A-f betafood 0775 what is for

Federal Trojan / JAVA / Jogek.QK

Federal Trojan / JAVA / Jogek.QK



Hello,

and happy new year together!

yesterday I infected my computer with an encryption trojan.

I use windows 7/64 bit home premium.
Security software: zone alarm internet security suite
Avira Free Antivirus
Spybot search and destroy

Here is the log file from otl:
OTL Extras logfile created on: 01.01.2013 14:24:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C: \ Users \ Hannes \ Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

8.00 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 72.50% memory free
14.83 Gb Paging File | 12.25 Gb Available in Paging File | 82.62% paging file free
Paging file location (s): c: \ pagefile.sys 7000 20000 [binary data]

% SystemDrive% = C: | % SystemRoot% = C: \ Windows | % ProgramFiles% = C: \ Program Files (x86)
Drive C: | 238.37 Gb Total Space | 185.53 Gb Free Space | 77.83% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 160.26 Gb Free Space | 53.76% Space Free | Partition Type: NTFS
Drive G: | 279.46 Gb Total Space | 93.14 Gb Free Space | 33.33% Space Free | Partition Type: NTFS
Drive N: | 3.73 Gb Total Space | 3.55 Gb Free Space | 95.31% Space Free | Partition Type: FAT32

Computer name: K ******* | User Name: Hannes | Logged in as administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ ]
.url [@ = InternetShortcut] - C: \ Windows \ SysNative \ rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ ]
.cpl [@ = cplfile] - C: \ Windows \ SysWow64 \ control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ \ shell \ [command] \ command]
batfile [open] - "% 1"% *
cmdfile [open] - "% 1"% *
comfile [open] - "% 1"% *
exefile [open] - "% 1"% *
helpfile [open] - Reg Error: Key error.
inffile [install] -% SystemRoot% \ System32 \ InfDefaultInstall.exe "% 1" (Microsoft Corporation)
InternetShortcut [open] - "C: \ Windows \ System32 \ rundll32.exe" "C: \ Windows \ System32 \ ieframe.dll", OpenURL% l (Microsoft Corporation)
InternetShortcut [print] - "C: \ Windows \ System32 \ rundll32.exe" "C: \ Windows \ System32 \ mshtml.dll", PrintHTML "% 1" (Microsoft Corporation)
piffile [open] - "% 1"% *
regfile [merge] - Reg Error: Key error.
scrfile [config] - "% 1"
scrfile [install] - rundll32.exe desk.cpl, InstallScreenSaver% l
scrfile [open] - "% 1" / S
txtfile [edit] - Reg Error: Key error.
Unknown [openas] -% SystemRoot% \ system32 \ rundll32.exe% SystemRoot% \ system32 \ shell32.dll, OpenAs_RunDLL% 1
Directory [cmd] - cmd.exe / s / k pushd "% V" (Microsoft Corporation)
Directory [find] -% SystemRoot% \ Explorer.exe (Microsoft Corporation)
Folder [open] -% SystemRoot% \ Explorer.exe (Microsoft Corporation)
Folder [explore] - Reg Error: Value error.
Drive [find] -% SystemRoot% \ Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ \ shell \ [command] \ command]
batfile [open] - "% 1"% *
cmdfile [open] - "% 1"% *
comfile [open] - "% 1"% *
cplfile [cplopen] -% SystemRoot% \ System32 \ control.exe "% 1",% * (Microsoft Corporation)
exefile [open] - "% 1"% *
helpfile [open] - Reg Error: Key error.
inffile [install] -% SystemRoot% \ System32 \ InfDefaultInstall.exe "% 1" (Microsoft Corporation)
piffile [open] - "% 1"% *
regfile [merge] - Reg Error: Key error.
scrfile [config] - "% 1"
scrfile [install] - rundll32.exe desk.cpl, InstallScreenSaver% l
scrfile [open] - "% 1" / S
txtfile [edit] - Reg Error: Key error.
Unknown [openas] -% SystemRoot% \ system32 \ rundll32.exe% SystemRoot% \ system32 \ shell32.dll, OpenAs_RunDLL% 1
Directory [cmd] - cmd.exe / s / k pushd "% V" (Microsoft Corporation)
Directory [find] -% SystemRoot% \ Explorer.exe (Microsoft Corporation)
Folder [open] -% SystemRoot% \ Explorer.exe (Microsoft Corporation)
Folder [explore] - Reg Error: Value error.
Drive [find] -% SystemRoot% \ Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring]

