| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: search plus site in Google Chrome und PUP.Blabber entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.02.2013, 09:19
| #1 |
| |  search plus site in Google Chrome und PUP.Blabber entfernen Liebe Admins/Helfer, auf meinem Rechner hat sich bei Google Chrome die Startseite search plus installiert und ist nicht mehr zu löschen. Ich habe mir das Programm Malwarebytes installiert und einen Quick scan durchgeführt. Das Ergebnis ist im nachfolgenden log-file zu sehen. Ich habe bislang nichts gelöscht nach dem Scan. Des Weiteren ergab der plugin-check, daß alle Dinge aktuell sind (Chrome, Adobe und Java). Bitte helfen Sie mir, diese Malware loszuwerden. Vielen Dank im Voraus für die Hilfe. Gruß, Martina Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.19.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Martina Ortlepp :: MEINSAMSUNG [Administrator] Schutz: Aktiviert 19.02.2013 09:44:19 MBAM-log-2013-02-19 (10-16-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 231773 Laufzeit: 4 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
19.02.2013, 09:35
| #2 |
| /// TB-Ausbilder   | search plus site in Google Chrome und PUP.Blabber entfernen Hallo Martina und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Lass Malwarebytes noch einmal genau so laufen wie zuvor, aber markiere dieses Mal am Schluss die Funde und drücke auf Entferne Auswahl. Danach: Schritt 1 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 2 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 3 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
19.02.2013, 11:22
| #3 |
| | search plus site in Google Chrome und PUP.Blabber entfernen GMER Logfile:
__________________Code:
ATTFilter GMER 2.1.18952 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-19 12:10:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: qcmdix4l.exe; Driver: C:\Users\MARTIN~1\AppData\Local\Temp\kwrdrpog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88005745d64 12 bytes {MOV RAX, 0xfffffa800955d2a0; JMP RAX}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Windows\SysWOW64\RunDll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007735f991 7 bytes {MOV EDX, 0x329a28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007735fbd5 7 bytes {MOV EDX, 0x329a68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007735fc05 7 bytes {MOV EDX, 0x3299a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007735fc1d 7 bytes {MOV EDX, 0x329928; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007735fc35 7 bytes {MOV EDX, 0x329b28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007735fc65 7 bytes {MOV EDX, 0x329b68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007735fce5 7 bytes {MOV EDX, 0x329ae8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007735fcfd 7 bytes {MOV EDX, 0x329aa8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007735fd49 7 bytes {MOV EDX, 0x329868; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007735fe41 7 bytes {MOV EDX, 0x3298a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077360099 7 bytes {MOV EDX, 0x329828; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773610a5 7 bytes {MOV EDX, 0x3299e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007736111d 7 bytes {MOV EDX, 0x329968; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077361321 7 bytes {MOV EDX, 0x3298e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007735f991 7 bytes {MOV EDX, 0xea3a28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007735fbd5 7 bytes {MOV EDX, 0xea3a68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007735fc05 7 bytes {MOV EDX, 0xea39a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007735fc1d 7 bytes {MOV EDX, 0xea3928; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007735fc35 7 bytes {MOV EDX, 0xea3b28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007735fc65 7 bytes {MOV EDX, 0xea3b68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007735fce5 7 bytes {MOV EDX, 0xea3ae8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007735fcfd 7 bytes {MOV EDX, 0xea3aa8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007735fd49 7 bytes {MOV EDX, 0xea3868; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007735fe41 7 bytes {MOV EDX, 0xea38a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077360099 7 bytes {MOV EDX, 0xea3828; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773610a5 7 bytes {MOV EDX, 0xea39e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007736111d 7 bytes {MOV EDX, 0xea3968; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077361321 7 bytes {MOV EDX, 0xea38e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007735f991 7 bytes {MOV EDX, 0x2bba28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007735fbd5 7 bytes {MOV EDX, 0x2bba68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007735fc05 7 bytes {MOV EDX, 0x2bb9a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007735fc1d 7 bytes {MOV EDX, 0x2bb928; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007735fc35 7 bytes {MOV EDX, 0x2bbb28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007735fc65 7 bytes {MOV EDX, 0x2bbb68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007735fce5 7 bytes {MOV EDX, 0x2bbae8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007735fcfd 7 bytes {MOV EDX, 0x2bbaa8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007735fd49 7 bytes {MOV EDX, 0x2bb868; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007735fe41 7 bytes {MOV EDX, 0x2bb8a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077360099 7 bytes {MOV EDX, 