Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Versch. Trojaner: TR/Ransom, TR/Matsnu

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.05.2013, 18:50   #1
Colli80
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



Hallo,
ich hoffe ihr könnt mir helfen. Heute meldete sich mein Antivir Programm und zeigte einen Trojaner an. Gestern Abend hatte ich bereits Probleme beim Online banking, der verlangte Tans von mir und diese habe ich natürlich nicht eingegeben. Ich habe dann erstmal mein Bankkonto für Onlinebanking sperren lassen. Ich habe dann Spybot durchlaufen lassen doch der fand nichts. Und heute kam dann wie schon geschrieben die Trojanermeldung. Ich sende mal meinen Report von Antivir:

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 3. Mai 2013  14:43

Es wird nach 4477044 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : LAPPI

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 16:35:34
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 11:25:04
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 11:25:04
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 11:25:04
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 15:41:00
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 15:14:36
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 19:08:18
VBASE002.VDF   : 7.11.74.227     2048 Bytes  30.04.2013 19:08:18
VBASE003.VDF   : 7.11.74.228     2048 Bytes  30.04.2013 19:08:18
VBASE004.VDF   : 7.11.74.229     2048 Bytes  30.04.2013 19:08:18
VBASE005.VDF   : 7.11.74.230     2048 Bytes  30.04.2013 19:08:18
VBASE006.VDF   : 7.11.74.231     2048 Bytes  30.04.2013 19:08:18
VBASE007.VDF   : 7.11.74.232     2048 Bytes  30.04.2013 19:08:18
VBASE008.VDF   : 7.11.74.233     2048 Bytes  30.04.2013 19:08:19
VBASE009.VDF   : 7.11.74.234     2048 Bytes  30.04.2013 19:08:19
VBASE010.VDF   : 7.11.74.235     2048 Bytes  30.04.2013 19:08:19
VBASE011.VDF   : 7.11.74.236     2048 Bytes  30.04.2013 19:08:19
VBASE012.VDF   : 7.11.74.237     2048 Bytes  30.04.2013 19:08:19
VBASE013.VDF   : 7.11.74.238     2048 Bytes  30.04.2013 19:08:19
VBASE014.VDF   : 7.11.75.97    181248 Bytes  02.05.2013 19:08:20
VBASE015.VDF   : 7.11.75.98      2048 Bytes  02.05.2013 19:08:20
VBASE016.VDF   : 7.11.75.99      2048 Bytes  02.05.2013 19:08:20
VBASE017.VDF   : 7.11.75.100     2048 Bytes  02.05.2013 19:08:20
VBASE018.VDF   : 7.11.75.101     2048 Bytes  02.05.2013 19:08:20
VBASE019.VDF   : 7.11.75.102     2048 Bytes  02.05.2013 19:08:21
VBASE020.VDF   : 7.11.75.103     2048 Bytes  02.05.2013 19:08:21
VBASE021.VDF   : 7.11.75.104     2048 Bytes  02.05.2013 19:08:21
VBASE022.VDF   : 7.11.75.105     2048 Bytes  02.05.2013 19:08:21
VBASE023.VDF   : 7.11.75.106     2048 Bytes  02.05.2013 19:08:21
VBASE024.VDF   : 7.11.75.107     2048 Bytes  02.05.2013 19:08:21
VBASE025.VDF   : 7.11.75.108     2048 Bytes  02.05.2013 19:08:22
VBASE026.VDF   : 7.11.75.109     2048 Bytes  02.05.2013 19:08:22
VBASE027.VDF   : 7.11.75.110     2048 Bytes  02.05.2013 19:08:22
VBASE028.VDF   : 7.11.75.111     2048 Bytes  02.05.2013 19:08:22
VBASE029.VDF   : 7.11.75.112     2048 Bytes  02.05.2013 19:08:22
VBASE030.VDF   : 7.11.75.113     2048 Bytes  02.05.2013 19:08:22
VBASE031.VDF   : 7.11.75.162    76288 Bytes  02.05.2013 19:08:23
Engineversion  : 8.2.12.32 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 17:08:10
AESCRIPT.DLL   : 8.1.4.108     483709 Bytes  25.04.2013 18:12:52
AESCN.DLL      : 8.1.10.4      131446 Bytes  27.03.2013 17:01:12
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 18:59:32
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 16:07:52
AEPACK.DLL     : 8.3.2.6       827767 Bytes  28.03.2013 17:01:13
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 20:24:44
AEHEUR.DLL     : 8.1.4.318    5894521 Bytes  25.04.2013 18:12:51
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 15:35:14
AEGEN.DLL      : 8.1.7.2       442741 Bytes  27.03.2013 17:01:11
AEEXP.DLL      : 8.4.0.24      196982 Bytes  25.04.2013 18:12:52
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 17:08:09
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 20:12:46
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 20:19:32
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 11:25:04
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 16:35:33
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 11:25:04
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 16:35:33
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 11:25:04
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 11:25:04
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 17:05:01
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 11:25:04
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 17:04:58
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 16:35:32

