\ntdll.dll [312:1760] 0000000055c94d60
Thread C:\Windows\SysWOW64\ntdll.dll [312:1764] 0000000055fae790
Thread C:\Windows\SysWOW64\ntdll.dll [312:1768] 0000000055faa120
Thread C:\Windows\SysWOW64\ntdll.dll [312:1772] 0000000055413bc0
Thread C:\Windows\SysWOW64\ntdll.dll [312:1776] 000000000146b0a0
Thread C:\Windows\SysWOW64\ntdll.dll [312:1780] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1788] 0000000055fab0a0
Thread C:\Windows\SysWOW64\ntdll.dll [312:1792] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1812] 0000000055c94d60
Thread C:\Windows\SysWOW64\ntdll.dll [312:1816] 0000000055c94d60
Thread C:\Windows\SysWOW64\ntdll.dll [312:1820] 00000000553554e0
Thread C:\Windows\SysWOW64\ntdll.dll [312:1824] 0000000055c94d60
Thread C:\Windows\SysWOW64\ntdll.dll [312:1828] 0000000055ca1190
Thread C:\Windows\SysWOW64\ntdll.dll [312:1908] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1912] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1916] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1920] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1924] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1928] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:2020] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:2032] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1408] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1360] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1420] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1428] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:280] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1044] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1624] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1588] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1584] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1572] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1784] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1804] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1808] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1596] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1540] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1536] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1840] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1080] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:1672] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:2076] 0000000073d04d20
Thread C:\Windows\SysWOW64\ntdll.dll [312:2080] 0000000073d04d20
Thread C:\Windows\SysWOW64\ntdll.dll [312:2552] 000000007232d497
Thread C:\Windows\SysWOW64\ntdll.dll [312:3200] 000000007232d497
Thread C:\Windows\system32\svchost.exe [1848:4324] 000007fef33a3f1c
Thread C:\Windows\system32\svchost.exe [1848:4328] 000007fef32f1a38
Thread C:\Windows\system32\svchost.exe [1848:4332] 000007fef32e5388
Thread C:\Windows\system32\svchost.exe [1848:4340] 000007fef32c7738
Thread C:\Windows\system32\svchost.exe [1848:4356] 000007fef32b1f90
Thread C:\Windows\System32\spoolsv.exe [1576:3388] 000007fef78410c8
Thread C:\Windows\System32\spoolsv.exe [1576:3432] 000007fef59d6144
Thread C:\Windows\System32\spoolsv.exe [1576:3444] 000007fef55c5fd0
Thread C:\Windows\System32\spoolsv.exe [1576:3472] 000007fef7823438
Thread C:\Windows\System32\spoolsv.exe [1576:3476] 000007fef55c63ec
Thread C:\Windows\System32\spoolsv.exe [1576:3504] 000007fefa385e5c
Thread C:\Windows\System32\spoolsv.exe [1576:3520] 000007fef5a55074
Thread C:\Windows\System32\spoolsv.exe [1576:3768] 000007fef5a37b4c
Thread [2564:2604] 00000000775e2e25
Thread [2564:6972] 00000000775e3e45
Thread C:\Windows\SysWOW64\ntdll.dll [2912:2916] 00000000004028bf
Thread C:\Windows\system32\svchost.exe [2272:3332] 0000000074bf6100
Thread C:\Windows\system32\svchost.exe [2272:3336] 0000000074bf6100
Thread C:\Windows\system32\svchost.exe [2272:3612] 000007fef54635c0
Thread C:\Windows\system32\svchost.exe [2272:3828] 000007fef5465600
Thread C:\Windows\system32\svchost.exe [2272:5160] 000007fef0a12888
Thread C:\Windows\system32\svchost.exe [2272:5520] 000007fef09b2940
Thread C:\Windows\SysWOW64\ntdll.dll [3416:3420] 000000000001430e
Thread C:\Windows\SysWOW64\ntdll.dll [3416:3496] 0000000073d04d20
Thread C:\Windows\SysWOW64\ntdll.dll [3416:3500] 0000000073d04d20
Thread C:\Windows\SysWOW64\ntdll.dll [3416:3508] 00000000712e184f
Thread C:\Windows\SysWOW64\ntdll.dll [3416:3512] 00000000712e184f
Thread C:\Windows\SysWOW64\ntdll.dll [2424:1120] 00000000001c6d1b
Thread C:\Windows\SysWOW64\ntdll.dll [2424:3248] 00000000001c86b6
Thread C:\Windows\SysWOW64\ntdll.dll [2424:3280] 00000000001c86b6
Thread C:\Windows\SysWOW64\ntdll.dll [2424:3288] 00000000001c86b6
Thread C:\Windows\SysWOW64\ntdll.dll [2424:3320] 00000000001c86b6
Thread C:\Windows\SysWOW64\ntdll.dll [2424:2056] 00000000001c86b6
Thread C:\Windows\SysWOW64\ntdll.dll [2424:976] 00000000001c86b6
Thread C:\Windows\SysWOW64\ntdll.dll [2424:5092] 00000000001c86b6
Thread C:\Windows\SysWOW64\ntdll.dll [2424:5532] 00000000001c86b6
Thread C:\Windows\System32\svchost.exe [3304:6068] 000007feef709688
Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [620:4120] 0000000074bf6100
Thread C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [620:4124] 0000000074bf6100
Thread C:\Windows\system32\svchost.exe [5836:5868] 000007feff62a808