0x2bb828; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773610a5 7 bytes {MOV EDX, 0x2bb9e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007736111d 7 bytes {MOV EDX, 0x2bb968; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077361321 7 bytes {MOV EDX, 0x2bb8e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007735f991 7 bytes {MOV EDX, 0x907628; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007735fbd5 7 bytes {MOV EDX, 0x907668; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007735fc05 7 bytes {MOV EDX, 0x9075a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007735fc1d 7 bytes {MOV EDX, 0x907528; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007735fc35 7 bytes {MOV EDX, 0x907728; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007735fc65 7 bytes {MOV EDX, 0x907768; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007735fce5 7 bytes {MOV EDX, 0x9076e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007735fcfd 7 bytes {MOV EDX, 0x9076a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007735fd49 7 bytes {MOV EDX, 0x907468; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007735fe41 7 bytes {MOV EDX, 0x9074a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077360099 7 bytes {MOV EDX, 0x907428; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773610a5 7 bytes {MOV EDX, 0x9075e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007736111d 7 bytes {MOV EDX, 0x907568; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077361321 7 bytes {MOV EDX, 0x9074e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2668] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074b987b1 5 bytes JMP 00000001654f856d
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2668] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076596143 5 bytes JMP 0000000165a2fa9a
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2668] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075cc3e59 5 bytes JMP 00000001655297d1
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2668] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075cc3eae 5 bytes JMP 0000000165537641
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2668] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075cc4731 5 bytes JMP 00000001655365d9
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2668] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075cc5dee 5 bytes JMP 000000016555da4f
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2668] entry point in ".rdata" section 00000000722b71e6
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007735f991 7 bytes {MOV EDX, 0xd8a28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007735fbd5 7 bytes {MOV EDX, 0xd8a68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007735fc05 7 bytes {MOV EDX, 0xd89a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007735fc1d 7 bytes {MOV EDX, 0xd8928; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007735fc35 7 bytes {MOV EDX, 0xd8b28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007735fc65 7 bytes {MOV EDX, 0xd8b68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007735fce5 7 bytes {MOV EDX, 0xd8ae8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007735fcfd 7 bytes {MOV EDX, 0xd8aa8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007735fd49 7 bytes {MOV EDX, 0xd8868; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007735fe41 7 bytes {MOV EDX, 0xd88a8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077360099 7 bytes {MOV EDX, 0xd8828; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773610a5 7 bytes {MOV EDX, 0xd89e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007736111d 7 bytes {MOV EDX, 0xd8968; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077361321 7 bytes {MOV EDX, 0xd88e8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007735f991 7 bytes {MOV EDX, 0x4b9e28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007735fbd5 7 bytes {MOV EDX, 0x4b9e68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007735fc05 7 bytes {MOV EDX, 0x4b9da8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007735fc1d 7 bytes {MOV EDX, 0x4b9d28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007735fc35 7 bytes {MOV EDX, 0x4b9f28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007735fc65 7 bytes {MOV EDX, 0x4b9f68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007735fce5 7 bytes {MOV EDX, 0x4b9ee8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007735fcfd 7 bytes {MOV EDX, 0x4b9ea8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007735fd49 7 bytes {MOV EDX, 0x4b9c68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007735fe41 7 bytes {MOV EDX, 0x4b9ca8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077360099 7 bytes {MOV EDX, 0x4b9c28; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773610a5 7 bytes {MOV EDX, 0x4b9de8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007736111d 7 bytes {MOV EDX, 0x4b9d68; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077361321 7 bytes {MOV EDX, 0x4b9ce8; JMP RDX}
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a71465 2 bytes [A7, 76]
.text C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\chrome.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a714bb 2 bytes [A7, 76]
.text ... * 2
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs fffffa80064642c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{31BE1974-CC2D-45FF-8A54-56753E07A11F} fffffa8006b562c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa800955b2c0
Device \Driver\cdrom \Device\CdRom0 fffffa80086f82c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{52E510B6-93FD-4B0D-90A2-2D023E2E8526} fffffa8006b562c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{A911EB95-6D5D-464E-841C-98A68B73A64F} fffffa8006b562c0
