|
Plagegeister aller Art und deren Bekämpfung: MalwareBytes findet "PUP.VShareRedir"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.09.2012, 13:22 | #1 |
| MalwareBytes findet "PUP.VShareRedir" Hi Leute, das Malwarerogramm hat auf meinem PC den PUP.VShareRedir gefunden, eine Art Spamvirus? Was sollte man dagegen tun? Otl-logs: Code:
ATTFilter OTL logfile created on: 9/7/2012 1:52:26 PM - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Gerd\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.77% Memory free 7.96 Gb Paging File | 5.23 Gb Available in Paging File | 65.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.00 Gb Total Space | 27.97 Gb Free Space | 25.19% Space Free | Partition Type: NTFS Drive D: | 163.64 Gb Total Space | 141.30 Gb Free Space | 86.35% Space Free | Partition Type: NTFS Drive E: | 3.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 3.73 Gb Total Space | 3.54 Gb Free Space | 94.91% Space Free | Partition Type: FAT32 Computer Name: GERD-PC | User Name: Gerd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/07 02:00:07 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/09/07 01:08:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/09/07 01:08:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/09/07 01:08:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/09/07 01:00:36 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd\Downloads\OTL.exe PRC - [2012/09/07 00:52:02 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe PRC - [2012/08/30 23:35:25 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012/08/30 23:35:24 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/08/24 16:34:29 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012/08/21 18:28:03 | 001,193,176 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/08/10 19:00:12 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012/06/24 04:12:16 | 006,033,528 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011/12/20 15:52:04 | 002,783,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/08/25 16:25:00 | 000,886,760 | ---- | M] (Search-Results) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/02/25 03:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/14 12:15:38 | 004,394,576 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2011/02/07 11:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/01/04 15:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe PRC - [2010/12/23 08:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/12/21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/12/21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/29 07:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe PRC - [2010/11/10 01:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2010/09/30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2010/09/30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe PRC - [2010/09/20 05:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/11/02 07:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/03/20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009/03/20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe ========== Modules (No Company Name) ========== MOD - [2012/09/07 02:00:07 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/09/07 00:52:02 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe MOD - [2012/08/30 23:35:26 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll MOD - [2012/08/30 23:35:25 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll MOD - [2012/08/30 23:35:24 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012/08/24 16:34:29 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2012/08/21 18:28:03 | 001,193,176 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2010/09/30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe MOD - [2010/07/05 12:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll MOD - [2010/05/07 16:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE MOD - [2009/11/02 07:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 07:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/11/18 13:24:06 | 000,965,048 | ---- | M] (OpenAFS Project) [Auto | Running] -- C:\Program Files\OpenAFS\Client\Program\afsd_service.exe -- (TransarcAFSDaemon) SRV:64bit: - [2011/11/18 13:18:50 | 000,039,352 | ---- | M] (OpenAFS Project) [Auto | Running] -- C:\Program Files\OpenAFS\Server\usr\afs\bin\bosctlsvc.exe -- (TransarcAFSServer) SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/09 21:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/09/07 02:00:07 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/09/07 01:08:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/09/07 01:08:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/08/30 23:35:25 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012/08/24 16:34:29 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/03/01 14:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 03:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/12/21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010/09/30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/07 