Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner; weitere Schritte nach Systemwiederherstellung

GVU Trojaner; weitere Schritte nach Systemwiederherstellung


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner; weitere Schritte nach Systemwiederherstellung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.06.2013, 13:51   #1
Devet
 
GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Standard

GVU Trojaner; weitere Schritte nach Systemwiederherstellung


Mahlzeit Forum,

Ich habe ein Netbook hier, welches mit dem GVU Trojaner verseucht ist.
Systemwiederherstellung ist bereits durchgeführt.

Nach eurer Anleitung wurde "defogger" ausgeführt.
Im Anschluss OTL durchlaufen lassen.

Code:
ATTFilter
OTL logfile created on: 6/19/2013 1:22:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MacDevet\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 187.28 Mb Available Physical Memory | 18.48% Memory free
1.99 Gb Paging File | 1.16 Gb Available in Paging File | 58.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.00 Gb Total Space | 27.88 Gb Free Space | 24.89% Space Free | Partition Type: NTFS
Drive D: | 165.99 Gb Total Space | 19.39 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
 
Computer Name: MACDEVET-PC | User Name: MacDevet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/19 13:12:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MacDevet\Desktop\OTL.exe
PRC - [2013/05/28 14:41:16 | 002,839,592 | ---- | M] (Iminent) -- C:\Program Files\Common Files\Umbrella\umbrella.exe
PRC - [2013/01/08 11:27:24 | 000,026,600 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 11:56:40 | 000,197,152 | ---- | M] (PC Utilities Pro) -- C:\Program Files\Optimizer Pro\OptProSmartScan.exe
PRC - [2012/10/17 05:02:20 | 000,790,120 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
PRC - [2012/10/04 16:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/06 14:22:40 | 000,016,896 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
PRC - [2012/08/08 22:57:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/09 19:13:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/11/15 01:49:06 | 000,032,768 | ---- | M] (STRATO) -- C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
PRC - [2011/03/09 13:08:44 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/07 11:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/12/23 03:30:20 | 000,608,648 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
PRC - [2010/11/13 00:24:08 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/11/13 00:24:06 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/09/30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010/09/30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
PRC - [2010/07/21 13:55:02 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/07/21 13:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/06/03 04:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe
PRC - [2010/04/20 07:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
MOD - [2010/04/20 07:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
MOD - [2010/02/03 07:19:20 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/06/03 17:27:32 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/28 14:41:16 | 002,839,592 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/09/06 14:22:40 | 000,016,896 | ---- | M] (Hercules®) [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/09 19:13:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 19:12:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/11/15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service)
SRV - [2011/03/09 13:08:44 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/09/30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/07/21 13:55:00 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/30 14:49:38 | 000,259,440 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2012/10/30 14:49:36 | 000,200,560 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2012/10/30 14:49:34 | 000,237,936 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2012/05/09 19:13:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/09 19:13:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/10 09:38:08 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2011/01/08 01:22:22 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/08/30 16:45:48 | 000,315,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mixidj.claro-search.com/?affID=121139&babsrc=HP_ss&mntrId=28337f2b00000000000000ff12bd7de4
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.claro-search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=28337f2b00000000000000ff12bd7de4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com [2013/04/26 19:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/04/11 11:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011/11/26 14:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\Extensions
[2013/06/07 08:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\Firefox\Profiles\xsa74xhd.default\extensions
[2013/04/26 19:08:11 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\MacDevet\AppData\Roaming\mozilla\Firefox\Profiles\xsa74xhd.default\extensions\ffxtlbr@delta.com
[2013/06/07 08:42:18 | 000,281,668 | ---- | M] () (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/12/13 21:18:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/02 11:46:09 | 000,006,495 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\searchplugins\babylon.xml
[2013/04/26 19:14:23 | 000,006,492 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\searchplugins\BrowserProtect.xml
[2013/04/26 19:08:19 | 000,001,294 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\mozilla\firefox\profiles\xsa74xhd.default\searchplugins\delta.xml
[2013/06/03 17:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013/01/19 21:13:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/03 17:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013/06/03 17:27:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/01 17:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\extensions
[2013/06/01 17:24:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/01 17:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/26 19:14:23 | 000,006,492 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKCU..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MacDevet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20678603-6457-40C7-9EDB-C474291B171F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F89CDBA6-69D6-4EAF-ABF5-58236C4D87E5}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/19 13:12:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MacDevet\Desktop\OTL.exe
[2013/06/19 12:47:19 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\AppData\Roaming\Malwarebytes
[2013/06/19 12:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/19 12:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/19 12:46:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/06/19 12:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/19 12:46:22 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\AppData\Local\Programs
[2013/05/30 11:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorationen
[2013/05/30 11:51:13 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Explorationen
[2013/05/30 11:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Explorationen
[2013/05/30 11:38:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2013/05/30 11:34:57 | 000,000,000 | ---D | C] -- C:\Users\MacDevet\Zero G Registry
[2007/08/13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\MacDevet\AppData\Local\CDRip.dll
[2007/01/18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\MacDevet\AppData\Local\No23 Recorder.exe
[2006/12/11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\MacDevet\AppData\Local\basscd.dll
[2006/12/11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\MacDevet\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/19 13:26:16 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/19 13:26:16 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/19 13:21:13 | 000,000,252 | ---- | M] () -- C:\windows\tasks\SpeedUpMyPC.job
[2013/06/19 13:19:35 | 000,001,938 | ---- | M] () -- C:\Users\MacDevet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
[2013/06/19 13:18:42 | 000,000,330 | ---- | M] () -- C:\windows\tasks\spmonitor.job
[2013/06/19 13:18:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/19 13:18:00 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/19 13:12:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MacDevet\Desktop\OTL.exe
[2013/06/19 13:10:40 | 000,000,000 | ---- | M] () -- C:\Users\MacDevet\defogger_reenable
[2013/06/19 13:08:49 | 000,050,477 | ---- | M] () -- C:\Users\MacDevet\Desktop\Defogger.exe
[2013/06/19 12:46:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/18 17:51:57 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2013/06/07 08:29:29 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/06/07 08:29:29 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/06/07 08:29:29 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/06/07 08:29:29 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/05/30 12:12:15 | 000,287,832 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/05/30 11:35:33 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2013/05/30 11:34:56 | 000,000,016 | ---- | M] () -- C:\Users\MacDevet\persistent_state
 