Thread C:\Windows\system32\svchost.exe [5836:2216] 000007fefe066e60
Thread [4384:2900] 000007fef6dccc10
Thread [4384:5232] 000007fef6c8b564
Thread [4384:5924] 00000000773caec0
Thread [4384:5580] 000007fef6c8b564
Thread [4384:5588] 000007fef6d9f718
Thread [4384:6040] 000007fef6c8b564
Thread [4384:6056] 000007fef72c6050
Thread [4384:2984] 000007fef6c8b564
Thread [4384:3484] 000007fefbbd2a7c
Thread [4384:4892] 000007fef6c8b564
Thread [4384:3404] 000007fef6c8b564
Thread [4384:5688] 000007fef6c8b564
Thread [4384:3408] 000007fef6c8143c
Thread [4384:5352] 000007fef6c8b564
Thread [4384:4820] 000007fef6c8b564
Thread [4384:5592] 00000000634c6c88
Thread [4384:6036] 000007fef6c8b564
Thread [4384:1628] 000007fef6c8b564
Thread [4384:4888] 00000000773cfbc0
Thread [4384:5012] 000007fef6c8b564
Thread [4384:4256] 00000000773cfbc0
Thread [4384:4824] 00000000773cfbc0
Thread [4384:6260] 00000000774aa940
Thread [4384:644] 000007fef6c8b564
Thread [4384:7060] 00000000773cfbc0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3AA40DD6-4E41-4FF6-9B93-527D7526BBEC}\Connection@Name isatap.{39EA3782-9919-4BF8-9DBE-7D3C800A5F92}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3AA40DD6-4E41-4FF6-9B93-527D7526BBEC}@InterfaceName isatap.{39EA3782-9919-4BF8-9DBE-7D3C800A5F92}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3AA40DD6-4E41-4FF6-9B93-527D7526BBEC}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
21.05.2013, 20:26
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tojaner - Start im abgesicherten Modus nicht möglichZitat:
Bitte nochmal starten, über Rechtsklick => Als Administrator ausführen
__________________ --> Tojaner - Start im abgesicherten Modus nicht möglich |
|
21.05.2013, 22:14
| #22 |
| | Tojaner - Start im abgesicherten Modus nicht möglich ok, da isses: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.21.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: BASIS [administrator]
21.05.2013 22:28:42
mbar-log-2013-05-21 (22-28-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31203
Time elapsed: 36 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
22.05.2013, 08:13
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tojaner - Start im abgesicherten Modus nicht möglich aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2013, 12:02
| #24 |
| | Tojaner - Start im abgesicherten Modus nicht möglich hi cosinus, hier sind die ergebnisse der scans |
|
22.05.2013, 12:46
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tojaner - Start im abgesicherten Modus nicht möglichZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2013, 13:17
| #26 |
| | Tojaner - Start im abgesicherten Modus nicht möglich okay. |
|
22.05.2013, 13:33
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tojaner - Start im abgesicherten Modus nicht möglich Ok. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2013, 16:01
| #28 |
| | Tojaner - Start im abgesicherten Modus nicht möglich all clear. Code:
ATTFilter # AdwCleaner v2.301 - Datei am 22/05/2013 um 16:50:04 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Daniel - BASIS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Daniel\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\bcuzlkqc.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.14.1738.0
Datei : C:\Users\Daniel\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1238 octets] - [22/05/2013 16:12:30]
AdwCleaner[S1].txt - [5268 octets] - [18/02/2013 20:06:03]
AdwCleaner[S2].txt - [1171 octets] - [22/05/2013 16:50:04]
########## EOF - C:\AdwCleaner[S2].txt - [1231 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Daniel on 22.05.2013 at 15:29:07,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B6C9357B-8FE5-4293-BD37-AFD666AC47E7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\pdfforge"
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{0D975738-376B-491C-98C6-A8108BDE972B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{119B6A55-B21B-4B6D-8658-027CFD5F3408}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{137EE534-3833-4AFC-A61C-5AC37C38962C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{1B351B91-7521-4391-B863-A54E7E5A9152}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{1C721DC4-10A9-4A0E-A3A7-B7B57E92717E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{1F0AE3BB-D43F-416B-AD87-1B7BB97E3D8B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{2174E879-1710-491A-A7A4-0006A1065E17}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{2485EE17-96D5-4833-AFAD-9796D61AC901}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{2F2F846D-006A-4837-A488-BCF6B8971B6E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{3BB0B0D9-7FDD-4A89-A8EF-E582B36328C8}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{3C101C9C-4E59-461E-B75F-5766C31107C3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{406E9371-18AD-4A69-BE2C-8CBD040DD3F0}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{40F190ED-5A17-40DC-9917-F445C971D916}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{44AC88F2-2606-4E3B-BB7C-519E050A418D}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{45490FDB-45BD-418C-BEDE-900F5779C220}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{47D31B37-110F-4F0F-AA40-BCEB2F5BDF03}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