01:08:48 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/09/07 01:08:48 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/08/30 23:35:25 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/04/25 04:42:16 | 000,258,896 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011/11/18 13:28:12 | 000,242,064 | ---- | M] (OpenAFS Project) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\AFSRedirLib.sys -- (AFSLibrary) DRV:64bit: - [2011/11/18 13:28:00 | 000,091,536 | ---- | M] (OpenAFS Project) [File_System | System | Running] -- C:\Windows\SysNative\drivers\AFSRedir.sys -- (AFSRedirector) DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/04 09:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/01/27 07:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/23 09:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/10 01:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/07 04:59:00 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/07/01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009/10/29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009/08/07 03:35:34 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 02:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/03/20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009/03/20 02:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2011/08/31 07:25:21 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=c8285710-04bf-11e1-aa67-e81132c0dc2e&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{42ACC9F8-9B50-4844-97BF-2BE55D306237}: "URL" = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=36CE0542-958B-4427-8A76-5757701622F0&apn_sauid=90E324B5-E074-4A0C-BE52-060181E36B43& IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={A86F8D32-0759-4B78-93FC-7527FB2A6855}&mid=b4e6ef2ffa5247d0b0563958742435dd-afc2fc293077ee7999cff54a6d76a0f4667d3cb8&lang=de&ds=AVG&pr=pr&d=2012-07-29 20:07:48&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{D8C8F750-A178-4EE0-9AA6-21212C60779B}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Search-Results" FF - prefs.js..browser.search.defaultenginename: "Search-Results" FF - prefs.js..browser.search.order.1: "Search-Results" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749_yserp2tst" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2 FF - prefs.js..extensions.enabledAddons: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:5.1.4 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.13.1.100007 FF - prefs.js..keyword.URL: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=36CE0542-958B-4427-8A76-5757701622F0&apn_ptnrs=96&apn_sauid=90E324B5-E074-4A0C-BE52-060181E36B43&apn_dtid=YYYYYYYYDE&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/08/30 23:35:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 02:00:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 01:59:31 | 000,000,000 | ---D | M] [2011/09/29 14:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions [2012/09/07 03:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\hzmerm5g.default\extensions [2012/07/30 21:10:45 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\hzmerm5g.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2011/10/09 16:13:15 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\hzmerm5g.default\extensions\firefox@tvunetworks.com [2012/05/21 07:36:47 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\hzmerm5g.default\extensions\ich@maltegoetz.de [2012/05/29 14:36:17 | 000,000,000 | ---D | M] ("Search-Results Toolbar") -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\hzmerm5g.default\extensions\toolbar@ask.com [2012/09/07 03:01:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\firefox\profiles\hzmerm5g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/09/06 18:04:17 | 000,003,367 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\mozilla\firefox\profiles\hzmerm5g.default\searchplugins\search-results.xml [2012/09/07 01:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/09/07 01:59:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/09/07 02:00:07 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2012/07/01 18:44:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/30 23:35:24 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/31 17:48:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/01 18:44:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/07/01 18:44:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/07/01 18:44:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/01 18:44:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://startsear.ch/?aff=1 CHR - Extension: No name found = C:\Users\Gerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\ CHR - Extension: No name found = C:\Users\Gerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf\1.1_0\ O1 HOSTS File: ([2012/08/07 01:02:32 | 000,443,901 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 10.254.254.253 AFS O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15245 more lines... O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Gerd\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: duelingnetwork.