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 3. Mai 2013  14:43

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SDUpdate.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '165' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_7_700_169_ActiveX.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySpeedUpManager.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPBackground.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSCKbdHk.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'WCScheduler.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmartEco.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ImApp.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmartSetting.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'YCMMirage.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'WifiManager.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'MovieColorEnhancer.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'dmhkcore.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDTray.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrMfimon.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'brccMCtl.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrMfcWnd.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCDDaemon.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIExec.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'axmo.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'IncMail.exe' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWSCSvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdSvc.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'AssistantServices.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDFSSvc.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'KMService.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'srvany.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1508' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Colli\AppData\Local\IM\Identities\{9B936CC6-0C5F-4CAB-AA37-717B5CFAF1DF}\Message Store\Attachments\Groupon GmbH Mahnung  für Nicole Hubrig 14.03.2013.zip
  [0] Archivtyp: ZIP
  --> Groupon GmbH 14.03.2013 Rechnung.zip
      [1] Archivtyp: ZIP
    --> Groupon GmbH 14.03.2013 Rechnung.com
        [FUND]      Ist das Trojanische Pferd TR/Matsnu.EB.128
C:\Users\Colli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\77c08db3-592ecea8
  [0] Archivtyp: ZIP
  --> Float.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Karamel.DT.1
  --> Float010.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0431.CB
  --> Float011.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.btp
  --> Float013.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.btq
  --> Float014.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Themod.HC.1
  --> Float02.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.btr
  --> Float03.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.bts
  --> Float04.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.btt
  --> Float05.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.btu
  --> Float06.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Hidecoz.A.1
  --> Float07.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.btv
  --> Float08.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Hidecoz.C.1
  --> Float09.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.btw
Beginne mit der Suche in 'D:\'

Beginne mit der Desinfektion:
C:\Users\Colli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\77c08db3-592ecea8
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.btw
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '576174fc.qua' verschoben!
C:\Users\Colli\AppData\Local\IM\Identities\{9B936CC6-0C5F-4CAB-AA37-717B5CFAF1DF}\Message Store\Attachments\Groupon GmbH Mahnung  für Nicole Hubrig 14.03.2013.zip
  [FUND]      Ist das Trojanische Pferd TR/Matsnu.EB.128
  [HINWEIS]   Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
  [HINWEIS]   Die Datei existiert nicht!


Ende des Suchlaufs: Freitag, 3. Mai 2013  17:34
Benötigte Zeit:  2:49:09 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  32921 Verzeichnisse wurden überprüft
 719721 Dateien wurden geprüft
     14 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 719707 Dateien ohne Befall
  11905 Archive wurden durchsucht
      0 Warnungen
      2 Hinweise
 721762 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Danke schonmal für Eure Hilfe. Ich bin totaler Laie, aber verspreche mich anzustrengen

Alt 03.05.2013, 20:52   #2
t'john
/// Helfer-Team
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu






Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




dann:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 04.05.2013, 09:50   #3
Colli80
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



Hallo t'john,

danke vorab schonmal für Deine Hilfe.