Device \Driver\usbehci \Device\USBFDO-0 fffffa800955b2c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa800955b2c0
Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80057092c0
Device \Driver\volmgr \Device\FtControl fffffa80057092c0
Device \Driver\volmgr \Device\VolMgrControl fffffa80057092c0
Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80057092c0
Device \Driver\volmgr \Device\HarddiskVolume3 fffffa80057092c0
Device \Driver\volmgr \Device\HarddiskVolume4 fffffa80057092c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{4EF16EA6-1494-4F8E-97BD-410CEE837ABD} fffffa8006b562c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006b562c0
Device \Driver\usbehci \Device\USBPDO-0 fffffa800955b2c0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1f89c86
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df56bc03
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1f89c86 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df56bc03 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 19/02/2013 um 12:24:39 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Martina Ortlepp - MEINSAMSUNG
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martina Ortlepp\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Martina Ortlepp\AppData\Roaming\Mozilla\Firefox\Profiles\kfomdhbo.default\searchplugins\Plusnetwork.xml
Ordner Gelöscht : C:\Program Files (x86)\GinyasBrowserCompanion
Ordner Gelöscht : C:\Users\Martina Ortlepp\AppData\Roaming\GinyasBrowserCompanion
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=st3 --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Martina Ortlepp\AppData\Roaming\Mozilla\Firefox\Profiles\kfomdhbo.default\prefs.js
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchplusnetwork.com/?sp=st3");
Gelöscht : user_pref("browser.search.selectedEngine", "Plus! Network");
Gelöscht : user_pref("keyword.URL", hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms});
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.12] : homepage = "hxxp://www.searchplusnetwork.com/?sp=st3",
Gelöscht [l.16] : urls_to_restore_on_startup = [ "hxxp://www.searchplusnetwork.com/?sp=st3" ]
Gelöscht [l.66] : keyword = "searchplusnetwork",
Gelöscht [l.69] : search_url = "hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}",
Gelöscht [l.1676] : homepage = "hxxp://www.searchplusnetwork.com/?sp=st3",
Gelöscht [l.2086] : urls_to_restore_on_startup = [ "hxxp://www.searchplusnetwork.com/?sp=st3" ]
*************************
AdwCleaner[S1].txt - [2548 octets] - [19/02/2013 12:24:39]
########## EOF - C:\AdwCleaner[S1].txt - [2608 octets] ##########
OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/19/2013 12:36:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martina Ortlepp\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5.80 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 59.60% Memory free
11.60 Gb Paging File | 9.13 Gb Available in Paging File | 78.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 211.00 Gb Total Space | 146.51 Gb Free Space | 69.44% Space Free | Partition Type: NTFS
Drive D: | 232.53 Gb Total Space | 211.94 Gb Free Space | 91.15% Space Free | Partition Type: NTFS
Computer Name: MEINSAMSUNG | User Name: Martina Ortlepp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{180AC31A-2DAC-4024-9E8A-349629D96299}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1F67DB09-C487-4A87-8EA7-DA55B58D9BD4}" = lport=138 | protocol=17 | dir=in | app=system |
"{7EE91E7B-468C-4792-A0B3-92E24E768C61}" = lport=445 | protocol=6 | dir=in | app=system |
"{971FE559-6112-4D50-8959-1A1395514EDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9B243828-3EBD-4C0E-B797-FB9298BE028F}" = lport=137 | protocol=17 | dir=in | app=system |
"{ADAC48EC-1CFF-42F4-9168-31F11B715C9C}" = rport=445 | protocol=6 | dir=out | app=system |
"{AFBF7850-04F3-461C-8930-E6695AD55A9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BE2361A0-033C-441F-9EA6-1A7864703582}" = rport=138 | protocol=17 | dir=out | app=system |
"{C99E3A02-F7A2-4B71-9243-753A4EE6A709}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF855658-07B6-43FE-A97C-5DA2AF13A05B}" = rport=139 | protocol=6 | dir=out | app=system |
"{DAC156A2-5113-4029-A15B-25C4C2F0BC79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E17B2081-83B3-4A64-9F7F-CC0846D055A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ED005B4D-A6FB-4810-B406-304F9BF04488}" = rport=137 | protocol=17 | dir=out | app=system |
"{EFDA7849-2905-4B2B-879A-5B7461DD4B17}" = lport=139 | protocol=6 | dir=in | app=system |
"{F9CA33B6-468E-43D9-A79B-6AE792508EC8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0101996C-17A0-4F1F-821F-22CAD2CF4853}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{06C82E2A-F714-487D-BF4A-0A8C57437449}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{19C43A5D-A5F8-46D7-8B36-3526E861A4E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1DA7CF1A-6357-471B-92B3-D510D0511ECE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2B3FE344-3076-422D-82BA-AED383697D08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5487366B-2482-45C9-A891-32B2205A94E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{59E05747-3AA7-4B90-8549-9CA30F3C1DB6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{650E7DF7-5715-41F2-B980-9ABBE18BB293}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{7449A508-E7F7-4E93-B103-829F4F146ED7}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{81513D17-C38E-4942-9398-E0B3011230EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{89BC3874-BF1A-4B21-A970-FD4DD114EF7E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{8AF334E5-9D34-4237-A15A-47D7AC74B986}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