64bit: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Svc \ Vol]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ SystemRestore]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ StandardProfile \ AuthorizedApplications \ List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ FirewallRules]
"{0D79EC34-7A8D-4ADF-BE0E-D6E3F4B743B6}" = rport = 139 | protocol = 6 | dir = out | app = system |
"{1FD8A543-28A8-46D9-8B37-44EDC5B20651}" = lport = rpc | protocol = 6 | dir = in | app = c: \ program files \ sisoftware \ sisoftware sandra lite 2012.sp1 \ rpcagentsrv.exe |
"{20D40265-9982-4499-A593-80E63739A582}" = lport = 2177 | protocol = 17 | dir = in | svc = qwave | app =% systemroot% \ system32 \ svchost.exe |
"{375023AB-994A-421B-B83A-7E5E11DF177D}" = rport = 445 | protocol = 6 | dir = out | app = system |
"{3C859CDB-16D7-486B-AB58-827A802F3EA0}" = rport = 5355 | protocol = 17 | dir = out | svc = dnscache | app =% systemroot% \ system32 \ svchost.exe |
"{3CD8A92C-D9C4-4D42-B723-175047AC45D4}" = lport = 2869 | protocol = 6 | dir = in | name = windows live communications platform (upnp) |
"{42478138-A6B2-4C73-BB6E-880ED359D0B7}" = lport = 2177 | protocol = 6 | dir = in | svc = qwave | app =% systemroot% \ system32 \ svchost.exe |
"{437566A6-702C-42F8-8717-7E135AD7F8F9}" = rport = 5355 | protocol = 17 | dir = out | svc = dnscache | app =% systemroot% \ system32 \ svchost.exe |
"{537799EA-6207-4DBB-87C8-F8FED668CB3E}" = lport = 1900 | protocol = 17 | dir = in | name = windows live communications platform (ssdp) |
"{571BD598-5643-4D3A-8AA7-AAD42FC9AC5D}" = rport = 2177 | protocol = 17 | dir = out | svc = qwave | app =% systemroot% \ system32 \ svchost.exe |
"{61CCE494-E745-46D2-AF48-BB6B27058212}" = lport = 2869 | protocol = 6 | dir = in | app = system |
"{61DE5B79-BEF1-4614-AB9A-040EE2931B57}" = rport = 10243 | protocol = 6 | dir = out | app = system |
"{664BC9A3-E51D-4BBC-A2EE-7800F13228D4}" = lport = 137 | protocol = 17 | dir = in | app = system |
"{682422A2-1443-4DB5-B2B0-D32FC1F07EC0}" = rport = 2177 | protocol = 6 | dir = out | svc = qwave | app =% systemroot% \ system32 \ svchost.exe |
"{683E58DA-AF45-4924-B1DC-9CB19B41F061}" = lport = 5355 | protocol = 17 | dir = in | svc = dnscache | app =% systemroot% \ system32 \ svchost.exe |
"{7046EAA1-3531-4C78-9574-5EF339994F29}" = lport = rpc-epmap | protocol = 6 | dir = in | svc = rpcss | name = @ firewallapi.dll, -28539 |
"{866A00A1-4C9B-47FF-8F2A-6734645732E3}" = lport = 1900 | protocol = 17 | dir = in | svc = ssdpsrv | app =% systemroot% \ system32 \ svchost.exe |
"{8696160E-008D-4AAB-8816-F89CED515763}" = lport = 445 | protocol = 6 | dir = in | app = system |
"{8EF78508-5082-4D5E-ABC0-1300DF640FF1}" = rport = 138 | protocol = 17 | dir = out | app = system |
"{90D64034-164A-4C71-8543-F42D6E28AE95}" = lport = 138 | protocol = 17 | dir = in | app = system |
"{9400B287-B293-4124-90EA-15BE519DCA26}" = lport = 6004 | protocol = 17 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ outlook.exe |
"{A47579FA-5044-4EF7-9838-C1781231732B}" = rport = 1900 | protocol = 17 | dir = out | svc = ssdpsrv | app =% systemroot% \ system32 \ svchost.exe |
"{BCF019DF-975F-4085-99CE-53970AEE53C9}" = lport = rpc | protocol = 6 | dir = in | app = c: \ program files \ sisoftware \ sisoftware sandra lite 2012.sp1 \ wnt500x64 \ rpcsandrasrv.exe |
"{CF66093E-D9AB-47EA-AF5D-181FE183DBC9}" = lport = 5355 | protocol = 17 | dir = in | svc = dnscache | app =% systemroot% \ system32 \ svchost.exe |
"{D3926AB4-7754-4806-94B9-C7164F9D53AF}" = lport = 10243 | protocol = 6 | dir = in | app = system |
"{DC26DDD8-4612-4364-B231-106D44FBD68B}" = lport = 139 | protocol = 6 | dir = in | app = system |
"{E3AF3BAA-DA8C-45A8-8FA3-AB0425AFACD1}" = rport = 137 | protocol = 17 | dir = out | app = system |
"{F90B7C90-F1E0-4CFC-A29A-383517746658}" = lport = rpc | protocol = 6 | dir = in | svc = spooler | app =% systemroot% \ system32 \ spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ FirewallRules]
"{0178DE39-51A5-4819-A72E-28A50B27FE99}" = protocol = 17 | dir = out | app =% programfiles% \ windows media player \ wmplayer.exe |
"{05328237-14CE-4859-8605-0213AE7D7002}" = protocol = 6 | dir = in | app = c: \ program files (x86) \ utorrent \ utorrent.exe |
"{070898B0-4EA5-4E46-8121-AF6678AFAE6C}" = protocol = 6 | dir = out | app =% programfiles% \ windows media player \ wmplayer.exe |
"{11F69B0A-50F1-4C22-BF49-E381FDF986EA}" = dir = in | app = c: \ program files (x86) \ nokia \ nokia suite \ nokiasuite.exe |
"{143B88B2-662C-4BCF-87EF-52610E79AA3D}" = dir = in | app = c: \ program files (x86) \ windows live \ contacts \ wlcomm.exe |
"{16AD03B3-1C3B-4854-AD9D-C10A838DA72C}" = protocol = 6 | dir = in | app = c: \ program files (x86) \ bonjour \ mdnsresponder.exe |
"{18506981-F275-4A9D-9DCD-6622B619A3BD}" = protocol = 6 | dir = out | svc = upnphost | app =% systemroot% \ system32 \ svchost.exe |
"{1E076B79-3692-4ADB-A712-0B237303A0CC}" = protocol = 6 | dir = out | app =% programfiles% \ windows media player \ wmplayer.exe |
"{2818BD9D-0512-4525-BAAD-F8A2EE009131}" = protocol = 17 | dir = in | app =% programfiles (x86)% \ windows media player \ wmplayer.exe |