========== Files Created - No Company Name ==========
 
[2013/06/19 13:10:40 | 000,000,000 | ---- | C] () -- C:\Users\MacDevet\defogger_reenable
[2013/06/19 13:08:36 | 000,050,477 | ---- | C] () -- C:\Users\MacDevet\Desktop\Defogger.exe
[2013/06/19 12:46:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/18 17:51:57 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2013/05/30 11:35:33 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2013/05/30 11:34:56 | 000,000,016 | ---- | C] () -- C:\Users\MacDevet\persistent_state
[2013/04/27 12:58:52 | 000,114,176 | ---- | C] () -- C:\Users\MacDevet\AppData\Roaming\BabMaint.exe
[2012/12/08 18:57:41 | 000,001,428 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\RecConfig.xml
[2012/12/08 18:46:26 | 000,221,184 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2012/11/26 15:27:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/10 19:20:20 | 000,004,020 | ---- | C] () -- C:\Users\MacDevet\.ganttproject
[2012/04/09 16:45:55 | 000,002,067 | ---- | C] () -- C:\Users\MacDevet\.recently-used.xbel
[2012/02/25 19:24:33 | 000,003,584 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 20:25:40 | 000,001,407 | ---- | C] () -- C:\windows\SiInst.ini
[2011/11/28 22:43:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/11/26 13:26:50 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/07/25 22:45:46 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2011/07/25 22:45:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2011/07/25 22:45:46 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2011/07/25 22:45:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2011/07/25 12:45:37 | 000,000,888 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/07/25 12:26:37 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2007/08/13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\lame_enc.dll
[2006/10/26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\vorbisenc.dll
[2006/10/26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\vorbisfile.dll
[2006/10/26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\vorbis.dll
[2006/10/26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\ogg.dll
[2005/08/23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\MacDevet\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/28 20:05:30 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Audacity
[2013/06/09 10:09:26 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\BabSolution
[2013/02/08 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Babylon
[2012/09/05 17:57:34 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\DVDVideoSoft
[2012/01/02 03:09:51 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/09 16:45:56 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\gtk-2.0
[2013/04/26 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Iminent
[2012/04/16 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\MFSM-Tasks
[2011/12/19 19:57:07 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\OpenOffice.org
[2013/04/26 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Optimizer Pro
[2012/04/10 09:59:25 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\PhotoScape
[2011/11/27 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\RGE
[2012/07/12 20:30:28 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\STRATO
[2011/11/27 03:42:59 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Thunderbird
[2012/04/30 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Tific
[2012/04/27 19:19:22 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\TS3Client
[2013/04/26 19:14:47 | 000,000,000 | ---D | M] -- C:\Users\MacDevet\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:5C270C64