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BD6846F-2C00-4244-8FB2-8BE034F1C1E2}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5633EE3A-8361-4177-B088-42CBCBB006D2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\AfsLogon: DllName - (C:\Program Files\OpenAFS\Client\Program\afslogon.dll) - C:\Program Files\OpenAFS\Client\Program\afslogon.dll (OpenAFS Project) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/09/06 22:49:20 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2012/09/06 23:04:12 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006/08/04 13:55:50 | 002,088,960 | R--- | M] (Stormfront Studios) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2006/04/11 14:36:58 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{a07cf654-f716-11e0-b47e-e81132c0dc2e}\Shell - "" = AutoRun O33 - MountPoints2\{a07cf654-f716-11e0-b47e-e81132c0dc2e}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/07 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Desktop\Gerd Studium [2012/09/07 02:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar [2012/09/07 01:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/09/07 01:31:02 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\JAM Software [2012/09/07 01:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free [2012/09/07 01:04:29 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Desktop\Scanner-logs [2012/09/07 01:01:14 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Malwarebytes [2012/09/07 01:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/07 01:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/07 01:01:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/07 01:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/09/07 00:46:37 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Avira [2012/09/07 00:46:13 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/09/07 00:46:13 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/09/07 00:46:12 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/09/07 00:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/09/07 00:06:54 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\cache [2012/09/07 00:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012/09/06 23:43:48 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\Inventor [2012/09/06 23:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012/09/06 23:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2012/09/06 23:30:28 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\Autodesk [2012/09/06 23:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2012/09/06 23:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2012/09/06 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2012/09/05 19:05:09 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Autodesk [2012/09/05 19:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2012/09/05 18:54:54 | 000,000,000 | ---D | C] -- C:\Autodesk [2012/09/04 10:56:17 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\AeriaGames [2012/09/03 19:38:41 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames [2012/09/03 17:36:12 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Local\Akamai [2012/09/03 17:36:09 | 000,000,000 | ---D | C] -- C:\AeriaGames [2012/09/03 15:43:17 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\e-academy Inc [2012/08/30 18:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2012/08/29 22:40:48 | 000,252,712 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\ETDUninst.dll [2012/08/18 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/08/18 22:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/08/18 22:12:25 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/08/18 22:12:25 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/08/15 13:54:22 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012/08/15 13:54:20 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012/08/15 13:54:20 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012/08/15 13:54:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012/08/15 13:54:19 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/08/15 13:54:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/08/15 13:54:18 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/08/15 13:54:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012/08/15 13:54:18 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012/08/15 13:54:18 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012/08/15 13:54:02 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/08/15 13:54:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/08/15 13:54:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/08/15 13:54:02 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/08/15 13:54:02 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/08/15 13:54:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/08/15 13:54:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/08/15 