{4FFD1F19-611D-4763-BE90-7EF9065ABFF5}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{562FFD63-34D4-4B94-BAB9-15E350A842FC}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{5FE24B35-9A41-4809-9139-AB6355A7ACA9}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{63BF103F-EFD4-49EC-B152-FB62F9D8800C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{68E4F3A0-EB4A-4554-8E79-25672FC1EF03}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{6A8C5C2B-C484-489A-96D6-727F30F0E7B0}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{6B14EEE2-3B19-40D0-9E59-CDD5D09816B2}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{6B8A8E37-CA90-4F00-ADC1-D88F59044265}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{6EE5F1D0-B36D-41BE-87AB-4761B0F74448}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{7267EEA2-2323-4F4A-95AC-1EA017DC635E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{74FD1462-73EF-42E7-BB0D-CC818FC6D7F6}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{7C155E0F-C7CC-495C-A87F-0A919AAD742A}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{840A921A-1E11-43A6-94F0-B0CF0D77128C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{8816DA1A-4EA3-48C6-B33C-5B2A64E5152C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{8829BEDE-6310-4D08-A7E6-256A99BA545A}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{918F4281-E6FC-44F0-A3A3-E1EADA82715E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{926172CD-CD62-4A88-940F-AEE957E501CD}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{95D65842-1CB7-4433-BD30-A6F8D3DB1A28}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{963DBBBC-FFD9-485F-8E9A-F7824D6B35DB}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{97B55FC0-3670-4244-BB49-BB70463FA11E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{99D286C4-C2E2-47CC-874E-042CA0882660}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{9FEABFE7-6318-43A2-A1B3-B0F299EFEA2B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{A383DF53-0127-4698-BB4C-DD7245BF2CB3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{A4AB7156-F54A-4D72-A14D-3C62ADD6EE33}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{A760A013-CDEF-46DD-A3F8-A5EB23F4E8EB}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B2B84918-338C-4DDF-870A-ECDF05026FDE}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B336E7C6-45F0-4B9B-AD49-9A4D2617F2F3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B9AE2B97-796D-4645-BAA3-305359C4D15B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{BB106C58-6990-4017-8114-52D4F19FE756}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C09E2903-4C62-4B69-8C62-8133609E2503}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C3185518-CF93-4B38-BF9C-243DA5748957}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C4B6CCFE-4393-4821-B4D5-6FACCD85A293}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C708EB9F-26F5-48EB-8E62-E1ED17B8036D}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C787DECB-CD5D-42A5-9B96-1F417328D2C2}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{D34DA828-D79F-405A-949D-4910027808F5}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{D7F1D421-9364-4E6D-9B6A-069529E189B8}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{E9CCE04A-99C9-461D-9493-2B19186B9B0E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{EBB3DFA1-EDB9-4A9F-A468-FAE0A2E09725}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{EF97B418-DA55-4DDE-A330-F2215CE3D1CD}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{FF264C81-547C-479B-822B-9FC6C3BB3E09}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{FFCBDB77-E483-4554-8133-A435FA1C58CE}
~~~ FireFox
Successfully deleted the following from C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\bcuzlkqc.default\prefs.js
user_pref("extensions.crossrider.bic", "136c9f5fb48e4900eca4c70e7c7755dd");
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\bcuzlkqc.default\minidumps [158 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2013 at 15:54:48,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter OTL logfile created on: 22.05.2013 16:15:22 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,61 Gb Total Physical Memory | 3,29 Gb Available Physical Memory | 58,71% Memory free 11,21 Gb Paging File | 8,35 Gb Available in Paging File | 74,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 128,18 Gb Total Space | 38,35 Gb Free Space | 29,92% Space Free | Partition Type: NTFS Drive D: | 144,91 Gb Total Space | 75,40 Gb Free Space | 52,03% Space Free | Partition Type: NTFS Drive H: | 931,28 Gb Total Space | 566,04 Gb Free Space | 60,78% Space Free | Partition Type: FAT32 Computer Name: BASIS | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Daniel\Downloads\adwcleaner.