Malwarebytes Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Colli :: LAPPI [Administrator]

03.05.2013 22:10:55
mbam-log-2013-05-03 (22-10-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 508893
Laufzeit: 2 Stunde(n), 27 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1964 -> Löschen bei Neustart.
C:\Users\Colli\AppData\Roaming\Ubku\axmo.exe (Spyware.Zbot.ED) -> 2584 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yzmoh (Spyware.Zbot.ED) -> Daten: C:\Users\Colli\AppData\Roaming\Ubku\axmo.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.
C:\Users\Colli\AppData\Roaming\Ubku\axmo.exe (Spyware.Zbot.ED) -> Löschen bei Neustart.
C:\Users\Colli\spiele\Little Shop of Treasures Deluxe\littleshopoftreasures.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
OTL Log:
1
Code:
ATTFilter
OTL logfile created on: 5/4/2013 10:24:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Colli\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.48 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 62.46% Memory free
10.96 Gb Paging File | 8.61 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 394.00 Gb Total Space | 56.61 Gb Free Space | 14.37% Space Free | Partition Type: NTFS
Drive D: | 178.90 Gb Total Space | 178.81 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI | User Name: Colli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Colli\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPWebService.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe ()
PRC - C:\Program Files (x86)\Join Air\UIExec.exe ()
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\PMC.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll ()
MOD - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\Join Air\UIExec.exe ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=
IE - HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\..\SearchScopes,DefaultScope = {26C75A22-40C4-470C-8323-8C37318555A8}
IE - HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\..\SearchScopes\{26C75A22-40C4-470C-8323-8C37318555A8}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2545573064-1671415295-1629012448-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2545573064-1671415295-1629012448-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2545573064-1671415295-1629012448-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-2545573064-1671415295-1629012448-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2545573064-1671415295-1629012448-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Colli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Colli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C3D2E0-02A9-463E-9D6B-B89D82259B55}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1570a016-354a-11e1-83a5-e81132cccb38}\Shell - "" = AutoRun
O33 - MountPoints2\{1570a016-354a-11e1-83a5-e81132cccb38}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{cd1f01fc-110a-11e1-acc2-e81132cccb38}\Shell - "" = AutoRun
O33 - MountPoints2\{cd1f01fc-110a-11e1-acc2-e81132cccb38}\Shell\AutoRun\command - "" = G:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/04 10:22:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Colli\Desktop\OTL.exe
[2013/05/03 22:08:24 | 000,000,000 | ---D | C] -- C:\Users\Colli\AppData\Roaming\Malwarebytes
[2013/05/03 22:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/03 22:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/03 22:08:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/05/03 22:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/03 22:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/03 22:01:50 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/05/03 22:01:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/05/03 22:01:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/05/03 22:01:43 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/01 21:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/01 21:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/01 21:19:06 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/05/01 21:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/05/01 21:18:27 | 000,000,000 | ---D | C] -- C:\Users\Colli\AppData\Local\Programs
[2013/04/30 22:45:57 | 000,000,000 | ---D | C] -- C:\Users\Colli\AppData\Roaming\Ubku
[2013/04/30 22:45:57 | 000,000,000 | ---D | C] -- C:\Users\Colli\AppData\Roaming\Opsu
[2013/04/30 22:45:57 | 000,000,000 | ---D | C] -- C:\Users\Colli\AppData\Roaming\Leezam
[2013/04/14 15:17:46 | 000,000,000 | ---D | C] -- C:\Users\Colli\AppData\Local\{E945CB86-6809-44AE-B991-637BB0EB5C1C}
[2013/04/14 15:17:45 | 000,000,000 | ---D | C] -- C:\Users\Colli\AppData\Local\{5C0091AD-17B4-4358-B5E3-BBB4DDB16CB0}
[2013/04/11 07:24:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/04/11 07:24:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/04/11 07:24:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/04/11 07:24:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/04/11 07:24:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/04/11 07:24:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/04/11 07:24:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/04/11 07:24:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/04/11 07:24:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/04/11 07:24:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/04/11 07:24:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/04/11 07:24:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/04/11 07:24:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/04/11 07:24:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/04/11 07:24:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/04/10 17:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/04/10 17:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/04/10 16:57:44 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/04/10 16:57:43 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/04/10 16:57:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013/04/10 16:57:42 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013/04/10 16:57:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013/04/10 16:57:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013/04/10 16:57:33 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/04/10 16:57:32 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/04/10 16:57:31 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/04/10 16:57:31 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/04/10 16:57:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/04/10 16:57:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/04 10:26:46 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 10:26:46 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 10:26:01 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/04 10:26:00 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/04 10:22:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Colli\Desktop\OTL.exe
[2013/05/04 10:19:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/04 10:19:01 | 1589,374,975 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/03 23:51:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/03 22:01:37 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/05/03 22:01:37 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/05/03 22:01:37 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/05/03 22:01:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/05/03 22:01:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/05/03 22:01:37 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/02 18:07:58 | 006,533,375 | ---- | M] () -- C:\Users\Colli\Desktop\BRO07_13_Diva_Mittelmeer_15_17.pdf
[2013/04/24 17:12:45 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/04/24 17:12:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/14 15:12:37 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/14 15:12:37 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/04/14 15:12:37 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/14 15:12:37 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/04/14 15:12:37 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/11 19:36:13 | 000,427,072 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/04/09 20:36:22 | 553,120,204 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013/05/02 18:07:56 | 006,533,375 | ---- | C] () -- C:\Users\Colli\Desktop\BRO07_13_Diva_Mittelmeer_15_17.pdf
[2013/05/01 21:19:13 | 000,002,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/10 17:01:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/07 23:33:05 | 001,744,626 | ---- | C] () -- C:\Users\Colli\Gutschein_653-EURESA GmbH - Reisevermittlung-4d531.pdf
[2012/06/30 10:18:26 | 000,007,124 | ---- | C] () -- C:\Users\Colli\AppData\Local\recently-used.xbel
[2011/12/12 19:12:22 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe
[2011/11/16 21:11:44 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/07/21 20:58:30 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/07/21 20:57:58 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/07/21 07:23:46 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/07/21 06:51:40 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/07/21 06:38:29 | 000,000,918 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/07/21 06:03:11 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/03/04 13:14:45 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\AIDA Designer
[2012/03/19 19:51:32 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\AIDAblu Designer
[2012/03/19 22:50:05 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\AIDAdiva Designer
[2013/01/01 23:10:41 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\AlawarEntertainment
[2013/03/15 16:44:15 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Amazon
[2012/12/16 12:42:10 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Ashampoo
[2011/12/12 22:24:56 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\BlamGames
[2012/12/16 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\DVDVideoSoft
[2011/11/17 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/08/28 21:43:32 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Emess
[2012/10/26 22:22:17 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Farm Mania 2.1
[2011/12/12 22:28:35 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\iWin
[2013/05/03 20:29:26 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Leezam
[2011/12/12 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Oberon Games
[2013/04/30 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Opsu
[2011/12/31 14:03:41 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Origin
[2013/05/04 00:44:17 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Ubku
[2013/01/08 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\UseNeXT
[2012/08/28 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\Colli\AppData\Roaming\Zyulu
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2AE74FF9