"{35BCF6E5-D10B-4D07-B514-FB796D70B540}" = protocol = 17 | dir = out | app =% programfiles (x86)% \ windows media player \ wmplayer.exe |
"{3EE2AAA4-9571-4E81-9ECC-45A7A280BDCE}" = protocol = 17 | dir = in | app = c: \ program files (x86) \ bonjour \ mdnsresponder.exe |
"{3FE59D2B-EDB6-4A77-8E98-4CD357B0598B}" = dir = in | app = c: \ program files (x86) \ common files \ apple \ apple application support \ webkit2webprocess.exe |
"{44FBAED3-FB95-4616-89BC-64C6821F05FD}" = protocol = 17 | dir = in | app = c: \ program files \ bonjour \ mdnsresponder.exe |
"{4943E3EF-7972-40EE-970F-E5B49B2BC345}" = protocol = 6 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ groove.exe |
"{4F021C8B-119F-4A31-A0F2-2858166634C5}" = protocol = 6 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ onenote.exe |
"{5186467E-B821-418F-ABA0-C01560DDE252}" = protocol = 17 | dir = out | app =% programfiles% \ windows media player \ wmplayer.exe |
"{52552195-D6ED-4F16-8906-9145E2806337}" = protocol = 17 | dir = in | app =% programfiles% \ windows media player \ wmplayer.exe |
"{58F605A5-00A8-4674-90F4-FAB0236A523D}" = dir = in | app = c: \ program files (x86) \ nokia \ nokia suite \ nokiasuite.exe |
"{5C453780-B22A-4C8B-AB51-524F65A7D975}" = protocol = 17 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ groove.exe |
"{5DAF7F2A-AC71-4F22-A139-6B6677C5B4C4}" = protocol = 58 | dir = in | name = @ firewallapi.dll, -28545 |
"{6410C264-8FC2-4A0E-AF7C-F62D9EB24EC6}" = protocol = 1 | dir = in | name = sisoftware deployment agent service (icmp-in) |
"{652BA1EE-C71E-49D8-A5A4-07C2D9A514B7}" = protocol = 6 | dir = out | app =% programfiles (x86)% \ windows media player \ wmplayer.exe |
"{6641CC72-EDE2-4EA0-85E1-371ADF601E1C}" = protocol = 17 | dir = in | app =% programfiles% \ windows media player \ wmplayer.exe |
"{6DD423BA-8600-4BE7-A9FB-7944C20F30E0}" = dir = in | app = c: \ program files (x86) \ nokia \ nokia suite \ nokiasuite.exe |
"{722E736A-F945-4D9A-A7B9-33A6B8510F6E}" = protocol = 1 | dir = in | name = @ firewallapi.dll, -28543 |
"{754B108F-3AE5-477E-B674-24F1213E8731}" = protocol = 6 | dir = in | app = c: \ program files (x86) \ steam \ steam.exe |
"{75A9C82B-EFFF-4A64-AC29-92E77D8726FD}" = protocol = 6 | dir = in | app = c: \ program files \ bonjour \ mdnsresponder.exe |
"{7AC0927C-89E8-4E63-AE28-783AFBA2F676}" = protocol = 6 | dir = in | app = c: \ program files (x86) \ steam \ steamapps \ common \ magic the gathering dotp 2012 \ magic_2012.exe |
"{853F556B-3F91-4348-ACDE-A1A435CA6410}" = protocol = 17 | dir = out | app =% programfiles% \ windows media player \ wmpnetwk.exe |
"{93933D42-B1A0-4B84-B96F-A31B1E55FAF6}" = protocol = 1 | dir = in | name = sisoftware sandra agent service (icmp-in) |
"{99E996EA-8DE3-4E7A-A8B2-3665D6D2B7AC}" = protocol = 17 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ onenote.exe |
"{AD3F485D-CB58-4D6B-93B0-13911ED4DC08}" = protocol = 6 | dir = out | app = system |
"{B1D1013C-D277-4E47-B9FF-2926CFF879C6}" = protocol = 17 | dir = in | app = c: \ program files (x86) \ utorrent \ utorrent.exe |
"{B9ABF1D7-C7D4-4978-8A57-75A860F6104C}" = protocol = 17 | dir = in | app = c: \ program files (x86) \ steam \ steamapps \ common \ magic the gathering dotp 2012 \ magic_2012.exe |
"{BEFF1739-F72D-457E-9091-312823DB271D}" = protocol = 17 | dir = in | app =% programfiles% \ windows media player \ wmpnetwk.exe |
"{C25D0A22-F99A-4EFF-BB80-5BAAB0C2B987}" = protocol = 6 | dir = out | app =% programfiles% \ windows media player \ wmpnetwk.exe |
"{CC077D3B-7F6B-4468-AA02-077553FDDB39}" = protocol = 17 | dir = in | app = c: \ program files (x86) \ steam \ steam.exe |
"{CE5CFD2D-13F8-4D6C-94BF-611125BDF141}" = protocol = 58 | dir = out | name = @ firewallapi.dll, -28546 |
"{D7D85E26-402D-4B84-82BD-308BB5E03E96}" = protocol = 6 | dir = in | app =% programfiles% \ windows media player \ wmpnetwk.exe |
"{E7E78397-E68D-47A8-A4B4-64A7EA5EEB06}" = protocol = 1 | dir = out | name = @ firewallapi.dll, -28544 |
"{E9F0E1B7-56F6-4C0C-AE9E-D0E3E2B848FC}" = dir = in | app = c: \ program files (x86) \ nokia \ nokia suite \ nokiasuite.exe |
"TCP Query User {8193FC04-B784-440F-A110-BD0FD23FAFD3} C: \ windows \ twain_32 \ samsung \ clx3170 \ sscan2io.exe" = protocol = 6 | dir = in | app = c: \ windows \ twain_32 \ samsung \ clx3170 \ sscan2io.exe |
"UDP Query User {DE579F62-CB7C-4644-BAF0-775033A75CF5} C: \ windows \ twain_32 \ samsung \ clx3170 \ sscan2io.exe" = protocol = 17 | dir = in | app = c: \ windows \ twain_32 \ samsung \ clx3170 \ sscan2io.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C ++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C ++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{69EE6860-60BB-4F22-A839-DF2E0C3F17D1}" = FastPictureViewer Professional 1.9.261.0 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C ++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296} _is1" = SiSoftware Sandra Lite 2012.SP1
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C ++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows driver package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.2.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.62 (64-bit)
