| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem mitTrojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.10.2012, 18:12
| #1 |
| |  Problem mitTrojaner? Hallo, ich habe offensichtlich einen Trojaner eingefangen. Sobald ich bei Firefox einen Link anklicke, werde ich zu irgendwelchen Werbeseiten weitergeleitet. Ich habe auch Chrome installiert, wo dieses Probleme allerdings nicht auftritt. Otl bzw. den Quickscan habe ich bereits laufen lassen und kopiere OTL.txt und Extra.txt vorsorglich gleich einmal hier herein. Vielen Dank für Eure Hilfe! Siegfried OTL logfile created on: 10/27/2012 6:28:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\siesil\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.92 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 65.45% Memory free 7.83 Gb Paging File | 6.25 Gb Available in Paging File | 79.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97.90 Gb Total Space | 41.89 Gb Free Space | 42.79% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: siesil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/27 17:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\siesil\Desktop\OTL (1).exe PRC - [2012/08/14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/05/16 16:27:30 | 007,345,736 | ---- | M] (Bartels Media GmbH) -- C:\Program Files (x86)\PhraseExpress\phraseexpress.exe PRC - [2012/03/26 18:59:14 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files (x86)\CrashPlan\CrashPlanService.exe PRC - [2012/03/26 18:58:47 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe PRC - [2011/12/21 20:46:46 | 001,225,216 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\iron.exe PRC - [2011/12/20 15:52:04 | 002,783,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2011/09/08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/06/11 15:16:09 | 000,330,696 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe PRC - [2011/05/27 19:22:04 | 007,077,456 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe PRC - [2011/05/27 19:14:28 | 002,161,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2011/04/08 14:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2011/02/15 22:25:14 | 000,726,608 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\EasySpeedUpManager.exe PRC - [2011/01/29 19:28:06 | 001,761,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\SecGfxController.exe PRC - [2011/01/25 23:31:58 | 000,064,000 | ---- | M] () -- C:\Windows\tpmon.exe PRC - [2011/01/21 21:41:24 | 002,195,024 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\SmartSetting.exe PRC - [2011/01/13 15:56:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010/12/21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/12/21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/29 07:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe PRC - [2010/11/17 10:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2010/11/10 01:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2009/03/27 13:55:28 | 001,052,672 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe ========== Modules (No Company Name) ========== MOD - [2012/05/16 16:27:22 | 000,385,608 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\pexlang.dll MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2011/12/14 05:48:12 | 001,093,646 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avcodec-53.dll MOD - [2011/12/14 05:48:12 | 000,184,846 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avformat-53.dll MOD - [2011/12/14 05:48:12 | 000,117,262 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avutil-51.dll MOD - [2011/01/25 23:31:58 | 000,064,000 | ---- | M] () -- C:\Windows\tpmon.exe MOD - [2010/07/05 12:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll MOD - [2010/05/07 16:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2009/03/27 13:55:04 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll MOD - [2008/11/01 16:42:38 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll MOD - [2008/10/30 15:44:36 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater0407.dll MOD - [2008/10/16 19:01:24 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll MOD - [2007/06/26 20:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll MOD - [2006/08/12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/01/13 15:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011/01/11 22:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV:64bit: - [2011/01/11 22:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/09 21:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/10/26 23:51:00 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/09 10:14:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/26 18:59:14 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files (x86)\CrashPlan\CrashPlanService.exe -- (CrashPlanService) SRV - [2011/06/11 15:16:09 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2010/12/21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/06/01 08:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/10 14:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/08/25 21:09:20 | 000,390,704 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/08/23 05:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/14 03:09:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011/01/14 03:08:42 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011/01/14 03:08:42 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011/01/14 03:08:42 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011/01/14 03:08:40 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/12/25 01:32:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/12/03 06:55:32 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/12/03 06:55:32 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/10 01:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/07/29 02:23:08 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/02/22 10:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009/12/07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV - [2011/05/18 07:47:24 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/07/24 11:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {29E0E192-47BF-401A-B1A5-DA81463E96C6} IE - HKCU\..\SearchScopes\{29E0E192-47BF-401A-B1A5-DA81463E96C6}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:5.4 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.0.100015 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:51:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 23:50:59 | 000,000,000 | ---D | M] [2011/06/26 22:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\siesil\AppData\Roaming\mozilla\Extensions [2012/10/24 11:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\siesil\AppData\Roaming\mozilla\Firefox\Profiles\uz8n64k8.default\extensions [2012/10/21 20:49:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\siesil\AppData\Roaming\mozilla\Firefox\Profiles\uz8n64k8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012/10/04 00:16:56 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\siesil\AppData\Roaming\mozilla\Firefox\Profiles\uz8n64k8.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012/06/21 18:54:06 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\siesil\AppData\Roaming\mozilla\Firefox\Profiles\uz8n64k8.default\extensions\support@lastpass.com [2012/08/23 22:59:25 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\siesil\AppData\Roaming\mozilla\Firefox\Profiles\uz8n64k8.default\extensions\toolbar@ask.com [2012/10/26 23:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/26 23:51:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/28 05:32:48 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2012/02/19 14:54:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/19 00:09:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/19 14:54:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/02/19 14:54:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/19 14:54:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/19 14:54:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKCU..\Run: [EPSON3FDB26 (Epson Stylus Photo PX830)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHOE.EXE /FU "C:\Users\siesil\AppData\Local\Temp\E_SDE1F.tmp" /EF "HKCU" File not found O4 - Startup: C:\Users\siesil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Ausfüllformulare - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Ausfüllformulare - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.153.32.129 213.153.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{043044CD-6A6C-4176-96E1-76963DD6E5BF}: DhcpNameServer = 213.153.32.129 213.153.32.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{00851e1e-937e-11e0-9cf5-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{00851e1e-937e-11e0-9cf5-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{00851e2b-937e-11e0-9cf5-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{00851e2b-937e-11e0-9cf5-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{39b27c60-0d71-11e2-abd7-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{39b27c60-0d71-11e2-abd7-b4749fb8daab}\Shell\AutoRun\command - "" = D:\Setup.exe O33 - MountPoints2\{4599a572-e069-11e0-b4e7-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{4599a572-e069-11e0-b4e7-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{6cdee119-903f-11e0-8a1b-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{6cdee119-903f-11e0-8a1b-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{6cdee2a7-903f-11e0-8a1b-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{6cdee2a7-903f-11e0-8a1b-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{6cdee2b2-903f-11e0-8a1b-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{6cdee2b2-903f-11e0-8a1b-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{6cdee2ef-903f-11e0-8a1b-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{6cdee2ef-903f-11e0-8a1b-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{a323197c-9810-11e0-9418-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{a323197c-9810-11e0-9418-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{a323198c-9810-11e0-9418-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{a323198c-9810-11e0-9418-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{a32319aa-9810-11e0-9418-b4749fb8daab}\Shell - "" = AutoRun O33 - MountPoints2\{a32319aa-9810-11e0-9418-b4749fb8daab}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/27 17:54:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\siesil\Desktop\OTL (1).exe [2012/10/26 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/26 19:24:45 | 000,000,000 | ---D | C] -- C:\Users\siesil\AppData\Local\AviraSpeedup [2012/10/24 15:02:31 | 000,000,000 | ---D | C] -- C:\Users\siesil\Desktop\Ärztekammer [2012/10/03 22:23:35 | 000,000,000 | ---D | C] -- C:\Users\siesil\AppData\Roaming\Fujitsu [2012/10/03 21:30:33 | 000,000,000 | ---D | C] -- C:\Users\siesil\AppData\Roaming\PFU [2012/10/03 21:29:42 | 000,351,744 | ---- | C] (PFU Limited) -- C:\windows\SysNative\s300u-x64.dll [2012/10/03 21:29:41 | 002,873,856 | ---- | C] (PFU Limited) -- C:\windows\SysNative\ijl5s300-x64.dll [2012/10/03 21:29:41 | 000,695,296 | ---- | C] (PFU Limited) -- C:\windows\SysNative\ippi5s300-x64.dll [2012/10/03 21:29:41 | 000,033,280 | ---- | C] (PFU) -- C:\windows\SysNative\fjmcusb-x64.dll [2012/10/03 21:29:41 | 000,033,280 | ---- | C] (PFU) -- C:\windows\SysNative\fj52usb-x64.dll [2012/10/03 21:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager [2012/10/03 21:29:25 | 000,000,000 | ---D | C] -- C:\windows\SSDriver [2012/10/03 21:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PFU [2012/10/03 21:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFU ========== Files - Modified Within 30 Days ========== [2012/10/27 18:25:57 | 000,000,000 | ---- | M] () -- C:\Users\siesil\defogger_reenable [2012/10/27 17:54:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\siesil\Desktop\OTL (1).exe [2012/10/27 17:50:56 | 000,014,160 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/27 17:50:56 | 000,014,160 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/27 17:34:45 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/10/27 17:34:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/10/26 21:26:40 | 001,506,730 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/10/26 21:26:40 | 000,657,342 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/10/26 21:26:40 | 000,619,184 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/10/26 21:26:40 | 000,131,122 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/10/26 21:26:40 | 000,107,504 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/10/26 19:32:10 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012/10/26 19:32:09 | 000,000,310 | ---- | M] () -- C:\windows\tasks\Otwztcadx.job [2012/10/26 19:32:03 | 4205,469,696 | -HS- | M] () -- C:\hiberfil.sys [2012/10/24 12:45:30 | 000,086,016 | RHS- | M] () -- C:\windows\SysWow64\dtshp.dll [2012/10/09 17:56:00 | 000,481,586 | ---- | M] () -- C:\Users\siesil\Desktop\Lageplan_Gartenhaus_2012_10_09.jpg [2012/10/07 23:52:35 | 000,001,304 | ---- | M] () -- C:\Users\siesil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012/10/03 22:33:36 | 000,484,740 | ---- | M] () -- C:\Users\siesil\Documents\2012_10_03_Schreder_Angebot.pdf [2012/10/03 22:33:36 | 000,484,740 | ---- | M] () -- C:\Users\siesil\Desktop\2012_10_03_Schreder_Angebot.pdf [2012/10/03 22:32:52 | 000,001,228 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk ========== Files Created - No Company Name ========== [2012/10/27 18:25:57 | 000,000,000 | ---- | C] () -- C:\Users\siesil\defogger_reenable [2012/10/24 12:45:30 | 000,086,016 | RHS- | C] () -- C:\windows\SysWow64\dtshp.dll [2012/10/24 12:45:30 | 000,000,310 | ---- | C] () -- C:\windows\tasks\Otwztcadx.job [2012/10/09 17:56:00 | 000,481,586 | ---- | C] () -- C:\Users\siesil\Desktop\Lageplan_Gartenhaus_2012_10_09.jpg [2012/10/03 22:37:21 | 000,484,740 | ---- | C] () -- C:\Users\siesil\Desktop\2012_10_03_Schreder_Angebot.pdf [2012/10/03 22:34:38 | 000,484,740 | ---- | C] () -- C:\Users\siesil\Documents\2012_10_03_Schreder_Angebot.pdf [2012/10/03 21:29:43 | 000,000,161 | ---- | C] () -- C:\windows\DISPARAM.INI [2012/10/03 21:29:26 | 000,001,228 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2012/02/05 18:47:45 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat [2012/01/10 14:27:24 | 000,963,884 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012/01/10 14:27:24 | 000,221,264 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012/01/10 14:16:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/01/10 13:29:52 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012/01/08 15:25:51 | 001,527,912 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/06/01 21:42:47 | 000,000,008 | RH-- | C] () -- C:\Users\siesil\hwid [2011/06/01 20:12:15 | 000,142,704 | ---- | C] () -- C:\windows\wiainst64.exe [2011/06/01 20:11:59 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe [2011/06/01 20:11:54 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe [2011/02/26 22:40:42 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/02/26 03:28:01 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011/02/26 02:17:05 | 000,001,869 | ---- | C] () -- C:\windows\HotFixList.ini [2011/02/26 02:07:28 | 000,064,000 | ---- | C] () -- C:\windows\tpmon.exe ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/05/01 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\CrashPlan [2012/04/01 12:30:31 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\EPSON [2012/10/03 22:23:35 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\Fujitsu [2011/06/16 00:06:21 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\mquadr.at [2012/10/03 22:33:37 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\PFU [2012/06/20 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\PhraseExpress [2011/06/01 20:11:48 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\Samsung [2011/06/01 20:14:38 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\Synaptics [2011/10/20 22:16:02 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\TIPP10 [2012/08/19 14:40:02 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\Titanium [2012/10/12 00:18:10 | 000,000,000 | ---D | M] -- C:\Users\siesil\AppData\Roaming\Verbindungsassistent ========== Purity Check ========== < End of report > OTL Extras logfile created on: 10/27/2012 6:28:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\siesil\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.92 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 65.45% Memory free 7.83 Gb Paging File | 6.25 Gb Available in Paging File | 79.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97.90 Gb Total Space | 41.89 Gb Free Space | 42.79% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: siesil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromiumHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035E1A2F-3DBC-4E37-9510-12AEE26D22E2}" = lport=2869 | protocol=6 | dir=in | app=system | "{29611CBB-5582-40D0-89E9-657D685E575D}" = rport=138 | protocol=17 | dir=out | app=system | "{2BF679D3-15AF-48CD-B6F1-8EDC131E4620}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{34B637DE-7288-4CC8-8F44-BF5673B95F29}" = lport=139 | protocol=6 | dir=in | app=system | "{3AB25518-8DF4-4538-9806-71C2A147242C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{3E475433-288D-4170-AEE6-143AFAE7E1EA}" = rport=10243 | protocol=6 | dir=out | app=system | "{3EEF852B-FA14-4CBD-8B41-9F9B5F8BE226}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{40636076-E26A-47FF-ADBF-71F1431E3FEF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{4A429CDD-3ED5-4AEA-BEE2-AFD4F10BC7E0}" = lport=137 | protocol=17 | dir=in | app=system | "{4BEFF0D5-7D28-4E46-A2AA-33977332BDAB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4DB9B9D6-0448-4732-9A25-C8A716A43683}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5A4F7FBA-40BB-407B-B988-93E18602D57F}" = rport=137 | protocol=17 | dir=out | app=system | "{5FC8695B-6757-4E9C-9AAC-A855E0B4A634}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{62E7B469-655D-4359-ADFC-142F59C408E6}" = lport=138 | protocol=17 | dir=in | app=system | "{64B45D95-E88B-4C52-8B98-557DA8645597}" = lport=10243 | protocol=6 | dir=in | app=system | "{66262BA4-3D2C-4157-BBD1-B115EA7EF2BB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{74184536-7BFD-4E22-894E-FB1694AC2D8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7827D380-87D6-4476-AABB-3FE7692E6E33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{954188D6-92FC-49F4-9662-7451E6802D74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{96E80D84-C5C1-405B-8914-8C89E52DA5BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{971C96E1-6F27-4193-9815-518C2A97E91D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{98008D8B-DC19-44A2-80AE-5124577D0494}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9F449472-C988-43DA-832C-9F75A95CC18A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A36CC013-B9F0-44D7-8FAE-BCB28287E215}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A3BCBA27-2B6F-40E8-B167-694C5761B03A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AA476134-C467-4BF3-839C-3E38A61549DC}" = lport=445 | protocol=6 | dir=in | app=system | "{ABCCE3AF-D593-46D8-BA20-5BCC9AAD5729}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ACE47BA4-BC3F-4306-8758-3EBBE5A10217}" = rport=139 | protocol=6 | dir=out | app=system | "{C13A8AE9-5A16-4EC0-8ED6-212D8806E4FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CDD8560A-9761-4399-9AA9-BCBDB0D73DCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D74E7E9B-E0FB-498E-B68B-1B7076B96EFD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DF685F80-9AA0-47F5-8AC6-C8DCF8E874D1}" = rport=445 | protocol=6 | dir=out | app=system | "{E25BD2AD-E42D-4D09-B37F-3DFA3F6AC16B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EA6B0680-694B-4245-80E4-3E53F12D6675}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FA4D3CE6-3798-4904-AA50-2ED4F1B4F81D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FD55A00D-4F62-4F79-A49E-67EA74CFBDF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00129690-BF9F-4E72-AB7E-FAC573E34550}" = protocol=6 | dir=in | app=c:\program files (x86)\crashplan\crashplanservice.exe | "{004F521C-47B8-40FB-9592-E6349047CE20}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | "{0C7A5818-7323-400A-8977-7B31032C0820}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0F364160-177B-4865-85BE-CBB04850E06D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{1187411C-3200-4C37-B5FB-E88B2B608497}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1392F678-A23F-467E-B8AA-8799568E6438}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{185C691D-442D-4828-8233-77D8BB139EF4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1FDA53F3-79DA-466B-8E68-B087BBDC4A96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2D339DA3-95B6-45B3-A7E5-8DEF4BE6C555}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{39A8ECFB-61F7-4BCC-B40C-FEB879587910}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe | "{46222738-8BEF-483E-A084-E7C5ED86B197}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4669DFBD-2BDC-4A13-867A-F1E25220DE8D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{4F5D5688-8215-4171-B9CF-8094DB603D11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{520F088D-D637-4A72-BA3D-5BEE5287E8A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5D7518D2-00D7-4FFC-8971-271E6943748A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5D7B4327-E1F5-4C7D-9746-7F8215C8DF77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7396433D-3FFE-4190-8251-5FE1ECAE70AD}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{894256CD-B603-42F6-B50A-F79BB55B4F0F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{979A5B5A-1AB8-4D19-B5F2-54D41170BD56}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | "{9DED1F90-A85B-4582-A0A3-2A9A93067C81}" = protocol=17 | dir=in | app=c:\program files (x86)\crashplan\crashplanservice.exe | "{A148B3A5-33F5-43C9-85D7-7F7E44C1CD2B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A5FE2B54-B585-48F4-87BE-14F97E4E2D09}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | "{AE667560-0D45-4C41-8D4B-159C2B127EA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B5A5B6B0-0330-4EAA-B265-8B49D7B4D74F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B7D6BDFC-C7B2-4DAE-A245-4F4EDD4085F3}" = protocol=6 | dir=out | app=system | "{BC4F6657-021A-4262-AA64-ED8EA16F529B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD92BF3B-C19F-4220-A98E-3998EAD2C404}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C7C5FF0A-9750-48C6-925C-03281F9F50F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CD350439-C9B5-405E-AF7D-86A7410CEC98}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe | "{D55C043D-98F8-4F02-9B5A-9020AA47A117}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DDC04172-BDF8-4C9C-82DB-F844138B3FA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E7584B54-13A4-475D-814A-9FE22D0B83CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{F2EC6C38-63AE-416C-914A-9802F5248041}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F3A92120-084F-4A72-8321-5F556798F600}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FB25EB3E-65BA-4554-BA42-7246188E78CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FEFD3D6E-2EB5-49B8-BB5F-13218B8BA00D}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources "{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Premium Sound Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "EPSON PX830 Series" = EPSON PX830 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包 "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger "{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지 "{082E37F5-3924-4168-A69A-1B6B1FEA587C}" = Messenger Companion "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}" = WordCaptureX Pro "{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5 "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{16AB7F63-F540-4437-B450-6A6143CC1DC7}" = ScanSnap "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“ "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 30 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“ "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2B53190C-E53E-4736-9E13-395741415991}" = Network Recording Player "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer "{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print "{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack "{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}" = PhoneShare "{3FD1CB9F-807F-451B-926C-9D19C84CFC61}" = Messenger Suradnik "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta "{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일 "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“ "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack "{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}" = Messenger Assistent "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6C016AC4-0282-4C82-B12F-3D5910DA7319}" = Samsung AnyWeb Print "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources "{6DD3B54B-F0D0-4A69-8344-F52033225A02}" = Messenger Companion "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库 "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E274911-32ED-4489-9B04-4EF100D0E4D3}" = „Messenger“ pagalbinė priemonė "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件 "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger "{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer "{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{902585EB-8FA3-43A5-AD1C-5C9821A77114}" = Messenger Pratilac "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0186422-9203-41A3-A419-75F1B0B01A82}" = CrashPlan "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A94F46D5-2BDA-4096-A7E7-C49F0528CAD7}" = WebEx Event-Manager für Firefox oder Chrome "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB067785-9646-456B-91C3-E71228132A4C}" = Messenger 사이트 공유 "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh "{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration "{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Telekom Austria Connectionmanager "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer "{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion "{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 16.0.950.0 "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件 "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4F81B27-4054-4AD6-A588-265508BAA17C}" = Messenger Companion "{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger "{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리 "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D58E381C-DE02-46A9-B9D1-A2CB807D2676}" = Messenger Companion "{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}" = Messenger-kumppani "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8 "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F14F9EE9-9B68-42B4-90F7-0924F7619281}" = Spremljevalec Messenger "{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}" = Messenger kísérő "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0 "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}" = Помощник на Messenger "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "EPSON Scanner" = EPSON Scan "Google Calendar Sync" = Google Calendar Sync "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Business 2010 "PhraseExpress_is1" = PhraseExpress v8.0.152 "Picasa 3" = Picasa 3 "Samsung Universal Print Driver" = Samsung Universal Print Driver "Samsung Universal Scan Driver" = Samsung Universal Scan Driver "Telekom Austria Connectionmanager" = Telekom Austria Connectionmanager "TIPP10_is1" = TIPP10 Version 2.1.0 "Verbindungsassistent" = Verbindungsassistent "WinLiveSuite" = Windows Live 程式集 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "LastPass" = LastPass (uninstall only) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/13/2012 6:19:09 PM | Computer Name = samsung | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 6/14/2012 4:41:02 PM | Computer Name = samsung | Source = RasClient | ID = 20227 Description = Error - 6/14/2012 4:44:10 PM | Computer Name = samsung | Source = RasClient | ID = 20227 Description = Error - 7/5/2012 12:00:13 PM | Computer Name = samsung | Source = System Restore | ID = 8193 Description = Error - 7/6/2012 3:51:46 PM | Computer Name = samsung | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Updater.exe, Version: 80.0.18261.0, Zeitstempel: 0x4e693980 Name des fehlerhaften Moduls: Updater.exe, Version: 80.0.18261.0, Zeitstempel: 0x4e693980 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000449b2 ID des fehlerhaften Prozesses: 0xc18 Startzeit der fehlerhaften Anwendung: 0x01cd5b6faa4c60fb Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Ask.com\Updater\Updater.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Ask.com\Updater\Updater.exe Berichtskennung: 04317e87-c7a4-11e1-a7b7-b4749fb8daab Error - 7/11/2012 6:31:26 AM | Computer Name = samsung | Source = VSS | ID = 12289 Description = Error - 7/11/2012 6:31:26 AM | Computer Name = samsung | Source = System Restore | ID = 8193 Description = Error - 7/14/2012 5:37:04 PM | Computer Name = samsung | Source = Application Hang | ID = 1002 Description = Programm iron.exe, Version 16.0.950.