13:53:58 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012/08/10 20:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/08/10 20:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Gerd\Desktop\*.tmp files -> C:\Users\Gerd\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/07 13:47:27 | 002,162,660 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/09/07 13:47:27 | 001,087,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/07 13:47:27 | 000,618,572 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/09/07 13:47:27 | 000,544,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/07 13:47:27 | 000,005,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/07 13:31:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/07 13:12:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/07 01:30:56 | 000,000,882 | ---- | M] () -- C:\Users\Gerd\Desktop\TreeSize Free.lnk [2012/09/07 01:11:04 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/09/07 01:08:48 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/09/07 01:08:48 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/09/07 01:02:02 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/07 01:02:02 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/07 01:01:03 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/07 00:51:21 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/09/07 00:51:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/07 00:51:08 | 4273,520,640 | -HS- | M] () -- C:\hiberfil.sys [2012/09/06 23:40:07 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012/09/03 15:30:18 | 000,021,136 | ---- | M] () -- C:\Windows\wininit.ini [2012/08/30 23:35:25 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012/08/28 19:34:52 | 105,136,162 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/08/27 23:08:26 | 000,376,874 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/08/24 16:34:29 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/24 16:34:29 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/18 22:11:44 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/08/18 22:11:44 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/08/16 21:46:06 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/08/16 11:35:46 | 000,290,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Gerd\Desktop\*.tmp files -> C:\Users\Gerd\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/07 01:30:56 | 000,000,882 | ---- | C] () -- C:\Users\Gerd\Desktop\TreeSize Free.lnk [2012/09/07 01:01:03 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/07 00:46:26 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/09/06 23:40:07 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012/08/07 00:40:08 | 000,021,136 | ---- | C] () -- C:\Windows\wininit.ini [2012/07/30 16:50:57 | 000,027,520 | ---- | C] () -- C:\Users\Gerd\AppData\Local\dt.dat [2011/09/29 14:11:30 | 000,408,978 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011/05/31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011/03/18 07:36:45 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011/03/18 02:56:15 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2011/03/18 01:22:43 | 000,001,898 | ---- | C] () -- C:\Windows\HotFixList.ini [2011/03/18 01:10:01 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe < End of report > Würde mich über eure Hilfe freuen mfg heffer |
07.09.2012, 13:23 | #2 |
| MalwareBytes findet "PUP.VShareRedir" Extras log:
__________________Code:
ATTFilter OTL Extras logfile created on: 9/7/2012 1:52:26 PM - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Gerd\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.77% Memory free 7.96 Gb Paging File | 5.23 Gb Available in Paging File | 65.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.00 Gb Total Space | 27.97 Gb Free Space | 25.19% Space Free | Partition Type: NTFS Drive D: | 163.64 Gb Total Space | 141.30 Gb Free Space | 86.35% Space Free | Partition Type: NTFS Drive E: | 3.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 3.73 Gb Total Space | 3.54 Gb Free Space | 94.91% Space Free | Partition Type: FAT32 Computer Name: GERD-PC | User Name: Gerd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F784A85-0EB8-4AB7-98B2-30AFAE22E676}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{10743EF0-270E-4FD0-B749-E6CD4B077516}" = rport=137 | protocol=17 | dir=out | app=system | "{1DF69E28-3FF6-4A04-BD9C-7F2763B62F3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1F22E8CF-B14A-470A-A587-9BEA5A579BDC}" = lport=7007 | protocol=17 | dir=in | svc=transarcafsserver | app=c:\program files\openafs\server\usr\afs\bin\bosctlsvc.exe | "{22432CC3-3A55-4605-AB16-BDFDBEE98E52}" = lport=445 | protocol=6 | dir=in | app=system | "{2653C259-D78A-40A9-9796-E95A1CDBAC5A}" = rport=139 | protocol=6 | dir=out | app=system | "{2F528A06-A472-46EB-82D3-0C644078AF04}" = lport=7001 | protocol=17 | dir=in | name=afs cachemanager callback (udp) | "{32335B18-8D15-4A7F-BE1A-0AA5F3D811B8}" = rport=10243 | protocol=6 | dir=out | app=system | "{3915DFA4-D1CD-4CB7-8061-9F54037725AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3B4D2398-B9C5-42A3-B2CD-0A2ADF3AE1C1}" = lport=7006 | protocol=17 | dir=in | svc=transarcafsserver | app=c:\program files\openafs\server\usr\afs\bin\bosctlsvc.exe | "{41762D66-671F-42FF-960A-A8DBBF4928CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{48D3BAED-4630-43F4-9B65-031D70902571}" = lport=7003 | protocol=17 | dir=in | svc=transarcafsserver | app=c:\program files\openafs\server\usr\afs\bin\bosctlsvc.exe | "{4DA954AD-0FCF-4255-B854-F42217CAFA62}" = lport=7004 | protocol=17 | dir=in | name=afs/kerberos authentication (udp) | "{5140347A-4563-45E2-8BE8-60A590FAE2D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{522CAF1F-D8C8-496F-BEF8-6F88AABED854}" = lport=7002 | protocol=17 | dir=in | name=afs user & group database (udp) | "{5F150181-06F5-4B80-8B28-372B356AEFBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{61420D00-12EC-4F3F-A5A5-95A7B8431C22}" = lport=7006 | protocol=17 | dir=in | name=afs error interpretation (udp) | "{643A6896-F41B-4250-8276-F1CD6AA4487F}" = lport=7000 | protocol=17 | dir=in | svc=transarcafsserver | app=c:\program files\openafs\server\usr\afs\bin\bosctlsvc.exe | "{66E5DF57-FA9C-4578-8395-D1C89499E106}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{671A6F92-DD82-4502-8722-381113A6D3CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{75DA7032-9CAB-4A9C-8CA1-284681BC90B7}" = lport=7005 | protocol=17 | dir=in | svc=transarcafsserver | app=c:\program files\openafs\server\usr\afs\bin\bosctlsvc.exe | "{7C02D868-C677-47EE-9DBF-9AC5BDB467F7}" = lport=54634 | protocol=6 | dir=in | name=akamai netsession interface | "{7CF5F86D-6FAF-49F3-8469-8A8C0353AE01}" = lport=7009 | protocol=17 | dir=in | name=afs remote cache manager (udp) | "{803C327C-42AA-4E41-BA51-2B6257B054D7}" = rport=445 | protocol=6 | dir=out | app=system | "{835EB830-9609-4232-AF09-559B604E432B}" = lport=7007 | protocol=17 | dir=in | name=afs basic overseer (udp) | "{8586085E-4013-4E3D-8D3B-5EDDA5EBEB07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8C8E152D-5BFE-40D3-95E1-53F88FD721AA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A83DC4DA-9E5A-4F25-BDA7-ECCCC599F0BE}" = lport=7005 | protocol=17 | dir=in | name=afs volume mangement (udp) | "{A91470AE-C614-4635-A03D-4E2F54B1DD73}" = lport=7008 | protocol=17 | dir=in | svc=transarcafsserver | app=c:\program files\openafs\server\usr\afs\bin\bosctlsvc.exe | "{ADEAAC50-6486-411F-926F-D037B058D22D}" = lport=138 | protocol=17 | dir=in | app=system | "{AF140537-5EEB-454A-8CAC-F49A72C4A198}" = lport=7003 | protocol=17 | dir=in | name=afs volume location database (udp) | "{B6774D6D-5A48-4733-8BFF-C3642F2E9078}" = lport=139 | protocol=6 | dir=in | app=system | "{BB59FA39-F682-4D5A-89DB-0442F53C0CDD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BD7A9A07-DBA1-4DC5-834C-6E46B9C8A685}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BDC0DCA2-6152-4F12-A042-B8545BC51D73}" = lport=7000 | protocol=17 | dir=in | name=afs file server (udp) | "{BE7FD556-950E-42AF-8221-85B33632C03D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BF5F82F0-D410-48E0-A4E3-642287CA57E3}" = lport=2869 | protocol=6 | dir=in | app=system | "{C7129674-3210-4C9B-B59B-58AC61D38AFC}" = lport=10243 | protocol=6 | dir=in | app=system | "{C95DDCF2-D451-4B82-8CF4-C076757299FA}" = lport=7004 | protocol=17 | dir=in | svc=transarcafsserver | app=c:\program files\openafs\server\usr\afs\bin\bosctlsvc.exe | "{CF0329E2-DB99-49F7-ADAC-412AD52C2EAF}" = lport=7002 | protocol=17 | dir=in | svc=transarcafsserver | app=c:\program files\openafs\server\usr\afs\bin\bosctlsvc.exe | "{D3C30A90-C0C2-43C3-97FA-3B90621EDA73}" = lport=7009 | protocol=17 | dir=in | svc=transarcafsserver | app=c:\program files\openafs\server\usr\afs\bin\bosctlsvc.exe | "{D606900E-9ABF-4906-BC1C-E5B4C2E6B1E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D623D62F-7671-4627-99A9-FBCA52E306B5}" = lport=7008 | protocol=17 | dir=in | name=afs server-to-server updater (udp) | "{E0BF9169-79F1-4BE5-9858-2A7B43A9D727}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E4A81C96-E996-4B34-A8CE-8E076D1F5982}" = rport=138 | protocol=17 | dir=out | app=system | "{EA6CCB00-C84F-46C7-8C0D-AFA7E56CA9EB}" = lport=137 | protocol=17 | dir=in | app=system | "{F096F306-D3A2-4501-849F-4FC4E76BB2BD}" = lport=7001 | protocol=17 | dir=in | svc=transarcafsdaemon | app=c:\program files\openafs\client\program\afsd_service.