"{8C6FE457-247E-4AC0-97B2-DA7A0669C182}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{97D8484D-AC6A-4A4D-9E46-B5EC12336C9F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9839B1FB-0912-4A72-8FDA-E88C8A5B7F3D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{9B6668D5-14F3-4648-BC67-794EBFB478C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9C17B6F1-FD8E-46D4-8E8E-4030057FAB74}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BB1B0630-44F3-43F2-9DD5-9127C7358C63}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E4EAB3D7-0DB1-4FD6-88A8-596C305FED1E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{F8A1B596-3A27-4318-8ACC-236A356FBA9A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{2998191E-A35E-47E2-BE38-7702C731D722}" = SRS Premium Sound Control Panel
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-X64 10.7.14.12_WHQL
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02C0A02E-AB30-446C-B4C3-A03310D95F53}" = Windows Live UX Platform Language Pack
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{082E37F5-3924-4168-A69A-1B6B1FEA587C}" = Messenger Companion
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A455897-C606-4958-AD34-6DF0430D184B}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1CFBB921-4E8F-47C1-81A0-1CB94454199E}" = Windows Live UX Platform Language Pack
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack
"{240DB1E2-EDFC-4489-9B00-286A61137EE8}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{269FAF4C-8237-49A4-8440-6560FF15B4B0}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2719ED2A-F6F5-4CA4-B248-A48FFE75DB84}" = Windows Live UX Platform Language Pack
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{2798CE54-AD9D-4704-B940-6C451973CBA4}" = Windows Live UX Platform Language Pack
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FD1CB9F-807F-451B-926C-9D19C84CFC61}" = Messenger Suradnik
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}" = Messenger Assistent
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CADEAC5-0A9C-4680-B850-6A9085ADD23B}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C016AC4-0282-4C82-B12F-3D5910DA7319}" = Samsung AnyWeb Print
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DD3B54B-F0D0-4A69-8344-F52033225A02}" = Messenger Companion
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E274911-32ED-4489-9B04-4EF100D0E4D3}" = „Messenger“ pagalbinė priemonė
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{902585EB-8FA3-43A5-AD1C-5C9821A77114}" = Messenger Pratilac
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FFC4C2D-374D-482B-AA58-67282CE23695}" = AquaSoft DiaShow 7 Premium
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5FA6184-09EC-4ABF-9172-CEF6A3FBD6B8}" = AquaSoft PhotoAlbum 3
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB067785-9646-456B-91C3-E71228132A4C}" = Messenger 사이트 공유
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B4FF212F-F56E-463D-95DC-449DA1480E27}" = Windows Live UX Platform Language Pack
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C011E1C5-86F7-4EEB-B7E6-0C367CED97B2}" = Windows Live UX Platform Language Pack
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4F81B27-4054-4AD6-A588-265508BAA17C}" = Messenger Companion
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D58E381C-DE02-46A9-B9D1-A2CB807D2676}" = Messenger Companion
"{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}" = Messenger-kumppani
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D8DAB025-C2CE-4821-8117-494E95ADA031}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E31F454E-4813-4C88-B0D3-4BB174993770}" = PhoneShare
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9618EB0-D09E-496B-A425-689271F5571B}" = Windows Live UX Platform Language Pack
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA257ECF-5F72-4461-B890-959394DCD087}" = BatteryLifeExtender
"{EA76E65F-6679-495A-A8A6-42AD6602ED4C}" = EasyFileShare
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14F9EE9-9B68-42B4-90F7-0924F7619281}" = Spremljevalec Messenger
"{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}" = Messenger kísérő
"{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FCF2085E-ABE5-4AA8-B07C-65BBD56DA243}" = Easy Network Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}" = Помощник на Messenger
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFF8D436-0A41-4BB0-8E9B-6256B07AF66B}" = Windows Live UX Platform Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AquaSoft DiaShow 7 Premium" = AquaSoft DiaShow 7 Premium
"AquaSoft PhotoAlbum 3" = AquaSoft PhotoAlbum 3
"EPSON Scanner" = EPSON Scan
"Game Console - WildGames" = WildTangent ORB Game Console
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIA.Updatus" = NVIDIA Updatus
"ODIR_is1" = ODIR
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Picasa 3" = Picasa 3
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2614301483-2537791305-717444225-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Media Center Events ]
Error - 9/15/2011 3:33:30 AM | Computer Name = MeinSamsung | Source = MCUpdate | ID = 0
Description = 09:33:28 - Fehler beim Herstellen der Internetverbindung. 09:33:29
- Serververbindung konnte nicht hergestellt werden..
Error - 10/16/2011 5:13:11 AM | Computer Name = MeinSamsung | Source = MCUpdate | ID = 0
Description = 11:13:11 - Fehler beim Herstellen der Internetverbindung. 11:13:11
- Serververbindung konnte nicht hergestellt werden..