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe (Sophos Plc) PRC - C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe (Sophos Plc) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll () MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\banner.zxt () MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\ZeonForm.zxt () MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\annot.zxt () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\ZDigSig.zxt () MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\PPKLite.zxt () MOD - C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\Search.zxt () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (Sophos Client Firewall Manager) -- C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe (Sophos Plc) SRV - (Sophos Client Firewall) -- C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe (Sophos Plc) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Plc) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (scfdriver) -- C:\Windows\SysNative\drivers\scfdriver.sys (Sophos Plc) DRV:64bit: - (scflwf) -- C:\Windows\SysNative\drivers\scflwf.sys (Sophos Plc) DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\..\SearchScopes,DefaultScope = {B6C9357B-8FE5-4293-BD37-AFD666AC47E7} IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 15:57:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 02:24:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 02:24:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.02.27 13:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2013.05.09 02:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\bcuzlkqc.default\extensions [2012.12.12 01:08:44 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\bcuzlkqc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.09 02:00:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\bcuzlkqc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.22 15:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 16:03:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.22 15:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 15:57:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.05.18 21:12:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001..\Run: [EA Core] D:\FIFA.Manager.10-RELOADED\EADM\Core.exe (Electronic Arts) O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24747FF-5A38-4765-AF9A-B88E1C858F0E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll (Sophos Plc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Plc) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll (Sophos Plc) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1079637092-1404767213-1586573362-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 15:28:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.22 15:26:10 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.22 11:26:44 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe [2013.05.21 00:17:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\mbar [2013.05.18 06:02:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.05.16 03:02:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.16 03:02:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.16 03:02:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.16 03:02:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.16 03:02:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.16 03:02:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.16 03:02:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.16 03:02:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.16 03:02:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.16 03:02:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.16 03:02:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.16 03:02:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.16 03:02:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.16 03:02:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.16 03:02:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.16 02:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.15 11:30:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 11:30:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 11:13:21 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 11:13:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 11:13:20 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 11:13:20 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 11:12:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.15 11:12:44 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll [2013.05.13 02:00:39 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2013.04.29 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.29 12:01:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.29 12:01:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.29 12:01:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.24 20:01:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Application Data ========== Files - Modified Within 30 Days ========== [2013.05.22 15:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.22 13:06:42 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012b Startup Accelerator.job [2013.05.22 13:00:58 | 000,024,614 | ---- | M] () -- C:\Users\Daniel\Desktop\Desktop.rar [2013.05.22 12:48:19 | 000,000,512 | ---- | M] () -- C:\Users\Daniel\Desktop\MBR.dat [2013.05.22 11:28:19 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe [2013.05.22 10:59:33 | 001,663,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.22 10:59:33 | 000,713,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.22 10:59:33 | 000,674,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.22 10:59:33 | 000,152,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.22 10:59:33 | 