"TeraCopy_is1" = TeraCopy 2.27
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0A07E5D2-DAFB-42A9-8927-05C5F8E35F1A}" = Serif PagePlus 11
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C ++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{245F5D2D-6F34-4970-B8D7-D6F3C3C07575}" = ZoneAlarm Firewall
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2c132a50-3e12-4f5c-813d-a5579a94af25}" = Nero 9
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C ++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C ++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.103.12040
"{81A6F461-0DBA-4F12-B56F-0E977EC10576} _is1" = PDF24 Creator 3.5.3
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C ++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{868AAEB3-5BDD-410F-8F7A-71D4C62D824C}" = ZoneAlarm Antivirus
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89880DE8-2BAE-43B4-982B-EE0AA3C8753D}" = Timex Trainer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6231F-D670-4AFD-9512-957515E2E1DF}" = Timex Data Link USB
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE} _Office14.PROPLUSR_ {99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE} _Office14.PROPLUSR_ {46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE} _Office14.PROPLUSR_ {C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE} _Office14.PROPLUSR_ {967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE} _Office14.PROPLUSR_ {594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE} _Office14.PROPLUSR_ {69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite Add-Ins for Microsoft Word
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE} _Office14.PROPLUSR_ {047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96ACE4A4-C769-47D2-9FCE-4F46754857E7}" = ZoneAlarm Security
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C ++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C ++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C ++ 2005 Redistributable - KB2467175
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - German
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF399570-0FB0-122E-0C35-849F15AFAB19}" = Application Profiles
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Photo Gallery
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6} _is1" = Spybot - Search & Destroy
"{B638BA42-AE8C-4A1C-89C9-A7801F8BBBB9}" = HD Writer AE 2.6T
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9A391A7-E3C0-45B3-9A8E-1D878C9A3997}" = Serif PagePlus 11 resources
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed ​​Help
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CF566D77-F6F4-420C-91D5-3C4808547443}" = NWZ-S760 WALKMAN Guide
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9BAA0FD-3D69-43C2-B587-B153E402EFA3}" = Chip card reader driver installation
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CDlösungen688}" = Microsoft_VC100_CRT_SP1_x86
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed ​​Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C ++ 2010 x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"9781408216477-SPKOUTUIAB" = Speakout Upper-intermediate ActiveBook
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DivX Setup" = DivX Setup
"Easy File Undelete" = Easy File Undelete
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"iCare Data Recovery_is1" = iCare Data Recovery 4.6.4
"InstallShield_ {0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_ {17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_ {2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_ {33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_ {5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_ {589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_ {874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_ {A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_ {A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_ {BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full)
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MOBackup data backup for Outlook" = MOBackup - data backup for Outlook (full version)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MTG Card Images for Magic Workstation_is1" = MTG Card Images for Magic Workstation
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"MyTomTom" = MyTomTom 3.1.0.530
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PowerLame" = PowerLame (remove only)
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"Steam App 49470" = Magic: The Gathering - Duels of the Planeswalkers 2012
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Works2006Setup" = Setup start of Microsoft Works Suite 2006
"xp-AntiSpy" = xp-AntiSpy 3.98-2
ZoneAlarm Internet Security Suite = ZoneAlarm Internet Security Suite
"ZoneAlarm_Deutsch Toolbar" = ZoneAlarm German Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[Application Events]
Error - 09/29/2012 3:01:29 AM | Computer name = K ******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 09/29/2012 3:01:29 AM | Computer name = K ******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m-> NextScheduledEvent 3027