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A2EA47C-6A63-418D-860F-636E3811BE80}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0EB15C0E-F4C3-4103-B296-45C1F3FB3D5F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1069484D-850A-43AE-8724-44C63BC6A54F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | "{165878F9-24F7-461F-A998-618A628B36BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1ABFB142-9DA5-46F1-A476-C015A89A35B3}" = protocol=6 | dir=in | app=c:\users\gerd\appdata\roaming\spotify\spotify.exe | "{1D6F9FE6-BE5E-4D71-8C50-83FF64BECBBF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{22301E80-91FF-43ED-8A42-71C96F3AD4E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | "{24F943A5-4239-4F05-911C-0DEE74939966}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{299913B5-4082-4B72-9A05-829980A9F371}" = protocol=17 | dir=in | app=c:\users\gerd\appdata\roaming\gameranger\gameranger\gameranger.exe | "{31D3E3C6-761A-465E-911A-1D80D96FFE9F}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | "{34162E52-9B33-46C6-BD43-3EA025967ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{34171A9B-01D3-4CD9-A10F-E04CFCFB6C59}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | "{349B460B-D11E-4DEF-BC32-0E8CEDBA9E6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3AE35AD4-C98F-4714-B572-E294F974D9DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4176CD70-D09C-4C5A-93BC-8173CB7AEF17}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{42D89EC4-4429-40C0-B855-C9D4C1BB4C89}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4A797E51-B77D-4824-95DA-99D83E762AC9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{4E75F9B8-80F7-4F52-9964-3838C57512BD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5007E510-13EF-449C-A29E-D3D27193A624}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | "{51A20AE0-3FE6-4B48-8187-B8430100023A}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | "{54E3F23E-9EE5-4FBB-AA59-F661C836A7A4}" = protocol=6 | dir=in | app=c:\users\gerd\appdata\local\akamai\netsession_win.exe | "{58B47397-983E-47BB-9DA6-C6B988C215E7}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | "{5A033C12-6B44-4087-B476-7262303913CC}" = protocol=58 | dir=in | app=system | "{5A4EEB12-F49C-4A3F-B7C8-0712C4EC035F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5B8D7453-DB39-4277-A629-AF18717FF630}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{5F09CBF7-A907-458A-9F54-8AEB50F0027C}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | "{5F398660-2438-41B8-905F-E88092AB1DCB}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | "{641A79CA-6D6B-4C97-92F9-480B843423C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | "{6D8661E6-76FA-43F9-BBFB-D966575B3E00}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{6FD6637B-1C5B-40FD-9096-84FA7D35DFCB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{74FD959E-39C5-4103-A50C-6ADFF35008D2}" = protocol=17 | dir=in | app=c:\users\gerd\appdata\local\akamai\netsession_win.exe | "{7DF34752-912C-4CFE-ACBD-BD9B721160EE}" = protocol=6 | dir=in | app=c:\users\gerd\appdata\roaming\gameranger\gameranger\gameranger.exe | "{7EF68F7C-0D26-4229-8B62-44F755D00554}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{84680E99-B4AF-4003-9BEC-202E809F78FA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{8A6C846E-F823-4A6F-9D13-63551E6ED0BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{916689D5-1706-4C8C-ABD8-2096FD7A6E52}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{9256664D-5FC2-4FB9-B2AE-1532D95F206F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{987EA58D-5090-4274-A546-D878F7D48026}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9C964C05-4D9A-4D12-A815-7BBCDA50CEEB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{9DFCD3FE-36DC-4C55-A9B7-E05EF1E1B544}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A27A6369-D976-452E-AE0F-5AD436E9C246}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{A3926932-2669-4DBE-A316-8298A330184C}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | "{A3DE1DC9-0138-4BA0-9587-4F5633743469}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | "{AE252DBE-4BF4-48C2-8AFA-71163FB9609D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AFEA79F9-1E1B-4404-8326-7F2EF22176DA}" = protocol=17 | dir=in | app=c:\users\gerd\appdata\roaming\spotify\spotify.exe | "{C6493180-9A16-4D91-913C-2C63608DF192}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | "{C99A2CC9-43A2-41A4-9239-514D4B6C773B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{D3F8E0EB-A256-467A-A464-B0D71416EC68}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D40125EB-9B4E-4690-965A-889627566322}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D646D760-08AB-436B-8527-DEBF7F4FD577}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{E6B9CC2E-B1AE-43C7-B08D-FFD600EDF3F0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{E878A5EF-6DBF-47E7-9ECC-C34A37672E49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EB367E67-8673-4CA0-9890-488E73F56B84}" = protocol=6 | dir=out | app=system | "{ED8B15ED-FA97-48CA-B17A-D172CF7D756A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EFDA9075-D702-41E8-81EA-4236ECF7E295}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F27C5EC9-BFD9-4BC1-995B-A822CE76272C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F2C3127A-9B2C-4ED2-9874-224CAD169DEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F6417E8B-ED3D-43F0-B673-E09B89C800BD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FB5C8613-6F30-44B6-80DE-0631C5C57528}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FCA781C3-658C-4A35-9E24-AE6732C33DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{FE9E21DC-8129-4700-9A3C-EB875D425FC1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FFA68ED2-23A2-4EBE-B868-C78DB5873F1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{100E45C2-DB06-4363-8DB0-285E68B79E4A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{652AF7CC-CEAA-428E-8218-0CF3CDEF36A3}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | "TCP