Error - 10/16/2011 5:13:22 AM | Computer Name = MeinSamsung | Source = MCUpdate | ID = 0
Description = 11:13:17 - Fehler beim Herstellen der Internetverbindung. 11:13:17
- Serververbindung konnte nicht hergestellt werden..
Error - 5/1/2012 11:14:31 AM | Computer Name = MeinSamsung | Source = MCUpdate | ID = 0
Description = 17:14:31 - Fehler beim Herstellen der Internetverbindung. 17:14:31
- Serververbindung konnte nicht hergestellt werden..
Error - 5/1/2012 11:14:41 AM | Computer Name = MeinSamsung | Source = MCUpdate | ID = 0
Description = 17:14:36 - Fehler beim Herstellen der Internetverbindung. 17:14:36
- Serververbindung konnte nicht hergestellt werden..
Error - 1/2/2013 1:26:14 PM | Computer Name = MeinSamsung | Source = MCUpdate | ID = 0
Description = 18:26:13 - Fehler beim Herstellen der Internetverbindung. 18:26:14
- Serververbindung konnte nicht hergestellt werden..
Error - 1/2/2013 1:26:23 PM | Computer Name = MeinSamsung | Source = MCUpdate | ID = 0
Description = 18:26:19 - Fehler beim Herstellen der Internetverbindung. 18:26:19
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 2/18/2013 11:58:13 AM | Computer Name = MeinSamsung | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 2/18/2013 11:58:13 AM | Computer Name = MeinSamsung | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FsUsbExDisk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 2/18/2013 11:58:15 AM | Computer Name = MeinSamsung | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 2/18/2013 11:58:15 AM | Computer Name = MeinSamsung | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FsUsbExDisk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 2/18/2013 11:58:18 AM | Computer Name = MeinSamsung | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 2/18/2013 11:58:18 AM | Computer Name = MeinSamsung | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FsUsbExDisk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 2/18/2013 11:58:20 AM | Computer Name = MeinSamsung | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 2/18/2013 11:58:20 AM | Computer Name = MeinSamsung | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FsUsbExDisk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 2/18/2013 11:58:23 AM | Computer Name = MeinSamsung | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 2/18/2013 11:58:23 AM | Computer Name = MeinSamsung | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FsUsbExDisk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
< End of report >
|
|
19.02.2013, 11:48
| #4 |
| | search plus site in Google Chrome und PUP.Blabber entfernen OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/19/2013 12:36:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martina Ortlepp\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.80 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 59.60% Memory free 11.60 Gb Paging File | 9.13 Gb Available in Paging File | 78.70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 211.00 Gb Total Space | 146.51 Gb Free Space | 69.44% Space Free | Partition Type: NTFS Drive D: | 232.53 Gb Total Space | 211.94 Gb Free Space | 91.15% Space Free | Partition Type: NTFS Computer Name: MEINSAMSUNG | User Name: Martina Ortlepp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/19 12:35:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martina Ortlepp\Downloads\OTL.exe PRC - [2013/02/13 11:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013/02/13 11:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013/02/06 06:17:56 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2012/09/24 13:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2012/09/24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe PRC - [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe PRC - [2011/01/17 09:36:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/11/28 11:44:42 | 000,943,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/11/28 09:09:40 | 007,053,168 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe PRC - [2010/11/17 09:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2010/11/10 00:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2010/10/22 17:58:34 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010/09/20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe PRC - [2010/08/27 02:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010/08/19 09:22:36 | 000,775,336 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe PRC - [2010/07/01 21:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/07/01 21:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2013/02/13 10:39:47 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013/02/12 19:38:25 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll MOD - [2013/01/26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll MOD - [2013/01/26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll MOD - [2013/01/26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll MOD - [2013/01/26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll MOD - [2013/01/26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll MOD - [2013/01/10 18:17:42 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013/01/09 18:39:03 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013/01/09 18:38:50 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013/01/09 18:38:42 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013/01/09 18:38:42 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013/01/09 18:38:36 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013/01/09 18:38:36 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013/01/09 18:38:35 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013/01/09 18:38:33 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013/01/09 18:38:28 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf MOD - [2010/12/21 00:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/07/05 11:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/10/22 17:58:34 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2010/04/16 15:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/02/19 10:35:18 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/06 18:05:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012/09/24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2011/01/17 09:36:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/07/01 21:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/07/01 21:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012/06/27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2012/06/27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012/06/27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2012/06/27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2012/06/27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2012/06/27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2012/06/27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012/04/25 03:42:16 | 000,258,896 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2011/11/06 19:17:14 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011/06/17 