000,128,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 10:46:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 02:36:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 02:36:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 02:27:53 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI [2013.05.22 02:26:29 | 218,939,391 | -HS- | M] () -- C:\hiberfil.sys [2013.05.18 21:12:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013.05.18 19:40:58 | 000,001,051 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.18 19:40:17 | 000,001,021 | ---- | M] () -- C:\Users\Daniel\Desktop\Dropbox.lnk [2013.05.16 11:28:54 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.05.16 04:06:43 | 000,417,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 10:59:10 | 004,102,677 | R--- | M] () -- C:\Users\Daniel\trainee_corporates-3.pdf [2013.05.15 03:53:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 03:53:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.12 17:30:39 | 016,282,297 | ---- | M] () -- C:\Users\Daniel\Documents\dez.spv [2013.05.12 11:48:36 | 015,963,273 | ---- | M] () -- C:\Users\Daniel\Documents\jan.spv [2013.05.09 11:07:16 | 010,964,387 | ---- | M] () -- C:\Users\Daniel\Documents\jul.spv [2013.05.08 21:50:27 | 010,571,327 | ---- | M] () -- C:\Users\Daniel\Documents\mrz.spv [2013.05.08 18:04:32 | 010,608,641 | ---- | M] () -- C:\Users\Daniel\Documents\feb.spv [2013.05.08 13:12:28 | 010,493,495 | ---- | M] () -- C:\Users\Daniel\Documents\nov.spv [2013.05.07 20:44:53 | 010,166,854 | ---- | M] () -- C:\Users\Daniel\Documents\apr.spv [2013.05.04 18:22:48 | 009,391,414 | ---- | M] () -- C:\Users\Daniel\Documents\Output1b.spv [2013.05.04 10:54:07 | 008,921,013 | ---- | M] () -- C:\Users\Daniel\Documents\Output1a.spv [2013.04.23 21:51:12 | 000,014,212 | ---- | M] () -- C:\Users\Daniel\Desktop\InformationzuIhrerAnfrage.PDF ========== Files Created - No Company Name ========== [2013.05.22 12:48:19 | 000,000,512 | ---- | C] () -- C:\Users\Daniel\Desktop\MBR.dat [2013.05.20 00:24:40 | 000,024,614 | ---- | C] () -- C:\Users\Daniel\Desktop\Desktop.rar [2013.05.15 10:58:07 | 004,102,677 | R--- | C] () -- C:\Users\Daniel\trainee_corporates-3.pdf [2013.05.12 17:30:39 | 016,282,297 | ---- | C] () -- C:\Users\Daniel\Documents\dez.spv [2013.05.09 11:07:16 | 010,964,387 | ---- | C] () -- C:\Users\Daniel\Documents\jul.spv [2013.05.08 18:04:32 | 010,608,641 | ---- | C] () -- C:\Users\Daniel\Documents\feb.spv [2013.05.07 20:44:53 | 010,166,854 | ---- | C] () -- C:\Users\Daniel\Documents\apr.spv [2013.05.07 09:43:12 | 010,571,327 | ---- | C] () -- C:\Users\Daniel\Documents\mrz.spv [2013.05.07 01:18:10 | 010,493,495 | ---- | C] () -- C:\Users\Daniel\Documents\nov.spv [2013.05.05 21:01:52 | 015,963,273 | ---- | C] () -- C:\Users\Daniel\Documents\jan.spv [2013.05.04 18:22:48 | 009,391,414 | ---- | C] () -- C:\Users\Daniel\Documents\Output1b.spv [2013.05.04 10:54:07 | 008,921,013 | ---- | C] () -- C:\Users\Daniel\Documents\Output1a.spv [2013.04.23 21:51:11 | 000,014,212 | ---- | C] () -- C:\Users\Daniel\Desktop\InformationzuIhrerAnfrage.PDF [2013.02.18 20:28:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.18 20:28:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.18 20:28:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.18 20:28:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.18 20:28:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.14 23:29:41 | 000,004,219 | ---- | C] () -- C:\Users\Daniel\As4.synctex.gz [2013.01.14 23:00:33 | 000,074,851 | ---- | C] () -- C:\Users\Daniel\As4.pdf [2013.01.14 22:59:38 | 000,000,165 | ---- | C] () -- C:\Users\Daniel\As4.aux [2013.01.14 22:59:24 | 000,000,934 | ---- | C] () -- C:\Users\Daniel\As4.tex [2013.01.14 22:33:38 | 000,059,109 | ---- | C] () -- C:\Users\Daniel\Assignment4.pdf [2013.01.14 22:33:38 | 000,000,163 | ---- | C] () -- C:\Users\Daniel\Assignment4.aux [2013.01.14 22:33:37 | 000,004,066 | ---- | C] () -- C:\Users\Daniel\Assignment4.synctex.gz [2013.01.14 13:21:56 | 000,000,934 | ---- | C] () -- C:\Users\Daniel\Assignment4.tex [2012.12.03 12:14:31 | 002,693,311 | ---- | C] () -- C:\Users\Daniel\enigmail-1.4.6-sm+tb.xpi [2012.08.13 21:49:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.08.13 21:49:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.03.16 14:06:27 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI [2012.01.28 18:51:40 | 001,558,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.18 09:06:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.18 09:01:39 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.14 04:55:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 16:15:22 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,61 Gb Total Physical Memory | 3,29 Gb Available Physical Memory | 58,71% Memory free
11,21 Gb Paging File | 8,35 Gb Available in Paging File | 74,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 128,18 Gb Total Space | 38,35 Gb Free Space | 29,92% Space Free | Partition Type: NTFS
Drive D: | 144,91 Gb Total Space | 75,40 Gb Free Space | 52,03% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 566,04 Gb Free Space | 60,78% Space Free | Partition Type: FAT32
Computer Name: BASIS | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B1BBCC-547A-4DBE-94FB-F59F1BBBBE82}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{22119967-3266-4A36-891A-EB0327CDAE08}" = lport=445 | protocol=6 | dir=in | app=system |