Error - 09/29/2012 3:01:29 AM | Computer name = K ******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m-> NextScheduledSPRetry 3027

Error - 09/29/2012 03:01:30 AM | Computer name = K ******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 09/29/2012 3:01:30 AM | Computer name = K ******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m-> NextScheduledEvent 4025

Error - 09/29/2012 03:01:30 AM | Computer name = K ******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m-> NextScheduledSPRetry 4025

Error - 10/14/2012 4:44:24 PM | Computer name = K ******* | Source = Application Error | ID = 1000
Description = Name of the faulting application: navigator.exe, version: 0.0.0.0,
Timestamp: 0x47bb0e68 Name of the faulty module: unknown, Version: 0.0.0.0,
Time stamp: 0x00000000 Exception code: 0xc0000005 Error offset: 0x0551125a ID of the faulty
Process: 0x430 Faulting application start time: 0x01cdaa4bb32281f3 Path of the
faulty application: C: \ Program Files (x86) \ Netscape \ Navigator 9 \ navigator.exe
path
of the faulty module: unknown Report ID: efecc894-163f-11e2-bda0-0011f602ff12

Error - 10/15/2012 10:18:30 AM | Computer name = ******* | Source = Application Error | ID = 1000
Description = Name of the faulting application: navigator.exe, version: 0.0.0.0,
Timestamp: 0x47bb0e68 Name of the faulty module: unknown, Version: 0.0.0.0,
Time stamp: 0x00000000 Exception code: 0xc0000005 Error offset: 0x07cad1ca ID of the faulty
Process: 0x518 Faulting application start time: 0x01cdaaded430d7b3 Path of the
faulty application: C: \ Program Files (x86) \ Netscape \ Navigator 9 \ navigator.exe
path
of the faulty module: unknown Report ID: 3157e163-16d3-11e2-8fbf-0011f602ff12

Error - 10/16/2012 14:34:17 | Computer name = K ******* | Source = SideBySide | ID = 16842815
Description = Error generating the activation context for "c: \ program files
(x86) \ spybot - search & destroy \ DelZip179.dll ". Error in manifest or policy file
"c: \ program files (x86) \ spybot - search & destroy \ DelZip179.dll" in line 8. The
The value "*" of the "language" attribute in the assemblyIdentity element is invalid.

Error - 10/16/2012 14:34:43 | Computer name = K ******* | Source = SideBySide | ID = 16842832
Description = Error generating the activation context for "C: \ Program Files
(x86) \ Nero \ Nero 9 \ Nero PhotoSnap \ PhotoSnapViewer.exe.Manifest ". Error in manifest
or policy file "" in line. A component version required for the application
is in conflict with another component version that is already active. In conflict
standing components :. Component 1: C: \ Windows \ WinSxS \ manifests \ amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
component
2: C: \ Windows \ WinSxS \ manifests \ x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[System Events]
Error - 07/02/2012 02:49:41 | Computer name = K ******* | Source = Service Control Manager | ID = 7000
Description = The "DgiVecp" service was not started due to the following error:
%%20

Error - 07/02/2012 02:50:23 | Computer name = K ******* | Source = Service Control Manager | ID = 7023
Description = The "Superfetch" service terminated with the following error: %% 2

Error - 07/02/2012 03:12:21 | Computer name = K ******* | Source = Schannel | ID = 36888
Description = A serious warning was generated: 10. The internal error status
reads: 10.

Error - 07/02/2012 03:26:30 | Computer name = K ******* | Source = Schannel | ID = 36888
Description = A serious warning was generated: 10. The internal error status
reads: 10.

Error - 07/02/2012 16:41:54 | Computer name = K ******* | Source = DCOM | ID = 10010
Description =

Error - 07/03/2012 04:46:10 | Computer name = K ******* | Source = Service Control Manager | ID = 7000
Description = The "DgiVecp" service was not started due to the following error:
%%20

Error - 07/03/2012 04:46:51 | Computer name = K ******* | Source = Service Control Manager | ID = 7023
Description = The "Superfetch" service terminated with the following error: %% 2

Error - 07/03/2012 05:31:30 | Computer name = KK ******* | Source = Schannel | ID = 36888
Description = A serious warning was generated: 10. The internal error status
reads: 10.

Error - 07/03/2012 05:31:43 | Computer name = K ******* | Source = Schannel | ID = 36888
Description = A serious warning was generated: 10. The internal error status
reads: 10.

Error - 07/03/2012 06:04:03 | Computer name = K ******* | Source = DCOM | ID = 10010
Description =


< End of report >

After the computer was frozen, I started it in safe mode.
Then I installed Malwarebytes antimalware and scanned the computer.
Here is the result:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.31.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode / Network Capable)
Internet Explorer 9.0.8112.16421
Hannes :: K ******* - SD [Administrator]

Protection: Disabled

31.12.2012 14:33:13
mbam-log-2012-12-31 (14-33-13) .txt

Type of search: Quick-Scan
Activated search settings: Memory | Autostart | Registration | File system | Heuristics / Extra | Heuristics / Shuriken | PUP | PUM
Disabled search settings: P2P
Searched items: 206176
Running time: 47 second (s)

Infected memory processes: 0
(No malicious objects found)

Infected memory modules: 0
(No malicious objects found)

Infected registry keys: 0
(No malicious objects found)

Infected registry values: 0
(No malicious objects found)

Infected registry file objects: 0
(No malicious objects found)

Infected directories: 0
(No malicious objects found)

Infected files: 3
C: \ Users \ Hannes \ wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Successfully deleted and placed in quarantine.
C: \ ProgramData \ dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Successfully deleted and quarantined.
C: \ Users \ Hannes \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ runctf.lnk (Trojan.Ransom.SUGen) -> Successfully deleted and placed in quarantine.

(End)

Then I had access to the computer again.

I then ran another scan with Avira:



Avira Free Antivirus
Creation date of the report file: Monday, December 31, 2012 14:38


The program runs as an unrestricted full version.
Online services are available.