07:49:31 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/04/21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS) DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS) DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON) DRV:64bit: - [2011/01/17 09:36:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010/11/25 20:31:32 | 000,409,192 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/10 00:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/09/21 08:20:30 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010/09/14 23:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/09/14 23:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/08/30 12:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/08/25 20:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/08/21 01:21:38 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/07/29 01:23:08 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/04/16 15:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/03/02 08:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/02/27 00:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV - [2013/02/05 09:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2013/01/16 10:14:13 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\ex64.sys -- (NAVEX15) DRV - [2013/01/16 10:14:13 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\eng64.sys -- (NAVENG) DRV - [2013/01/16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/09/14 07:41:34 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130216.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/08/09 11:54:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/09 11:54:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/01/31 19:02:10 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms} IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc} IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martina Ortlepp\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martina Ortlepp\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/09 03:18:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/13 09:23:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2013/02/19 12:27:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 18:05:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 18:05:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/27 18:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martina Ortlepp\AppData\Roaming\mozilla\Extensions [2013/02/12 19:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martina Ortlepp\AppData\Roaming\mozilla\Firefox\Profiles\kfomdhbo.default\extensions [2013/02/12 19:13:04 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Martina Ortlepp\AppData\Roaming\mozilla\firefox\profiles\kfomdhbo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/02/19 10:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/02/19 10:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\MARTINA ORTLEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KFOMDHBO.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM [2013/02/06 18:05:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/21 21:18:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/21 21:18:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/21 21:18:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/11/21 21:18:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/11/21 21:18:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/11/21 21:18:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: searchplusnetwork (Enabled) CHR - default_search_provider: search_url = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Martina Ortlepp\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2614301483-2537791305-717444225-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2614301483-2537791305-717444225-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-2614301483-2537791305-717444225-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2614301483-2537791305-717444225-1001..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2614301483-2537791305-717444225-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2614301483-2537791305-717444225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF16EA6-1494-4F8E-97BD-410CEE837ABD}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/19 10:30:02 | 000,000,000 | ---D | C] -- C:\Users\Martina Ortlepp\AppData\Local\Secunia PSI [2013/02/19 10:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013/02/19 10:28:55 | 003,160,768 | ---- | C] (Secunia) -- C:\Users\Martina Ortlepp\Desktop\PSISetup_3.0.0.4001.exe [2013/02/19 09:42:32 | 000,000,000 | ---D | C] -- C:\Users\Martina Ortlepp\AppData\Roaming\Malwarebytes [2013/02/19 09:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/19 09:42:23 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/19 09:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/19 09:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/19 09:40:11 | 000,000,000 | ---D | C] -- C:\Users\Martina Ortlepp\AppData\Local\Programs [2013/02/19 09:37:16 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Martina Ortlepp\Desktop\mbam-setup-1.70.0.1100.exe [2013/02/18 16:58:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013/02/18 16:57:20 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe [2013/02/14 16:05:58 | 000,000,000 | ---D | C] -- C:\Users\Martina Ortlepp\AppData\Local\OpenFreelyEditTemp [2013/02/14 16:00:09 | 000,000,000 | ---D | C] -- C:\Users\Martina Ortlepp\AppData\Roaming\Media Player Classic [2013/02/12 19:32:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/12 19:32:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/12 19:32:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/12 19:32:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/12 19:32:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/12 19:32:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/12 19:32:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/12 19:32:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/12 19:32:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/12 19:32:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/12 19:32:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/12 19:32:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/12 19:32:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/12 19:32:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/12 19:32:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/12 19:31:08 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/12 19:31:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/12 19:31:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/12 19:31:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/12 19:31:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/12 19:31:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/12 19:31:00 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/12 19:30:59 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/12 19:30:58 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/12 19:30:39 