"{2308C865-2931-4D2B-88BC-505F5576B726}" = lport=137 | protocol=17 | dir=in | app=system |
"{24C7BEF4-20B5-4C2D-A43F-7C778A20D3F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2D274847-9891-4258-9AA5-E6D600C8A5BE}" = rport=137 | protocol=17 | dir=out | app=system |
"{3804366A-F168-4CE9-95A2-53F80221E140}" = lport=139 | protocol=6 | dir=in | app=system |
"{3C25890C-90F8-4FE0-9A50-DE2EE54D22B6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3C48C0DA-0BBE-4CD0-9AD3-2AA9F41B0170}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{53C69CD8-8FBA-40EC-AC61-FF2BFC9E5AC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F1453CE-082E-4148-870D-D6115DA9814A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{68FC3F23-8136-4D8B-8B46-D69F355421DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{71A5E047-D37B-4A50-87CF-8D21EA982B27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71C1071F-9069-49F4-A615-D95C80A2D84C}" = rport=138 | protocol=17 | dir=out | app=system |
"{72D6E5C4-6BE2-43D5-B665-5BEC5B5E8289}" = rport=445 | protocol=6 | dir=out | app=system |
"{770AB3D3-678E-49C6-8165-F20DB8974C79}" = lport=138 | protocol=17 | dir=in | app=system |
"{77AD00E8-7A85-4457-91A4-9DC6E21B9238}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8877F45F-140B-4076-8B34-09B66E4A67BB}" = rport=139 | protocol=6 | dir=out | app=system |
"{8B29FA2F-ACCB-4FBA-87B4-C29F6DD787E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{B276822F-9646-4360-ADE9-EF6F57A5E0A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C3E1DD99-8163-4257-A31A-A89416810119}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5FBD8BA-7BBB-4374-93AD-E6018E2FA164}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE6824B6-2545-427E-8B0F-7B3B0B93963B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0428F49E-D561-4885-8407-60FDA530B1B3}" = protocol=17 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{048E5D8E-0A06-4A27-90AC-DAE7D9EA05AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05921E67-A66E-47E3-9720-31A8D203FE58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0DE55ABB-09CD-454E-B2E3-E49CA90076EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E1C0026-3273-4F82-BCF4-33CD5AA8EE16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F49BA5F-E6E5-4197-938D-478E13758D78}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{253247DB-A1AE-4FA2-99E0-AB8EABE275AD}" = protocol=6 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{38004588-5321-4388-BA7C-16B12AA92A4F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{447A6722-102E-47D2-9958-FA11660F2287}" = protocol=17 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{4AE889B9-59C8-4DF3-A4CF-B2A5BA045B3F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{501B90E3-8470-4524-8915-FE688D5B547C}" = protocol=17 | dir=in | app=d:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{54954F74-86B7-4539-A206-D574788BD41C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57562EC6-0E81-4A7D-BA01-DB5F56A0436B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{659B74BF-7E4C-41A8-B10A-92642832D5A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7DAF63AC-AB1B-4E23-916C-64D2C775C623}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DBB5808-F601-45C4-95BB-C5B59ABE43EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E2A5220-97B0-4D21-985F-58EFD8B5E60D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{90858D94-2230-4773-9F46-6998B65C9E6F}" = protocol=17 | dir=in | app=d:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{91A9008F-171D-4451-8FE2-27D899AC4F9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{955C8760-15C0-475E-AF74-A4FCD569DB49}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9BE17CB0-C964-48CF-8862-8DF92DA7265C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A193FA49-A261-421D-8D6F-440E1828F2FF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A22FF28D-9086-4568-84DE-C3D1BEF3925F}" = protocol=6 | dir=out | app=system |
"{AB4B5379-8344-463D-8F92-77FDE3CF92E8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{ADDC7848-60DB-4FC2-9DA9-826622E8E34A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B5761F4A-5F75-449D-ABD4-D9C24F6D5D48}" = protocol=6 | dir=in | app=d:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{BA3797B6-E1E9-4796-A4AB-D0FF9742A448}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BB998749-016C-46DE-8CB0-698B5FDEB925}" = protocol=6 | dir=in | app=d:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{BEDF2383-5941-4AD0-AD16-E5EBF25C8C70}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
"{C5C22973-0A04-4411-933B-206BC9EF830D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBA09DCC-6760-4DB6-B6E3-68E188198282}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CC5DE2FB-D7E9-43C8-A44E-881A7171003F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CCBEA74E-E068-4C3B-B33D-31406972BF58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD2C810C-1753-4B55-9E6C-3A03F52C53D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1A45986-BCEA-4DDE-9711-F702B8B2D3B8}" = protocol=6 | dir=in | app=d:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{D77A3E20-2F49-40F7-982C-32C26D0A8253}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9A480D5-385D-4702-9847-68E863EFC462}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E0AB41FA-405D-4545-985D-8A3B9ACCF201}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E8BA070A-60E4-4D5B-9A24-E46DDBEB3BD5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EC629A46-60DE-4545-B6B5-A7E5B70AC1FF}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