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 6/19/2013 1:22:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MacDevet\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 187.28 Mb Available Physical Memory | 18.48% Memory free
1.99 Gb Paging File | 1.16 Gb Available in Paging File | 58.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.00 Gb Total Space | 27.88 Gb Free Space | 24.89% Space Free | Partition Type: NTFS
Drive D: | 165.99 Gb Total Space | 19.39 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
 
Computer Name: MACDEVET-PC | User Name: MacDevet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8BCE85E8-501D-4854-B33C-E76538DC888A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{983350F9-0F34-4399-AD7C-4B50A0ADAA20}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3917C760-A0E6-44DD-A3DA-F101DD52CF29}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe | 
"{42FEF731-9F49-4847-8D4E-AE9977B2EB2C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{563B790D-CD68-46FA-BD56-F1D82007714B}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe | 
"{84C9DA1D-F3C4-49CB-A366-616A9CF1584C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{84E72674-71BE-42CB-A980-0396DD5AF02D}" = dir=in | app=c:\program files\iminent\iminent.exe | 
"{8548F04D-727E-461B-B62A-53C9801F6369}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe | 
"{A1579116-0B13-4943-BA0C-9BD7983F423C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{A6CF250D-1978-4DA7-AD79-1CC0A00CCFE2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AF31531C-C2EB-4F7C-8282-6D503494F5E0}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C50B0A73-B725-40E6-8438-FCF062C349CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DF082CED-199A-4D91-A0D9-D27CD2115193}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E70D5B8D-75E8-4587-A6B9-32DA83089A48}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe | 
"{F7894551-63D7-4A5E-9845-77DD0051473B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02E1EAF5-F1B6-41EC-B500-E6BC728A5E20}" = Windows Live Remote Service Resources
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{065241D0-A178-4F24-8A09-691761A8957B}" = Windows Live Remote Service Resources
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{071A7A87-F72C-4239-BAF8-92FF44EB82AF}" = Windows Live Remote Client Resources
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{143DB9C9-3F0D-4DC7-A57B-A7E4F26FA12E}" = Windows Live Remote Client Resources
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18088C5C-323A-4E56-AA4A-6D3F2EE34102}" = Windows Live Remote Client Resources
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{208762DE-34A1-44B1-B597-509C8D05D39E}" = Windows Live Remote Client Resources
"{20C21396-4F89-4044-806B-326C993A3996}" = Windows Live Remote Service Resources
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{244C5A67-39DC-4C6C-BF1B-BCC9D342A4C4}" = Windows Live Remote Client Resources
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2852BC06-B850-4518-97E6-CD136FE75683}" = Windows Live Remote Client Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B3EA5DA-D040-48FB-813F-1CF8C0123698}" = Windows Live Remote Client Resources
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{30E82CD5-6E97-4381-86EB-548202A6D5B7}" = Windows Live Remote Client Resources
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{354FF1E9-5D3F-4D91-A433-7626AC6B55EA}" = Windows Live Remote Service Resources
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources
"{3BFB2388-64EE-4AAA-9235-5FE725FED6DE}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41B07C21-145D-496F-B029-0899514099C7}" = Windows Live Remote Service Resources
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{41E4FA4B-9376-4C32-AA46-65FCC0087CD5}" = Windows Live Remote Service Resources
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{448702D4-83DD-4EFC-B09B-94AD6CA0D978}" = Windows Live Remote Service Resources
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F2F5589-0217-43A6-91E9-B0F172D32CC9}_is1" = MF Shutdown Manager 2.1.0
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{5008BC55-FD3D-4A32-A1B7-610E18F4D220}" = Windows Live Remote Service Resources
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{61A5DE19-BE38-45AF-A9BC-73E49703315E}" = Windows Live Remote Service Resources
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6255D9FC-427F-4867-84DB-164DBEA0661F}" = Windows Live Remote Client Resources
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B953497-169C-4929-9AA9-A9F510347468}" = HP Deskjet 3520 series Hilfe
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7234BD6D-5394-4572-A87D-0279C5ED535D}" = Windows Live Remote Client Resources