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/07 10:08:10 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente MO\!2013 - Wir [2013/02/06 18:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/02/03 19:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/02/03 19:16:28 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/02/03 19:16:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/02/03 19:16:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/02/03 19:16:05 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/29 16:42:39 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente MO\!2013-Rezepte ========== Files - Modified Within 30 Days ========== [2013/02/19 12:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/19 12:36:28 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/19 12:36:28 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/19 12:32:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2614301483-2537791305-717444225-1001UA.job [2013/02/19 12:28:04 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/19 12:28:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/19 12:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/19 12:27:14 | 1934,090,239 | -HS- | M] () -- C:\hiberfil.sys [2013/02/19 12:23:11 | 000,587,671 | ---- | M] () -- C:\Users\Martina Ortlepp\Desktop\adwcleaner0.exe [2013/02/19 10:46:38 | 000,374,784 | ---- | M] () -- C:\Users\Martina Ortlepp\Desktop\qcmdix4l.exe [2013/02/19 10:35:49 | 002,434,048 | ---- | M] () -- C:\Users\Martina Ortlepp\Desktop\msxml.msi [2013/02/19 10:35:17 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/19 10:35:17 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/19 10:29:50 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/02/19 10:28:56 | 003,160,768 | ---- | M] (Secunia) -- C:\Users\Martina Ortlepp\Desktop\PSISetup_3.0.0.4001.exe [2013/02/19 09:37:17 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Martina Ortlepp\Desktop\mbam-setup-1.70.0.1100.exe [2013/02/18 16:58:34 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013/02/13 16:32:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2614301483-2537791305-717444225-1001Core.job [2013/02/12 19:43:51 | 000,427,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/12 19:37:00 | 001,529,494 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/12 19:37:00 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/12 19:37:00 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/12 19:37:00 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/12 19:37:00 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/05 09:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe [2013/02/05 09:54:40 | 000,037,344 | ---- | M] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013/02/04 16:28:27 | 000,002,376 | ---- | M] () -- C:\Users\Martina Ortlepp\Desktop\Google Chrome.lnk [2013/02/03 19:15:54 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/02/03 19:15:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/02/03 19:15:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/02/03 19:15:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/02/03 19:15:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/02/03 19:15:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe ========== Files Created - No Company Name ========== [2013/02/19 12:23:10 | 000,587,671 | ---- | C] () -- C:\Users\Martina Ortlepp\Desktop\adwcleaner0.exe [2013/02/19 10:46:37 | 000,374,784 | ---- | C] () -- C:\Users\Martina Ortlepp\Desktop\qcmdix4l.exe [2013/02/19 10:35:48 | 002,434,048 | ---- | C] () -- C:\Users\Martina Ortlepp\Desktop\msxml.msi [2013/02/19 10:29:50 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/02/19 10:29:50 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013/02/18 16:58:34 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013/02/18 16:57:20 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013/02/18 16:57:20 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013/01/19 12:57:43 | 000,001,616 | ---- | C] () -- C:\Users\Martina Ortlepp\AppData\Local\recently-used.xbel [2012/10/27 15:31:50 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/01/12 18:50:22 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/11/03 12:48:37 | 000,012,288 | ---- | C] () -- C:\Users\Martina Ortlepp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/15 20:33:32 | 000,001,940 | ---- | C] () -- C:\Users\Martina Ortlepp\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/06/11 10:40:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/04/17 16:24:46 | 000,142,704 | ---- | C] () -- C:\Windows\wiainst64.exe [2011/04/17 16:23:48 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011/04/17 16:23:35 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011/03/02 22:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/03/02 22:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/03/02 22:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/03/02 22:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/03/02 22:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
19.02.2013, 12:06
| #5 |
| /// TB-Ausbilder | search plus site in Google Chrome und PUP.Blabber entfernen Hallo Martina, mach noch folgene Schritte und teile mir mit, ob danach diese unerwünschte Startseite immer noch da ist oder nicht. Hast du sonst noch Probleme mit diesem Rechner oder alles ok? Schritt 1
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2614301483-2537791305-717444225-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\MARTINA ORTLEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KFOMDHBO.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM
CHR - default_search_provider: searchplusnetwork (Enabled)
CHR - default_search_provider: search_url = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
:commands
[emptytemp]
Schritt 2 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 3 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
19.02.2013, 20:15
| #6 |
| | search plus site in Google Chrome und PUP.Blabber entfernen All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-2614301483-2537791305-717444225-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Prefs.js: bbrs_002%40blabbers.com:1.0.5 removed from extensions.enabledAddons Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 57616 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Martina Ortlepp ->Temp folder emptied: 4679138 bytes ->Temporary Internet Files folder emptied: 97299213 bytes ->Java cache emptied: 524021 bytes ->FireFox cache emptied: 77387745 bytes ->Google Chrome cache emptied: 411198718 bytes ->Flash cache emptied: 16259 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2817286 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 7136418420 bytes Total Files Cleaned = 7,372.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02192013_210659 Files\Folders moved on Reboot... C:\Users\Martina Ortlepp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
19.02.2013, 21:09
| #7 |
| /// TB-Ausbilder | search plus site in Google Chrome und PUP.Blabber entfernen Ok, fehlt noch ESET und SecurityCheck.