< End of report >
         
2
Code:
ATTFilter
OTL Extras logfile created on: 5/4/2013 10:24:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Colli\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.48 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 62.46% Memory free
10.96 Gb Paging File | 8.61 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 394.00 Gb Total Space | 56.61 Gb Free Space | 14.37% Space Free | Partition Type: NTFS
Drive D: | 178.90 Gb Total Space | 178.81 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI | User Name: Colli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03485101-29AE-495D-84EF-6A9814A52813}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{039EACBC-809B-45A1-B9D1-B99720ED8B2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0877E5E5-5F79-4133-91EE-21DD42B3D071}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0AA820FD-C328-4C32-9EDD-FC4E36F28CA4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{0ABA5B3F-F540-4543-9F05-2DC7664962FA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{198285CC-5F00-45D5-B830-197E2164D86D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1D5F9E1D-EE6D-4C7A-B788-214D0E5A9992}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2BA111D1-6C26-4FC8-A648-53EADA3391D9}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{2E8BB2D6-579D-467D-A47A-2B4861798429}" = rport=445 | protocol=6 | dir=out | app=system | 
"{70925FC6-7C9E-49DF-916D-4B49F27C6092}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{75438D6C-78EF-47C9-9417-7E7CED837A4D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C327EB5-A7C6-49D8-8190-AA884A896185}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8989A35B-0FE8-467F-BCA1-F30F50FC590C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B95D02D-5AB9-40FE-9DED-E298FAC3CF84}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D3DDCA9-22E8-4FBC-A027-68B65EADAB62}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A0DCF056-D118-4F7B-81D4-86666EAC1D08}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A39EA385-36A7-4CF4-9048-3B2FAC3D67CC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AF3CB177-AD7B-485B-A638-7752472C9D7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BC262555-9CCC-43AC-AA2D-D6D6BA6214A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF6CC027-F345-44A8-AE44-C739A8F315B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CE794129-3BA4-4148-A605-5F5B1C8EC197}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D718A169-7BF9-4990-A677-9EA11DA20FE3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DD054B3E-69BC-43E5-A92F-3604D4919C2A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DE19C55F-69A4-4837-A151-C3A14EDAC912}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FF0E4444-A32F-4A3C-8338-9936864B635B}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060DFE2B-EF2B-4A0B-98DF-8DB2E4A5EAC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{14B34E69-2688-44B7-9335-054C06452FA9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1D693F74-13AE-4B3C-A12D-83E626D15553}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2C612A08-4388-4E03-9FC1-D7E442BA85A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F52CACC-420D-4F32-B23C-854D3A0ABDC2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{30C25AC2-3DB2-4D8E-9586-B030CFD2DE65}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{33D218BC-2254-4513-8885-4EF0CBA07F96}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{3BDD62F2-EE9D-4DDB-ADD4-AE9AB20FE1A8}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{3CC195B3-DBBC-4D27-A786-9660D48EDE9B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{4344CF9C-8925-4271-8C74-9FC2C2756FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{49639C01-1CF2-4A6B-B721-CC8B990EE379}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4CD8EF00-63A0-48D7-9DA0-B1E17FFFF066}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{536795E1-3F8B-4BE7-8EBB-15C6045CC393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A68F506-6430-4699-892E-C5FCE91623AD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{5DE60AAD-259B-4A32-997B-29A78B957E08}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{67059789-DC60-42CE-8DC8-3B28B03891E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{68D812B0-5345-447E-8A5B-318C3547771E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{752DF0A3-F849-4572-8243-3EA33FA265B2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{76536418-9980-4136-A940-01AC3FDA8068}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{8B480C3A-6A16-4D4C-B11F-36B65A1A15B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8BAB6BBE-A628-426C-9307-F64555D3F63A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