"{F2599FA8-314E-4A73-AD1D-EBBA070929DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FDAC0815-367D-4DC8-AFC4-5B758B45A7B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{11D96381-C349-60F6-6E95-013D80B6B68B}" = AMD Fuel
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C4C0E06-5E82-FEF7-7A35-6ED0FBA91307}" = AMD Media Foundation Decoders
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E17025A7-39B6-375E-8F1E-20637D19549C}" = AMD Catalyst Install Manager
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FF91D913-0F96-E8B4-7F24-138D64AEE63A}" = ccc-utility64
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"GPL Ghostscript 9.04" = GPL Ghostscript
"Matlab R2012b" = MATLAB R2012b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"R for Windows 2.15.2_is1" = R for Windows 2.15.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{12C00299-B8B4-40D3-9663-66ABEA3198AB}" = Sophos Client Firewall
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A10EA04-AF48-AB19-DE2B-0F7ABF174B22}" = CCC Help Finnish
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AC6E8CB-B022-A7E1-66DA-E063B6CEC373}" = CCC Help Polish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{29AFBD5C-71A8-DA79-508C-53E040EE3E71}" = CCC Help Italian
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36BFE02C-3247-EC65-5B79-C31CA8A2EA6B}" = CCC Help Chinese Traditional
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3993DD42-0739-7DCB-CB1E-512A1D0287B6}" = CCC Help Portuguese
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D06DD4B-2D97-CB62-1639-66995969E0F7}" = CCC Help Chinese Standard
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{40D1F76D-FD54-6FF9-8A83-E2B6849FF755}" = CCC Help Korean
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C699616-D8EA-9E2F-0246-68E0298A9081}" = CCC Help German
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50B8CA72-98FD-21A1-3448-601998D44C1D}" = CCC Help Swedish
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55C6CD22-E3A4-4937-CFFB-C7E11FA6A5A3}" = CCC Help Dutch
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56050D82-138B-D911-CE56-DC4783CAA22C}" = CCC Help English
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{615AA928-1427-735E-C728-55AF614CD3DA}" = Catalyst Control Center Profiles Mobile
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62D16CB8-4DD5-0314-2AD7-C3C2BCADC234}" = CCC Help Thai
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69424C7F-B6CA-8786-E0CA-89D5915C9486}" = CCC Help Turkish
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5E0E1B-FADA-9749-80F6-03A0A7967FEC}" = CCC Help Danish
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71296ABE-826A-2D27-9FD0-503F39A4D7ED}" = CCC Help Japanese
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A11EFE0E-A256-C423-223F-4808E88024DB}" = CCC Help Greek
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9868A83-9D72-2F2D-F549-A5BD46891987}" = CCC Help Norwegian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2A07D8D-71DB-4929-9154-2D8A198F0FDA}" = CCC Help Spanish
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C10C5955-9E14-A895-BF90-29388B133FEA}" = CCC Help Russian
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9440B47-2604-44EC-DA52-46DB4FA946ED}" = CCC Help French
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CA234488-A4E4-FE20-DEF4-D68C43ACACA2}" = CCC Help Czech
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA9FD67B-0AAF-C83D-E2AC-C7D296FA0FE4}" = Catalyst Control Center Localization All
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE6698C9-53D4-67FB-2A2B-67CB1DEF89E5}" = AMD VISION Engine Control Center
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8857969-C550-C462-1785-DB5523AE133C}" = CCC Help Hungarian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB51A10-A57D-29AB-90D1-3EEE29BD388F}" = Catalyst Control Center InstallProxy
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"DAEMON Tools Lite" = DAEMON Tools Lite
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.14.1738" = Opera 12.14
"Plants vs Zombies" = Plants vs Zombies
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"Texmaker" = Texmaker
"TeXstudio_is1" = TeXstudio 2.3
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
"XnView_is1" = XnView 1.99.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1079637092-1404767213-1586573362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 10.02.2013 18:50:18 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 91
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.02.2013 20:08:46 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4679
seconds with 2700 seconds of active time. This session ended with a crash.
Error - 10.02.2013 21:21:52 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4365
seconds with 2940 seconds of active time. This session ended with a crash.