__________________ cheers, Leo |
|
20.02.2013, 08:47
| #8 |
| | search plus site in Google Chrome und PUP.Blabber entfernen ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=d653b74cc49e5b409bd26d442df93710 # engine=13195 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-20 12:45:20 # local_time=2013-02-20 01:45:20 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3589 16777213 100 80 11514195 111983616 0 0 # compatibility_mode=5893 16776574 100 94 52753121 112950970 0 0 # scanned=203814 # found=3 # cleaned=0 # scan_time=14938 sh=C8021421B644A33957E2332002DA544D70947E54 ft=1 fh=16a434f7182a6edd vn="Win32/StartPage.OPH trojan" ac=I fn="C:\Users\Martina Ortlepp\Downloads\vlc-2.0.1-win32.exe" sh=71573EA155789E39AA27B5D9B8C2A228934E1D68 ft=0 fh=0000000000000000 vn="Win32/StartPage.OPH trojan" ac=I fn="F:\MEINSAMSUNG\Backup Set 2012-06-01 130627\Backup Files 2012-06-01 130627\Backup files 5.zip" sh=9722E0499CC70B0612D9382C6D55EBABA0201244 ft=0 fh=0000000000000000 vn="Win32/StartPage.OPH trojan" ac=I fn="F:\MEINSAMSUNG\Backup Set 2012-11-07 112432\Backup Files 2012-11-07 112432\Backup files 6.zip" Results of screen317's Security Check version 0.99.58 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.4001) Malwarebytes Anti-Malware Version 1.70.0.1100 Java(TM) 6 Update 39 Java 7 Update 13 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0.2) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
20.02.2013, 09:20
| #9 | |
| /// TB-Ausbilder | search plus site in Google Chrome und PUP.Blabber entfernen Hallo, ist denn dein Problem mit der Startseite jetzt gelöst? Oder ist noch etwas zu tun? Lösch das: Zitat:
Wenn jetzt alles ok ist, dann deinstallier noch veraltete Software und wir räumen die Tools auf. Schritt 1
Schritt 2 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Schritt 3 Dein Firefox ist nicht mehr aktuell. Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch. Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird. Schritt 4 Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen. Falls du ESET aber deinstallieren möchtest, dann: Drücke bitte die  + R Taste, kopiere folgenden Text in das Ausführen FensterCode:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
20.02.2013, 13:36
| #10 |
| | search plus site in Google Chrome und PUP.Blabber entfernen Hallo Leo, erneut vielen Dank für die Anweisungen. Die Erfolge haben sich eingestellt. Super! Ich habe alle Punkte aus Deinem letzten Eintrag abgearbeitet. Java, VLC und Adobe sind neu aufgespielt und sind up-to-date. Auch Firefox hab ich aktualisiert. Mit delfix konnte ich die installierten Bereinigungsprogramme löschen, das, was nicht wegging, hab ich manuell gelöscht. Chrome läßt sich wunderbar starten, die search plus Seite ist verschwunden. Ich habe standardmäßig wieder google als Suchdienst aktiviert und searchplusnetwork aus der Suchmaschinenverwaltung entfernt. Sonst kann ich keine weiteren Probleme feststellen. Noch zwei Fragen: - während eines Scann der Festplatte wurden in zwei meiner back-ups infizierte Dateien gefunden (Eintrag 8). Soll ich diese beiden back-ups einfach löschen? Wenn ich jetzt ein neues back-up erstelle, sollte nun ja eigentlich keine Datei mir infiziert sein und die alten back-ups würden durch mein Löschen ihre mögliche Gefährlichkeit ja verlieren - oder? - soll ich mir neben Norton auch die kostenpflichtige Version von Malwarebytes zulegen und die parallel zum Norten generell mitlaufen lassen oder gibt es bei dieser Konstellation Komplikationen? Reicht der Norton? (laut Deinen Hinweisen unter "Epilog" würde ja eigentlich der Norton reichen... neben generellen updates der Programme) Auch ich werde euer Forum weiterempfehlen und hoffe natürlich nicht so schnell hier wieder vorstellig zu werden. Den Epilog werde ich "abarbeiten" und mich natürlich an diese Hinweise halten. Eine finanzielle Unterstützung sei euch gewiss. Ich schreite gleich zur Tat.  Gruß, Martina |
|
20.02.2013, 14:09
| #11 | ||||
| /// TB-Ausbilder | search plus site in Google Chrome und PUP.Blabber entfernen Hallo Martina, Zitat:
Zitat:
Du kannst aber diese alten Backups löschen und jetzt ein vollständiges neues Backup erstellen, dann ist sicher alles ganz sauber, ja. Zitat:
Diese Anschaffung wäre sicher kein Fehler, aber ich würde bei der kostenlosen Version von Malwarebytes (ohne Hintergrundwächter) bleiben und ab und zu einen Kontrollscan damit machen. Zitat:
Freut mich, dass wir helfen konnten.  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu search plus site in Google Chrome und PUP.Blabber entfernen |
| administrator, adobe, anti-malware, autostart, dateien, entfernen, ergebnis, explorer, gelöscht, google, java, log-file, malwarebytes, microsoft, nicht mehr, programm, pup blabbers, rechner, scan, search plus startseite, seite, service, software, speicher, startseite, test, version |
Textbox.