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{7612E28A-C4DB-4259-AA91-CB02B1BCF623}" = Windows Live Remote Service Resources
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{7846B719-862C-468A-9FD0-4769D2590535}" = Windows Live Remote Client Resources
"{787EAD29-5498-4BDB-BDF4-670A86F28DFB}" = VirtualDJ LE (DJ4Set)
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A143876-9658-4A58-82E7-B5F02D942957}" = Windows Live Remote Client Resources
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F1E694F-1880-4D5F-BD27-A0D0A5379864}" = Iminent
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{84D3CB13-C7EE-4A29-817E-D82697320BF5}" = Windows Live Remote Client Resources
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CB7DE-8087-48A0-8280-1658F423AAEF}" = Windows Live Remote Service Resources
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C6647F-AFE0-4CC2-8809-28A0B320D11B}" = Windows Live Remote Service Resources
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97124033-1253-4474-8B25-1AB314A920E6}" = Windows Live Remote Service Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9F9D4CE4-E4B9-4745-98C9-5A934DD0CE8C}" = HP Deskjet 3520 series - Grundlegende Software für das Gerät
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4C16B19-10AA-4990-AA87-D14F653E3345}" = Windows Live Remote Client Resources
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8DDD59F-1413-40BD-B61C-77A0BDB2B22B}" = Easy Resolution Manager
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC259A12-6CD9-486D-A97A-B619EB46225A}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B512307E-543D-457E-B759-75E0D5B0BCDF}" = Windows Live Remote Client Resources
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F55C3E-30EE-4D25-8BAD-CEE4BF8C78EB}" = Windows Live Remote Client Resources
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BA8D4CEF-D23D-44AB-8A89-66E602253791}" = Windows Live Remote Service Resources
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C411942C-C26B-4450-8B9A-173DCC22AEC6}" = Windows Live Remote Service Resources
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD6CB7F1-1B8E-424A-9B81-F8D2F03958EC}" = Windows Live Remote Client Resources
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}" = Windows Live Remote Service Resources
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDF8BAB-98D7-4CFA-9C42-27431EC4BD1F}" = Windows Live Remote Service Resources
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1629C45-9CEF-498E-83CD-D6A09CADA176}" = Windows Live Remote Client Resources
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7FB0043-24A5-4B30-AED6-01B47B44CB67}" = Windows Live Remote Client Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA76E65F-6679-495A-A8A6-42AD6602ED4C}" = EasyFileShare
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EAEA7ED1-22F0-4C1E-B001-E56F10E1A100}" = Windows Live Remote Client Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F81DB83D-A016-45A6-A6A0-135B1E6939EF}" = Windows Live Remote Service Resources
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced MP3/WMA Recorder" = Advanced MP3/WMA Recorder
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Deflectex" = Deflectex
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Elantech" = ETDWare PS/2-X86 8.0.7.2_WHQL
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"GanttProject" = GanttProject
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"IMBoosterARP" = Iminent
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mixidj" = MixiDJ Toolbar 
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PhotoScape" = PhotoScape
"StarterBackgroundChanger" = StarterBackgroundChanger
"STRATO HiDrive" = STRATO HiDrive (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
"WAV To MP3_is1" = WAV To MP3 V2
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live 程式集
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/30/2012 12:00:25 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
 Deskjet 3520 series\DriverStore\Pipeline\amd64\hpinkinsB011.exe".  Die abhängige 
Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/30/2012 12:02:04 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/30/2012 12:07:05 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
 display manager\RunGfxUI64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/30/2012 12:07:44 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/30/2012 12:07:46 PM | Computer Name = MacDevet-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/31/2012 10:00:01 AM | Computer Name = MacDevet-PC | Source = Application Hang | ID = 1002
Description = Programm McUICnt.exe, Version 2.15.101.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 174c    Startzeit:
 01cde699e3679f73    Endzeit: 360    Anwendungspfad: C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe

Berichts-ID:
 50166dec-5352-11e2-b142-e81132d25d27  
 
Error - 12/31/2012 10:17:00 AM | Computer Name = MacDevet-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 12/31/2012 1:01:03 PM | Computer Name = MacDevet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/31/2012 1:01:03 PM | Computer Name = MacDevet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13369
 
Error - 12/31/2012 1:01:03 PM | Computer Name = MacDevet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13369
 
[ System Events ]
Error - 12/15/2012 9:23:40 AM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 12/15/2012 11:37:58 AM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 12/15/2012 3:01:27 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NIHardwareService" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 12/19/2012 2:08:11 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 12/22/2012 7:10:19 AM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 12/25/2012 3:17:08 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 12/25/2012 3:17:44 PM | Computer Name = MacDevet-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12/25/2012 3:35:49 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 12/25/2012 3:37:30 PM | Computer Name = MacDevet-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12/25/2012 3:39:51 PM | Computer Name = MacDevet-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
GMER wurde danach ebenfalls durchgeführt.

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-19 14:39:06
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2AJ1 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MacDevet\AppData\Local\Temp\uxdoqkob.sys


---- System - GMER 2.1 ----

SSDT   8B48881E                                                                                         ZwCreateSection
SSDT   8B488828                                                                                         ZwRequestWaitReplyPort
SSDT   8B488823                                                                                         ZwSetContextThread
SSDT   8B48882D                                                                                         ZwSetSecurityObject
SSDT   8B488832                                                                                         ZwSystemDebugControl
SSDT   8B4887BF                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         81E829F5 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           81EBC1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              81EC353C 4 Bytes  [1E, 88, 48, 8B] {PUSH DS; MOV [EAX-0x75], CL}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              81EC3898 4 Bytes  [28, 88, 48, 8B]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              81EC38DC 4 Bytes  [23, 88, 48, 8B]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              81EC3958 4 Bytes  [2D, 88, 48, 8B]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              81EC39AC 4 Bytes  [32, 88, 48, 8B]
.text  ...                                                                                              
?      System32\drivers\emyusyq.sys                                                                     Das System kann den angegebenen Pfad nicht finden. !

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313ba9225                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de9d8801                      
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313ba9225 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de9d8801 (not active ControlSet)  

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
Welche Schritte sind weiter erforderlich?

Danke im Voraus.
Devet

 

Themen zu GVU Trojaner; weitere Schritte nach Systemwiederherstellung
antivir, autorun, avira, bho, bonjour, converter, delta chrome toolbar, down, error, fehler, firefox, flash player, home, install.exe, installation, logfile, mozilla, netzwerk, object, optimizer pro, plug-in, realtek, registry, scan, security, software, speedupmypc, sprotection, teamspeak, trojaner, windows, wlansvc


« GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board | Exp/cve2013-0431.ed ? »


Ähnliche Themen: GVU Trojaner; weitere Schritte nach Systemwiederherstellung


  1. Freeware-Mitbringsel Juchee! - Weitere Schritte zur Müllentfernung notwendig...
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (12)
  2. OTLogfile Auswertung für weitere Schritte benötigt
    Log-Analyse und Auswertung - 06.12.2013 (10)
  3. Funde durch AdwCleaner...weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (3)
  4. GUV Trojaner mit Sperrbildschirm --> Schritte nach FRST Scan
    Log-Analyse und Auswertung - 01.10.2013 (9)
  5. Bundespolizei Trojaner - Weitere Schritte nach Systemwiederherstellung
    Log-Analyse und Auswertung - 04.06.2013 (18)
  6. Sicherheitslücken in Java: User Groups fordern von Oracle weitere Schritte
    Nachrichten - 07.05.2013 (0)
  7. Avira hat Trojaner "TR/Rogue.KD.853855.1" gefunden und in Quarantäne verschoben --> Sind weitere Schritte notwendig?
    Log-Analyse und Auswertung - 25.02.2013 (11)
  8. GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (8)
  9. Bundesministerium-Trojaner: Malwarebytes durchgeführt, Computer jetzt wieder normal nutzbar? ggf. weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (20)
  10. GVU Trojaner - defooger fehlermeldung und weitere Schritte
    Log-Analyse und Auswertung - 20.10.2012 (30)
  11. Trojan.Banker und Backdoor.Agent mit Malwarebytes entfernt - weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (3)
  12. EXP/CVE-2012-0507 in Quarantäne verschoben! Weitere Schritte notwendig?
    Log-Analyse und Auswertung - 21.04.2012 (36)
  13. Trojaner Log - Weitere Schritte erforderliche
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (1)
  14. GEMA-Trojaner mit Tool bereinigt, weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  15. GEMA Virus vorerst bekämpft! Weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (1)
  16. Avira meldet den Trojaner Shutdowner.fft - weitere Schritte ?
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (5)
  17. antimalware doctor entfernen-guide befolgt, weitere schritte erforderlich?
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner; weitere Schritte nach Systemwiederherstellung - Mahlzeit Forum, Ich habe ein Netbook hier, welches mit dem GVU Trojaner verseucht ist. Systemwiederherstellung ist bereits durchgeführt. Nach eurer Anleitung wurde "defogger" ausgeführt. Im Anschluss OTL durchlaufen lassen. Code: - GVU Trojaner; weitere Schritte nach Systemwiederherstellung...
Archiv
Du betrachtest: GVU Trojaner; weitere Schritte nach Systemwiederherstellung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131