Licensee: Avira Free Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows 7 Home Premium
Windows version: (Service Pack 1) [6.1.7601]
Boot mode: Normally booted
Username: SYSTEM
Computer name: K *******

Version information:
BUILD.DAT: 13.0.0.2890 48567 bytes 05.12.2012 17:11:00
AVSCAN.EXE: 13.6.0.402 639264 bytes 12/11/2012 3:54:56 PM
AVSCANRC.DLL: 13.4.0.360 64800 bytes 12/11/2012 15:54:56
LUKE.DLL: 13.6.0.400 67,360 bytes 12/11/2012 15:55:03
AVSCPLR.DLL: 13.6.0.402 93,984 bytes 12/10/2012 12:42:59
AVREG.DLL: 13.6.0.406 248096 bytes 10.12.2012 12:42:59
avlode.dll: 13.6.1.402 428 832 bytes 10.12.2012 12:42:59
avlode.rdf: 13.0.0.26 7958 bytes 12/10/2012 12:42:59
VBASE000.VDF: 7.10.0.0 19875328 bytes 06.11.2009 14:50:29
VBASE001.VDF: 7.11.0.0 13342208 bytes 14.12.2010 14:50:31
VBASE002.VDF: 7.11.19.170 14374912 bytes 20.12.2011 14:50:34
VBASE003.VDF: 11/7/21/238 4472832 bytes 02/01/2012 14:50:36
VBASE004.VDF: 7.11.26.44 4329472 bytes 28.03.2012 14:50:37
VBASE005.VDF: 7.11.34.116 4034 048 bytes 29.06.2012 14:42:40
VBASE006.VDF: 7.11.41.250 4902400 bytes 06.09.2012 14:42:40
VBASE007.VDF: 11/7/50/230 3904512 bytes 11/22/2012 4:38:33 PM
VBASE008.VDF: 11/7/50/231 2048 bytes 11/22/2012 4:38:33 PM
VBASE009.VDF: 7.11.50.232 2048 bytes 22.11.2012 16:38:34
VBASE010.VDF: 11/7/50/233 2048 bytes 11/22/2012 4:38:34 PM
VBASE011.VDF: 11/7/50/234 2048 bytes 11/22/2012 4:38:34 PM
VBASE012.VDF: 11/7/50/235 2048 bytes 11/22/2012 4:38:34 PM
VBASE013.VDF: 11/7/50/236 2048 bytes 11/22/2012 4:38:34 PM
VBASE014.VDF: 7.11.51.27 133632 bytes 23.11.2012 16:38:34
VBASE015.VDF: 11/7/51/95 140288 bytes 11/26/2012 6:28:04 am
VBASE016.VDF: 7.11.51.221 164352 bytes 29.11.2012 14:31:58
VBASE017.VDF: 7.11.52.29 158208 bytes 01.12.2012 18:50:37
VBASE018.VDF: 7.11.52.91 116,736 bytes 03.12.2012 16:41:14
VBASE019.VDF: 11/7/52,151 137,728 bytes 12/5/2012 5:01:26 pm
VBASE020.VDF: 7.11.52.225 157696 bytes 06.12.2012 20:48:22
VBASE021.VDF: 11/7/53/35 126976 bytes 12/08/2012 7:25:47 pm
VBASE022.VDF: 11/7/53/55 225792 bytes 12/9/2012 3:41:29 PM
VBASE023.VDF: 11/7/53/93 157,184 bytes 12/10/2012 05:31:09
VBASE024.VDF: 7.11.53.169 153088 bytes 12.12.2012 20:24:55
VBASE025.VDF: 7.11.53.237 152064 bytes 14.12.2012 03:49:56
VBASE026.VDF: 11/7/54/23 149504 bytes 12/17/2012 4:03:30 PM
VBASE027.VDF: 11/7/54/67 130048 bytes 12/18/2012 7:24:55 PM
VBASE028.VDF: 11/7/54,153 292352 bytes 12/21/2012 10:08:16 AM
VBASE029.VDF: 7.11.55.1 300032 bytes 12.28.2012 19:25:52
VBASE030.VDF: 7.11.55.2 2048 bytes 28.12.2012 19:25:52
VBASE031.VDF: 7.11.55.50 96768 bytes 31.12.2012 11:42:28
Engine version: 8.2.10.224
AEVDF.DLL: 8.1.2.10 102772 bytes 19.09.2012 14:42:55
AESCRIPT.DLL: 8.1.4.78 467323 bytes December 20, 2012 3:13:22 PM
AESCN.DLL: 8.1.10.0 131445 bytes 13.12.2012 20:54:48
AESBX.DLL: 8.2.5.12 606578 bytes 08.28.2012 16:58:06
AERDL.DLL: 8.2.0.74 643445 bytes 07.11.2012 14:18:14
AEPACK.DLL: 8.3.1.2 819574 bytes 12/20/2012 3:13:22 PM
AEOFFICE.DLL: 8.1.2.50 201084 bytes 05.11.2012 14:25:00
AEHEUR.DLL: 8.1.4.168 5628280 Bytes 20.12.2012 15:13:22
AEHELP.DLL: 8.1.25.2 258423 bytes 10.12.2012 15:52:32
AEGEN.DLL: 8/1/6/12 434549 bytes 12/13/2012 8:54:47 PM
AEEXP.DLL: 8.3.0.4 184692 bytes 12/20/2012 3:13:22 PM
AEEMU.DLL: 8.1.3.2 393587 bytes 19.09.2012 14:42:55
AECORE.DLL: 8.1.30.0 201079 bytes 12/13/2012 8:54:47 PM
AEBB.DLL: 8.1.1.4 53619 bytes 05.11.2012 14:24:58
AVWINLL.DLL: 13.4.0.163 25,888 bytes 19.09.2012 18:09:30
AVPREF.DLL: 13.4.0.360 50464 bytes 12/11/2012 15:54:56
AVREP.DLL: 13.4.0.360 177952 bytes 12.10.2012 12:42:59
AVARKT.DLL: 13.6.0.402 260384 bytes 11.12.2012 15:54:54
AVEVTLOG.DLL: 13.6.0.400 167200 bytes 12/11/2012 3:54:55 PM
SQLITE3.DLL: 3.7.0.1 397088 bytes 09/19/2012 18:17:40
AVSMTP.DLL: 13.4.0.163 62,240 bytes 19.09.2012 18:08:54
NETNT.DLL: 13.4.0.360 15648 bytes 12/11/2012 15:55:03
RCIMAGE.DLL: 13.4.0.360 4780832 bytes 12/11/2012 15:54:53
RCTEXT.DLL: 13.4.0.360 68384 bytes 12/11/2012 15:54:53