8CEE7ADA-FA5E-4851-B12B-800FD1EF8BD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EA0BADE-449E-4A83-8587-E54034C781CD}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{A634311D-A6C7-432F-9FFC-57B6C5D58533}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B533BEAD-760B-4082-9DA0-54BF2F0D93C5}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{C923E5E2-0285-4557-8A8C-35D3E38781C1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D408D0C4-0F16-4FA0-A753-D83521154E0D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6A849E9-92FA-4A95-AF54-EAD7AF062DA4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DEDACDC5-7B92-447E-ABDF-DAD95C4C937E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3BDDD45-47EF-4F5A-BC1B-90FBADA7C377}" = protocol=6 | dir=out | app=system | 
"{F2FF1FC4-67A7-4417-A842-FE7878EA0F0B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F48F3BCE-F31E-42D8-9F2D-F6C5C3AA264D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{41B64480-DEA9-4E84-9189-3F2CD9C148B0}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{C719DA4C-D9C2-415B-A3F1-3F22CBF1F864}C:\users\colli\appdata\roaming\zyulu\ecxay.exe" = protocol=6 | dir=in | app=c:\users\colli\appdata\roaming\zyulu\ecxay.exe | 
"TCP Query User{FB8A7C9C-6A45-401F-90E1-EF2031A73192}C:\users\colli\appdata\roaming\zyulu\ecxay.exe" = protocol=6 | dir=in | app=c:\users\colli\appdata\roaming\zyulu\ecxay.exe | 
"UDP Query User{077F1BDB-774E-4F0F-90D7-273BD6CEAA5E}C:\users\colli\appdata\roaming\zyulu\ecxay.exe" = protocol=17 | dir=in | app=c:\users\colli\appdata\roaming\zyulu\ecxay.exe | 
"UDP Query User{4EFBE36D-81E8-4034-91DC-FB3106AE8184}C:\users\colli\appdata\roaming\zyulu\ecxay.exe" = protocol=17 | dir=in | app=c:\users\colli\appdata\roaming\zyulu\ecxay.exe | 
"UDP Query User{A08AD85C-789A-4C3E-B26A-E3930A21AEB9}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{129EE1A8-FA82-5E76-0DE5-50D51ED1AF7E}" = ATI Catalyst Install Manager
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{601D7B72-FEE9-FECD-7304-3FBE8465F440}" = ccc-utility64
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-X64 10.0.7.2_WHQL
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0658C55D-D095-6B0B-A662-36A8202F1408}" = AMD VISION Engine Control Center
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A303DB2-DCB9-324F-1B05-30A819E66A3B}" = CCC Help German
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1181AA5B-8EFD-4AC5-8CDE-A1F7307B3427}" = EasyFileShare
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Samsung Control Center
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F68DD28-BF5B-52AC-B584-4B8E546F069A}" = CCC Help Japanese
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{44F4024E-5214-B183-AC1A-E92486AE3CDA}" = CCC Help French
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A312E06-B7B6-5B75-18AA-1262EAB41971}" = CCC Help Portuguese
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B56AC11-A09B-D148-EA51-AB4500A84F50}" = Catalyst Control Center InstallProxy
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.8.0
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95D5C923-A6C2-5629-7873-938099245C53}" = CCC Help Spanish
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8E4762-3331-4EDB-8E1F-B11179DDBC00}" = Eco Mode
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D554E62-4CC6-F0D8-ECFC-817830E8496A}" = CCC Help Chinese Standard
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BE73A21F-D108-2652-3F12-65C2D264C895}" = Catalyst Control Center Localization All
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F08F7C0A-30E7-23D6-F0B3-BB1717ACA5D2}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEB42E39-CD8A-28A5-981B-1D8302CD50D7}" = CCC Help Italian
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"aida_blu_is1" = AIDAblu Designer 3.1.2
"aida_diva_is1" = AIDAdiva Designer 3.1.2
"aida_is1" = AIDA Designer 3.1.2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.31.916
"IncrediMail" = IncrediMail 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"ProInst" = Intel PROSet Wireless
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"UseNeXT_is1" = UseNeXT
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live 程式集
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/17/2012 4:55:40 AM | Computer Name = Lappi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IncMail.exe, Version: 6.2.9.5139,
 Zeitstempel: 0x4eba9214  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc015000f  Fehleroffset: 0x00084621  ID des fehlerhaften
 Prozesses: 0xa14  Startzeit der fehlerhaften Anwendung: 0x01cddc2d9e22412e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 881826c3-4827-11e2-8317-e81132cccb38
 