Query User{6E822FF8-4694-4A37-9869-63AFB603528C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{A3F95601-4DC8-4F00-A6C9-29C0CBD9A985}C:\users\gerd\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gerd\appdata\local\akamai\netsession_win.exe | "TCP Query User{B294FA9C-D18C-4B05-9A0B-8B4C17C52F45}C:\users\gerd\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\gerd\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{B9F224D9-246F-4E0A-98F6-D76453638066}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | "TCP Query User{BA6BCBB2-EA11-42C7-95FC-8F49EE879C98}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{C8CD7078-1290-49D4-BC91-67756C513C1F}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "TCP Query User{D4F8627B-66C9-4ECB-90B8-C7C42D8D06A1}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | "TCP Query User{E9E759F7-E0BA-45A0-B342-BAB182A00AD4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{3863E861-51AF-439C-AF33-DA2758BFB2F8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{688C49A3-B9CF-41E5-9F96-6CBF0E98B344}C:\users\gerd\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gerd\appdata\local\akamai\netsession_win.exe | "UDP Query User{8DAB5D1A-42AB-4A7C-85FB-6A0D70116438}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | "UDP Query User{8FB62C70-CA0B-451D-BEE7-1FF3D2B0B832}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{9E5B6598-F98F-42A6-8E34-A04624F0E7AE}C:\users\gerd\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\gerd\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{B93D7AF4-33AA-45E3-98B8-772F16D488E5}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{BBC8B6DB-8094-4C36-A2FF-B8FC941C3B8E}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "UDP Query User{CE99BE0A-268E-496A-8B8C-988FF9E4912D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{EE152E2B-0775-49E6-96FA-D682BA03C37C}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | "UDP Query User{F6720A3F-3A86-44A4-8C42-14B366C79C17}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1346E051-2DE7-4E6D-A579-BEC391207C89}" = OpenAFS for Windows (64-bit) "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit) "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012 "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290 "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit) "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012 "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.04 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources "{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Premium Sound Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "AVG" = AVG 2012 "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "CCleaner" = CCleaner "Defraggler" = Defraggler "Elantech" = ETDWare PS/2-X64 10.7.14.12_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "ProInst" = Intel PROSet Wireless "Unlocker" = Unlocker 1.9.1-x64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包 "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger "{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지 "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}" = WordCaptureX Pro "{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5 "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“ "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger "{26A24AE4-039D-4CA4-87B4-2F83216026F0}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“ "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer "{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print "{322F75E0-71A3-4125-8EB3-761834EDC166}" = Eragon "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10 "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}" = PhoneShare "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13 "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta "{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일 "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“ "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources "{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库 "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger "{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer "{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger "{835BCA58-EBE8-415B-8E7F-457F76F15821}" = IObit Toolbar v6.2 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer "{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer "{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger "{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리 "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3F04224-BA9A-4068-8A51-83267B4E7496}" = Yu-Gi-Oh! ONLINE 3 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}" = SISShortcut "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold "Avira