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d4c Startzeit: 01cd6206d12ff102 Endzeit: 13 Anwendungspfad: C:\Program Files (x86)\SRWare Iron\iron.exe Berichts-ID: 07fa2822-cdfc-11e1-aac7-b4749fb8daab Error - 7/17/2012 4:45:18 PM | Computer Name = samsung | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6117.5001, Zeitstempel: 0x4f3e2d20 Name des fehlerhaften Moduls: OUTLOOK.EXE, Version: 14.0.6117.5001, Zeitstempel: 0x4f3e2d20 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00036804 ID des fehlerhaften Prozesses: 0x1988 Startzeit der fehlerhaften Anwendung: 0x01cd64547088cb98 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichtskennung: 50d5862a-d050-11e1-a11e-b4749fb8daab Error - 7/31/2012 9:17:45 AM | Computer Name = samsung | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ConnectionmanagerTA.exe, Version: 1.13.0.0, Zeitstempel: 0x4d5a8b35 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038dc9 ID des fehlerhaften Prozesses: 0xa38 Startzeit der fehlerhaften Anwendung: 0x01cd6e5398f0983d Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\A1 Telekom Austria\Connectionmanager\ConnectionmanagerTA.exe Pfad des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll Berichtskennung: 1cffd619-db12-11e1-a19b-b4749fb8daab [ System Events ] Error - 6/25/2012 1:00:28 PM | Computer Name = samsung | Source = DCOM | ID = 10016 Description = Error - 7/2/2012 12:15:00 PM | Computer Name = samsung | Source = DCOM | ID = 10016 Description = Error - 7/2/2012 12:30:23 PM | Computer Name = samsung | Source = DCOM | ID = 10010 Description = Error - 7/2/2012 12:31:48 PM | Computer Name = samsung | Source = DCOM | ID = 10016 Description = Error - 7/4/2012 5:37:06 PM | Computer Name = samsung | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MpsSvc erreicht. Error - 7/5/2012 12:00:12 PM | Computer Name = samsung | Source = DCOM | ID = 10010 Description = Error - 7/5/2012 6:44:31 PM | Computer Name = samsung | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error - 7/6/2012 8:06:33 AM | Computer Name = samsung | Source = DCOM | ID = 10016 Description = Error - 7/10/2012 11:40:13 PM | Computer Name = samsung | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error - 7/11/2012 6:31:23 AM | Computer Name = samsung | Source = volsnap | ID = 393283 Description = Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden. < End of report > |
|
27.10.2012, 22:47
| #2 | |||||
| /// Helfer-Team    | Problem mitTrojaner? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Hilfeleistung - geplante Vorgehensweise:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [EPSON3FDB26 (Epson Stylus Photo PX830)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHOE.EXE /FU "C:\Users\siesil\AppData\Local\Temp\E_SDE1F.tmp" /EF "HKCU" File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{00851e1e-937e-11e0-9cf5-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{00851e1e-937e-11e0-9cf5-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{00851e2b-937e-11e0-9cf5-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{00851e2b-937e-11e0-9cf5-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{39b27c60-0d71-11e2-abd7-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{39b27c60-0d71-11e2-abd7-b4749fb8daab}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{4599a572-e069-11e0-b4e7-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{4599a572-e069-11e0-b4e7-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6cdee119-903f-11e0-8a1b-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{6cdee119-903f-11e0-8a1b-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6cdee2a7-903f-11e0-8a1b-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{6cdee2a7-903f-11e0-8a1b-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6cdee2b2-903f-11e0-8a1b-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{6cdee2b2-903f-11e0-8a1b-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6cdee2ef-903f-11e0-8a1b-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{6cdee2ef-903f-11e0-8a1b-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a323197c-9810-11e0-9418-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{a323197c-9810-11e0-9418-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a323198c-9810-11e0-9418-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{a323198c-9810-11e0-9418-b4749fb8daab}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a32319aa-9810-11e0-9418-b4749fb8daab}\Shell - "" = AutoRun
O33 - MountPoints2\{a32319aa-9810-11e0-9418-b4749fb8daab}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Zitat:
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
4. erneut einen Scan mit OTL:
Zitat:
Nur bei Probleme inzwischen melden! ** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
| Themen zu Problem mitTrojaner? |
| avira, avira searchfree toolbar, bho, document, error, excel, fehler, firefox, flash player, google, helper, home, install.exe, logfile, mozilla, ntdll.dll, object, plug-in, problem, realtek, registry, security, software, svchost.exe, symantec, trojaner, trojaner?, usb, usb 3.0, werbesites, windows |
.
Linear-Darstellung