Error - 12/17/2012 5:31:21 AM | Computer Name = Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/17/2012 12:49:16 PM | Computer Name = Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/18/2012 2:29:55 AM | Computer Name = Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/18/2012 1:36:34 PM | Computer Name = Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/19/2012 11:42:25 AM | Computer Name = Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/19/2012 12:25:45 PM | Computer Name = Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/20/2012 2:38:03 PM | Computer Name = Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/21/2012 3:08:24 AM | Computer Name = Lappi | Source = WinMgmt | ID = 10
Description = 
 
Error - 12/21/2012 9:57:24 AM | Computer Name = Lappi | Source = WinMgmt | ID = 10
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 5/1/2013 3:55:51 PM | Computer Name = Lappi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 5/2/2013 11:20:27 AM | Computer Name = Lappi | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 5/1/2013 5:10:31 PM | Computer Name = Lappi | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007041d
 
Error - 5/1/2013 5:12:31 PM | Computer Name = Lappi | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
Error - 5/3/2013 11:46:30 AM | Computer Name = Lappi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Peernetzwerkidentitäts-Manager erreicht.
 
Error - 5/3/2013 11:46:30 AM | Computer Name = Lappi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Peernetzwerkidentitäts-Manager" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 5/3/2013 11:46:30 AM | Computer Name = Lappi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peernetzwerkidentitäts-Manager"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1053
 
Error - 5/3/2013 11:46:30 AM | Computer Name = Lappi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peer Name Resolution-Protokoll" ist vom Dienst "Peernetzwerkidentitäts-Manager"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1053
 
Error - 5/3/2013 11:46:55 AM | Computer Name = Lappi | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 5/3/2013 1:30:11 PM | Computer Name = Lappi | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus.
 
Error - 5/3/2013 1:53:04 PM | Computer Name = Lappi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Spybot-S&D 2 Updating Service erreicht.
 