AntiVir Desktop" = Avira Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Broken Sword 2.5_is1" = Broken Sword 2.5 "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Samsung Printer Live Update" = Samsung Printer Live Update "Samsung Universal Print Driver" = Samsung Universal Print Driver "Samsung Universal Scan Driver" = Samsung Universal Scan Driver "TreeSize Free_is1" = TreeSize Free V2.7 "Vindictus EU" = Vindictus EU "VLC media player" = VLC media player 1.1.11 "vShare.tv plugin" = vShare.tv plugin 1.3 "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live 程式集 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "WT085559" = Diner Dash 2 Restaurant Rescue "WT085567" = Chuzzle Deluxe "WT085580" = John Deere Drive Green "WT085581" = Penguins! "WT085583" = Polar Golfer "WT085587" = Agatha Christie - Death on the Nile "WT085597" = Build-a-lot "WT085618" = Farm Frenzy "WT085622" = Insaniquarium Deluxe "WT085663" = Peggle "WT085669" = Plants vs. Zombies "WT089285" = Zuma Deluxe "WT089286" = Bejeweled 2 Deluxe ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "GameRanger" = GameRanger "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/28/2012 11:05:00 AM | Computer Name = Gerd-PC | Source = Avira Antivirus | ID = 4117 Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet! Error - 7/28/2012 11:05:38 AM | Computer Name = Gerd-PC | Source = Avira Antivirus | ID = 4117 Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet! Error - 7/28/2012 7:38:17 PM | Computer Name = Gerd-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 7/29/2012 3:53:30 AM | Computer Name = Gerd-PC | Source = Avira Antivirus | ID = 4117 Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet! Error - 7/29/2012 11:05:12 AM | Computer Name = Gerd-PC | Source = Avira Antivirus | ID = 4117 Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet! Error - 7/29/2012 11:05:43 AM | Computer Name = Gerd-PC | Source = Avira Antivirus | ID = 4117 Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet! Error - 7/29/2012 11:06:20 AM | Computer Name = Gerd-PC | Source = Avira Antivirus | ID = 4117 Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet! Error - 7/29/2012 2:38:31 PM | Computer Name = Gerd-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 7/31/2012 5:08:02 AM | Computer Name = Gerd-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 7/31/2012 10:37:22 AM | Computer Name = Gerd-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: UIMain.exe, Version: 1.0.0.1, Zeitstempel: 0x4ca41cf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x2064 Startzeit der fehlerhaften Anwendung: 0x01cd6efeec42d558 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 3cb191bc-db1d-11e1-931f-e81132c0dc2e [ System Events ] Error - 4/5/2012 7:18:00 AM | Computer Name = Gerd-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 4/5/2012 8:50:52 AM | Computer Name = Gerd-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error - 4/5/2012 12:12:08 PM | Computer Name = Gerd-PC | Source = Service Control Manager | ID = 7043 Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error - 4/5/2012 7:47:27 PM | Computer Name = Gerd-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error - 4/6/2012 4:03:12 AM | Computer Name = Gerd-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error - 4/6/2012 10:30:01 AM | Computer Name = Gerd-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error - 4/7/2012 5:08:58 AM | Computer Name = Gerd-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error - 4/7/2012 12:41:43 PM | Computer Name = Gerd-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error - 4/9/2012 10:14:20 AM | Computer Name = Gerd-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Device (RFCOMM Protocol TDI)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error - 4/9/2012 10:15:51 AM | Computer Name = Gerd-PC | Source = DCOM | ID = 10010 Description = < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.06.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Gerd :: GERD-PC [Administrator] Schutz: Aktiviert 07.09.2012 01:02:49 mbam-log-2012-09-07 (04-06-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 521665 Laufzeit: 3 Stunde(n), 1 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt. C:\Users\Gerd\Downloads\SoftonicDownloader_fuer_tvuplayer.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) |
27.09.2012, 13:42 | #3 |
/// Helfer-Team | MalwareBytes findet "PUP.VShareRedir"Leider hast du durch deine Antwort dein Thema vergraben. Ist das Problem noch aktuell?
__________________ |
13.11.2012, 21:43 | #4 |
/// Helfer-Team | MalwareBytes findet "PUP.VShareRedir" Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu MalwareBytes findet "PUP.VShareRedir" |
adobe, akamai, antivir, avg, avg secure search, avira, bho, bingbar, cid, defender, desktop, downloader, error, firefox, flash player, format, google, home, intranet, iobit, locker, logfile, mozilla, pando media booster, plug-in, realtek, registry, scan, secure search, server, software, spotify web helper, systemcare, vtoolbarupdater, windows |