Error - 04.03.2013 18:28:41 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 187219
seconds with 40920 seconds of active time. This session ended with a crash.
Error - 05.03.2013 20:06:10 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 91948
seconds with 10740 seconds of active time. This session ended with a crash.
Error - 31.03.2013 05:43:08 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 77315
seconds with 21120 seconds of active time. This session ended with a crash.
Error - 02.04.2013 10:09:25 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 46431
seconds with 11160 seconds of active time. This session ended with a crash.
Error - 10.04.2013 05:55:40 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3354
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 19.04.2013 08:32:24 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 76571
seconds with 35460 seconds of active time. This session ended with a crash.
Error - 28.04.2013 22:05:40 | Computer Name = Basis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4757
seconds with 600 seconds of active time. This session ended with a crash.
< End of report >
|
|
22.05.2013, 20:13
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tojaner - Start im abgesicherten Modus nicht möglich Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2013, 06:01
| #30 |
| | Tojaner - Start im abgesicherten Modus nicht möglich scans dauerrten eine ewigkeit. ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2fc706100f3ba142b9e559add6b40cf7
# engine=13197
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-21 12:42:36
# local_time=2013-02-21 01:42:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 55452 113037206 0 0
# compatibility_mode=8450 16777213 85 98 6587485 174666390 0 0
# scanned=436501
# found=1
# cleaned=0
# scan_time=45400
sh=7F5B4839D00359AD9327DC21DC977DE652C871B0 ft=0 fh=0000000000000000 vn="JS/Agent.NID trojan" ac=I fn="C:\_OTL\MovedFiles\02182013_231835\C_ProgramData\dsgsdgdsgdsgw.js"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2fc706100f3ba142b9e559add6b40cf7
# engine=13895
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-24 01:10:58
# local_time=2013-05-24 03:10:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 135551 120987708 0 0
# compatibility_mode=8450 16777213 85 98 5843837 182616892 0 0
# scanned=525670
# found=12
# cleaned=0
# scan_time=40190
sh=F7ED23A3187C32134B860737D47C8513789E5AB2 ft=1 fh=62db4b4db591c5f6 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1079637092-1404767213-1586573362-1001\$RBLIO9Y.exe"
sh=DAFE8EE373E92DD6D7EA981C2E410CF220E1C538 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Documents and Settings\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G19YC5HJ\980769[1].js"
sh=300E7513C28399B4FA65DFE2EF955D6EC846CCF2 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NVX trojan" ac=I fn="C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\51889051-2df605ca"
sh=A8846FE28E6DDC50E3EA046F43DA490F6879A706 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\25bc2213-18fb54ff"
sh=BC3C2437A717BECCD026241DCB6DD0053F44E749 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.E trojan" ac=I fn="C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\30efd042-71eff98a"
sh=4E8E7DCBBB176852ECCFAB5D968DD1CAB5EF4B64 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OIJ trojan" ac=I fn="C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\14019747-6b3f08a1"
sh=DAFE8EE373E92DD6D7EA981C2E410CF220E1C538 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G19YC5HJ\980769[1].js"
sh=300E7513C28399B4FA65DFE2EF955D6EC846CCF2 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NVX trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\51889051-2df605ca"
sh=A8846FE28E6DDC50E3EA046F43DA490F6879A706 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\25bc2213-18fb54ff"
sh=BC3C2437A717BECCD026241DCB6DD0053F44E749 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.E trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\30efd042-71eff98a"
sh=4E8E7DCBBB176852ECCFAB5D968DD1CAB5EF4B64 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OIJ trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\14019747-6b3f08a1"
sh=E85CABD0C9AE654A703A68E9EBC1B86FB04B5D6E ft=0 fh=0000000000000000 vn="JS/Kryptik.MV trojan" ac=I fn="H:\BASIS\Backup Set 2012-05-07 153342\Backup Files 2012-05-07 153342\Backup files 4.zip"
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.22.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: BASIS [Administrator] 22.05.2013 22:44:33 mbam-log-2013-05-22 (22-44-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 606993 Laufzeit: 4 Stunde(n), 1 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\_OTL\MovedFiles\MovedFiles.zip (Trojan.Zbot.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\05182013_150840\C_Users\Daniel\AppData\Roaming\skype.dat (Trojan.Zbot.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
| Themen zu Tojaner - Start im abgesicherten Modus nicht möglich |
| abgesicherte, abgesicherten, abgesicherten modus, absoluter, daten, daten sichern, desktop, erwischt, formatiere, formatieren, heulen, modus, nicht mehr, nicht möglich, sichern, start, tojaner, troja, verloren |
Linear-Darstellung