Configuration for the current search:
Job Name ..............................: Complete system check
Configuration file ...................: C: \ program files (x86) \ avira \ antivir desktop \ sysscan.avp
Logging .......................: standard
Primary action ........................: interactive
Secondary action ......................: ignore
Search master boat sectors .........: a
Search boot sectors ...............: a
Boot sectors ..........................: C :, F :, G :,
Browse active programs ...........: a
Running programs expanded ..........: a
Search registry ..............: a
Search for rootkits ...................: a
Integrity check of system files ..: a
File search mode .......................: All files
Search archives ....................: a
Restrict recursion depth ..........: 20
Archive Smart Extensions ...............: a
Macro virus heuristic ...................: a
File heuristic ........................: extended
Deviating hazard categories ........: + APPL, + GAME, + JOKE, + PCK, + SPR,

Start of search: Monday, December 31, 2012 2:38 pm

The search for the master boat sectors is started:
Master boat sector HD0
[INFO] No virus was found!
Master boat sector HD1
[INFO] No virus was found!
Master boat sector HD2
[INFO] No virus was found!
Master boat sector HD7
[INFO] No virus was found!

The search over the boot sectors is started:
Boot sector 'C: \'
[INFO] No virus was found!
Boot sector 'F: \'
[INFO] No virus was found!
Boot sector 'G: \'
[INFO] No virus was found!

The search for hidden objects is started.
HKEY_USERS \ .DEFAULT \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Connections \ SavedLegacySettings
[NOTE] The registry entry is not visible.
HKEY_USERS \ S-1-5-21-1074799425-1621402076-3425223262-1000 \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Connections \ DefaultConnectionSettings
[NOTE] The registry entry is not visible.
The search for started processes is started:
Search process 'svchost.exe' - '55' module (s) were searched
Search process 'svchost.exe' - '42' module (s) were searched
Search process 'atiesrxx.exe' - '34' module (s) were searched
Search process 'svchost.exe' - '99' module (s) were searched
Search process 'svchost.exe' - '102' Module (s) were searched
Search process 'svchost.exe' - '145' module (s) were searched
Search process 'svchost.exe' - '35' module (s) were searched
Search process 'svchost.exe' - '86' module (s) were searched
Search process 'SbieSvc.exe' - '33' module (s) were searched
Search process 'atieclxx.exe' - '34' module (s) were searched
Search process 'svchost.exe' - '78' module (s) were searched
Search process 'Dwm.exe' - '33' module (s) were searched
Search process 'Explorer.EXE' - '162' Module (s) were searched
Search process 'IswSvc.exe' - '67' Module (s) were searched
Search process 'ForceField.exe' - '90' module (s) were searched
Search process 'spoolsv.exe' - '99' module (s) were searched
Search process 'taskhost.exe' - '53' module (s) were searched
Search process 'taskeng.exe' - '30' module (s) were searched
Search process 'sched.exe' - '47' module (s) were searched
Search process 'svchost.exe' - '71' module (s) were searched
Search process 'DAODx.exe' - '31' module (s) were searched
Search process 'armsvc.exe' - '33' module (s) were searched
Search process 'avguard.exe' - '84' ​​module (s) were searched
Search process 'mDNSResponder.exe' - '43' Module (s) were searched
Search process 'DVMExportService.exe' - '35' module (s) were searched
Search process 'LSSrvc.exe' - '35' module (s) were searched
Search process 'mbamscheduler.exe' - '43' module (s) were searched
Search process 'mbamservice.exe' - '49' module (s) were searched
Search process 'NBService.exe' - '56' module (s) were searched
Search process 'mbamgui.exe' - '45' module (s) were searched
Search process 'svchost.exe' - '40' module (s) were searched
Search process 'WLIDSVC.EXE' - '80' module (s) were searched
Search process 'SDWinSec.exe' - '58' Module (s) were searched
Search process 'WLIDSvcM.exe' - '26' Module (s) were searched
Search process 'avshadow.exe' - '37' module (s) were searched
Search process 'svchost.exe' - '45' module (s) were searched
Search process 'WUDFHost.exe' - '39' Module (s) were searched
Search process 'TeaTimer.exe' - '52' Module (s) were searched
Search process 'SbieCtrl.exe' - '48' module (s) were searched
Search process 'sidebar.exe' - '102' module (s) were searched
Search process 'uTorrent.exe' - '76' Module (s) were searched
Search process 'ONENOTEM.EXE' - '34' module (s) were searched
Search process 'SSMMgr.exe' - '46' Module (s) were searched
Search process 'Scan2Pc.exe' - '78' module (s) were searched
Search process 'jusched.exe' - '37' module (s) were searched
Search process 'avgnt.exe' - '94' module (s) were searched
Search process 'svchost.exe' - '69' module (s) were searched
Search process 'caller64.exe' - '29' module (s) were searched
Search process 'mantispm.exe' - '52' module (s) were searched
Search process 'svchost.exe' - '59' module (s) were searched
Search process 'wmpnetwk.exe' - '132' Module (s) were searched
Search process 'wmiprvse.exe' - '40' module (s) were searched
Search process 'avcenter.exe' - '129' module (s) were searched
Search process 'avscan.exe' - '126' module (s) were searched
Search process 'vssvc.exe' - '55' module (s) were searched
Search process 'svchost.exe' - '39' module (s) were searched
Search process 'sppsvc.exe' - '38' module (s) were searched
Search process 'svchost.exe' - '58' module (s) were searched
Search process 'taskhost.exe' - '57' module (s) were searched
Search process 'wmiprvse.exe' - '53' module (s) were searched
Search process 'WMIADAP.EXE' - '38' module (s) were searched
Search process 'smss.exe' - '2' module (s) were searched
Search process 'csrss.exe' - '16' module (s) were searched
Search process 'wininit.exe' - '35' module (s) were searched
Search process 'csrss.exe' - '16' module (s) were searched
Search process 'services.exe' - '42' module (s) were searched
Search process 'lsass.exe' - '75' module (s) were searched
Search process 'lsm.exe' - '31' module (s) were searched
Search process 'winlogon.exe' - '31' module (s) were searched