Error - 5/3/2013 1:53:04 PM | Computer Name = Lappi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
__________________

Alt 04.05.2013, 13:23   #4
t'john
/// Helfer-Team
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:

ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.05.2013, 16:45   #5
Colli80
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



aswMBR.exe habe ich wie beschrieben gespeichert und den Scan begonnen. Nach ca. 4 Minuten ist der Scan abgebrochen und es stand, dass das Program wegen eines Problems beendet werden muss. Ich habe dann unter AV Scan (none) eingestellt:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-04 17:37:59
-----------------------------
17:37:59.320    OS Version: Windows x64 6.1.7601 Service Pack 1
17:37:59.320    Number of processors: 4 586 0x100
17:37:59.320    ComputerName: LAPPI  UserName: Colli
17:38:01.052    Initialize success
17:38:26.339    AVAST engine defs: 13050400
17:39:30.097    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
17:39:30.097    Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 11
17:39:30.268    Disk 0 MBR read successfully
17:39:30.268    Disk 0 MBR scan
17:39:30.284    Disk 0 unknown MBR code
17:39:30.284    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:39:30.300    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       403456 MB offset 206848
17:39:30.315    Disk 0 Partition - 00     0F Extended LBA            183194 MB offset 826484736
17:39:30.346    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        23729 MB offset 1201666048
17:39:30.393    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       183193 MB offset 826486784
17:39:30.565    Disk 0 scanning C:\windows\system32\drivers
17:39:43.747    Service scanning
17:40:18.441    Modules scanning
17:40:18.457    Disk 0 trace - called modules:
17:40:18.519    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
17:40:18.535    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b2f060]
17:40:18.550    3 CLASSPNP.SYS[fffff8800193943f] -> nt!IofCallDriver -> [0xfffffa80065b9040]
17:40:18.550    5 amd_xata.sys[fffff880011238f7] -> nt!IofCallDriver -> \Device\00000069[0xfffffa80065b5060]
17:40:18.566    Scan finished successfully
17:43:29.230    Disk 0 MBR has been saved successfully to "C:\Users\Colli\Desktop\MBR.dat"
17:43:29.245    The log file has been saved successfully to "C:\Users\Colli\Desktop\aswMBR.txt"
         
Soll ich nun trotzdem mit ESET weiter machen?


Alt 04.05.2013, 19:48   #6
t'john
/// Helfer-Team
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



japp, ab ESET weitermachen!
__________________
--> Versch. Trojaner: TR/Ransom, TR/Matsnu

Alt 05.05.2013, 07:03   #7
Colli80
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



Hier der Logfile von ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=158e825603ae884aa7e8036c536c856a
# engine=13755
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-05 12:30:18
# local_time=2013-05-05 02:30:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 18896 233133508 11678 0
# compatibility_mode=5893 16776573 100 94 129487 119343668 0 0
# scanned=393552
# found=8
# cleaned=8
# scan_time=17975
sh=12A869C10E954EFD2012E27D65C93C40D7073742 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Colli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4ELL79QK\vv51644f9bcba6e033467294-558654[1].htm"
sh=12A869C10E954EFD2012E27D65C93C40D7073742 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Colli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5CKZLPO5\vv51644f9bcba6e033467294-558654[1].htm"
sh=E2C9BB8C8A6B3E0AC4CE24AF2AD4E30526B52BF4 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Colli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\63THNDM6\vv51644f9be3aec620090692-558655[1].htm"
sh=6B37729C817E1093A62934FA27A0F74EF88A644A ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Colli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUOIZISU\vv5164554862412478724704-558666[1].htm"
sh=B7F340087B7B8ABF68E7B3436CB5CA60EC583B60 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Colli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LYS736RI\vv51644f9bb3a20005855283-558653[1].htm"
sh=AA981DF82152834561E334437CA670A6189A4E08 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Colli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZCBUMGBP\vv51644f9c0c795978314064-558656[1].htm"
sh=64258F80CA997862E2E9449C9113C044D763DD61 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Colli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZCBUMGBP\vv51645bd848db4359271518-558703[1].htm"
sh=445A281D8236F06974CA5455B98A5FDD392A270E ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.O trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Colli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\2e3e5a83-6b05df29"
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 05.05.2013, 08:36   #8
t'john
/// Helfer-Team
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



Mit Temp File Cleaner - Download - Filepony die Funde in den Temps loeschen.



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.05.2013, 09:32   #9
Colli80
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 20.0 ist aktuell

Flash (11,7,700,169) ist aktuell.

Java ist Installiert aber nicht aktiviert.

Adobe Reader 11,0,2,0 ist aktuell.

Alt 05.05.2013, 11:36   #10
t'john
/// Helfer-Team
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.




Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.05.2013, 11:56   #11
Colli80
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



Na das hört sich doch gut an. Danke für Deine Hilfe!
Den adwcleaner habe ich gar nicht. Soll ich dann gleich mit der Tool-Bereinigung loslegen?

Alt 05.05.2013, 11:59   #12
t'john
/// Helfer-Team
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



Zitat:
Soll ich dann gleich mit der Tool-Bereinigung loslegen?
Genau

wuensche eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.05.2013, 12:12   #13
Colli80
 
Versch. Trojaner: TR/Ransom, TR/Matsnu - Standard

Versch. Trojaner: TR/Ransom, TR/Matsnu



Danke nochmal für Deine Hilfe! Ich hoffe doch mal auf eine lange virenfreie Zeit

Antwort

Themen zu Versch. Trojaner: TR/Ransom, TR/Matsnu
appdata, ebanking, exp/cve-2013-0431.cb, iexplore.exe, java/dldr.hidecoz.a.1, java/dldr.hidecoz.c.1, java/dldr.karamel.dt.1, java/dldr.themod.hc.1, java/exploit.cve-2013-2423.o, java/jogek.btp, java/jogek.btq, java/jogek.btr, java/jogek.bts, java/jogek.btt, java/jogek.btu, java/jogek.btv, java/jogek.btw, js/trojandownloader.iframe.nke, online banking, pup.downloader.zyl, riskware.tool.ck, services.exe, spyware.zbot.ed, tr/matsnu.eb.128, tr/ransom, windows



Ähnliche Themen: Versch. Trojaner: TR/Ransom, TR/Matsnu


  1. Avira hat Trojaner TR/Matsnu.EB.133 gefunden
    Log-Analyse und Auswertung - 15.06.2014 (7)
  2. Trojaner: Win32/Matsnu.L und JS/iframeRef.k
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (1)
  3. Win 7 (64bit); Versch. Schädlinge nach Java Update (? (Trojaner, Virus, Adware & Exploits)); Internetgeschwindigkeit massiv reduziert
    Log-Analyse und Auswertung - 18.09.2013 (11)
  4. Windows 7:Werde Viren nicht los TR/Matsnu.A.59,TR/Matsnu.A.56 und TR/BankZone.A.8
    Log-Analyse und Auswertung - 06.09.2013 (9)
  5. TR/Matsnu.eb.101 Trojaner gefunden
    Log-Analyse und Auswertung - 24.02.2013 (1)
  6. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  7. Trojaner TR/Matsnu.EB.32
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  8. Trojaner TR/Matsnu.EB.32
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  9. Trojaner tr/matsnu.a.6,
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (2)
  10. Windows Verschlüsselungs Trojaner TR/Matsnu.EB.3
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  11. Trojaner TR/Matsnu.A.55 Problem OTL.txt Datei, und nun?
    Log-Analyse und Auswertung - 04.05.2012 (8)
  12. Und nochmal: BKA-Trojaner, Windows7, zum 3. Mal auf zwei versch. Computern
    Plagegeister aller Art und deren Bekämpfung - 10.11.2011 (15)
  13. Versch.Trojaner entdeckt. Nur Eine von Zwei HDD's Formatieren sinnvoll?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2010 (4)
  14. Versch. Trojaner in mehreren Dateien - TR/SMALL.cjd TR/Dldr.Agent.dmrq TR/Ertfor.B.
    Plagegeister aller Art und deren Bekämpfung - 28.04.2010 (8)
  15. Trojaner und blauer Bildschirm, auch nach versch. Antivir-Programmen
    Log-Analyse und Auswertung - 03.12.2008 (0)
  16. Versch. Trojaner gekillt,PC extrem langsam + Werbepopups
    Log-Analyse und Auswertung - 04.11.2008 (1)
  17. kann versch. trojaner nicht löschen Sicherung meiner Dateien durch Nero geht nicht
    Plagegeister aller Art und deren Bekämpfung - 24.06.2005 (0)

Zum Thema Versch. Trojaner: TR/Ransom, TR/Matsnu - Hallo, ich hoffe ihr könnt mir helfen. Heute meldete sich mein Antivir Programm und zeigte einen Trojaner an. Gestern Abend hatte ich bereits Probleme beim Online banking, der verlangte Tans - Versch. Trojaner: TR/Ransom, TR/Matsnu...
Archiv
Du betrachtest: Versch. Trojaner: TR/Ransom, TR/Matsnu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.