Examination of the system files begins:
Signed -> 'C: \ Windows \ system32 \ svchost.exe'
Signed -> 'C: \ Windows \ system32 \ winlogon.exe'
Signed -> 'C: \ Windows \ system32 \ smss.exe'
Signed -> 'C: \ Windows \ system32 \ wininet.DLL'
Signed -> 'C: \ Windows \ system32 \ wsock32.DLL'
Signed -> 'C: \ Windows \ system32 \ ws2_32.DLL'
Signed -> 'C: \ Windows \ system32 \ services.exe'
Signed -> 'C: \ Windows \ system32 \ lsass.exe'
Signed -> 'C: \ Windows \ system32 \ csrss.exe'
Signed -> 'C: \ Windows \ system32 \ drivers \ kbdclass.sys'
Signed -> 'C: \ Windows \ system32 \ spoolsv.exe'
Signed -> 'C: \ Windows \ system32 \ alg.exe'
Signed -> 'C: \ Windows \ system32 \ wuauclt.exe'
Signed -> 'C: \ Windows \ system32 \ advapi32.DLL'
Signed -> 'C: \ Windows \ system32 \ user32.DLL'
Signed -> 'C: \ Windows \ system32 \ gdi32.DLL'
Signed -> 'C: \ Windows \ system32 \ kernel32.DLL'
Signed -> 'C: \ Windows \ system32 \ ntdll.DLL'
Signed -> 'C: \ Windows \ system32 \ ntoskrnl.exe'
Signed -> 'C: \ Windows \ system32 \ ctfmon.exe'
The system files were searched ('20' files)

The search for references to executable files (registry) is started:
The registry was searched ('3883' files).


The search for the selected files is started:

Start by searching in 'C: \'
[0] Archive type: RSRC
-> C: \ Users \ Hannes \ AppData \ Local \ Temp \ jar_cache8716195070358665106.tmp
[1] Archive type: ZIP
-> ewjvaiwebvhtuai124a.class
[FUND] Contains detection patterns of the Java virus JAVA / Jogek.QJ
[WARNING] Infected files in archives cannot be repaired
-> test.class
[FUND] Contains detection patterns of the Java virus JAVA / Jogek.QK
[WARNING] Infected files in archives cannot be repaired
C: \ Users \ Hannes \ AppData \ Local \ Temp \ jar_cache8716195070358665106.tmp
[FUND] Contains detection patterns of the Java virus JAVA / Jogek.QK
Start by searching in 'F: \'
Start by searching in 'G: \'

Start disinfecting:
C: \ Users \ Hannes \ AppData \ Local \ Temp \ jar_cache8716195070358665106.tmp
[FUND] Contains detection patterns of the Java virus JAVA / Jogek.QK
[NOTE] The file could not be moved to the quarantine directory!
[NOTE] The file does not exist!


End of search: Tuesday, January 1, 2013 02:16
Time required: 3:33:38 hour (s)

The search has been completed.

33692 directories were checked
762207 files were scanned
3 viruses or unwanted programs were found
0 files were classified as suspicious
0 files were deleted
0 viruses or unwanted programs were repaired
0 files were moved to quarantine
0 files were renamed
0 files could not be searched
762204 files without infestation
15419 archives were searched
2 warnings
3 notes
1153356 objects were searched during the rootkit scan
2 hidden objects were found

Another scan with Zone Alarm Internet Security did not produce any results.
Another scan with Malwarebytes anti-rootkit did not produce any results either.

My question is:

What else should I do to ensure a clean system?
What about the two hidden registry (Avira log file) entries?

I use a Netgear WiFi router with WPA-PSK [TKIP] + WPA2-PSK [AES] encryption.
After the Trojan attack, I had deactivated the network adapter of my computer.
The following entries appear in the router's log file:

Tuesday, Jan 01,2013 03:30:21 [LAN access from remote] from 94.245.121.251:3544 to 192.168.1.3:54942 Tuesday, Jan 01,2013 03:16:46 [LAN access from remote] from 78.99.143.0 : 42173 to 192.168.1.3:54942

What does this mean? Does anyone have remote access to my network?
If so, what can I do about it?

Thank you for your help!