| |
| |||||||
Log-Analyse und Auswertung: HEUR:Exploit.Java.CVE-2012-5076.gen loswerdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.01.2013, 10:53
| #1 |
| |  HEUR:Exploit.Java.CVE-2012-5076.gen loswerden Hallo! Mein Kaspersky 2013 hat mir gestern gemeldet, dass ich mir den HEUR:Exploit.Java.CVE-2012-5076.gen eingefangen habe und er es nicht reparieren kann. Wie werde ich das Ding wieder los? Ich benutzte Windows 7 auf meinem PC. Leider bin ich mit PCs nicht so fit, ich hoffe aber, dass ich das hier alles richtig mache... Den defogger hab ich schon durchlaufen lassen. Ebenso das OTL. OTL.txt Code:
ATTFilter OTL logfile created on: 28.01.2013 10:11:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mar\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 64,33% Memory free
7,96 Gb Paging File | 6,32 Gb Available in Paging File | 79,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,95 Gb Total Space | 367,04 Gb Free Space | 80,32% Space Free | Partition Type: NTFS
Drive D: | 457,46 Gb Total Space | 270,04 Gb Free Space | 59,03% Space Free | Partition Type: NTFS
Drive E: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: Mar-PC | User Name: Mar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.01 09:41:20 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.09.25 10:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2012.07.27 21:51:36 | 000,035,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.05.12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2011.04.02 22:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011.03.29 03:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2011.03.29 03:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2011.03.14 09:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011.03.08 11:51:22 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009.12.03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
========== Modules (No Company Name) ==========
MOD - [2013.01.11 11:46:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013.01.11 11:46:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.11 11:46:00 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.11 11:45:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.11 11:45:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.11 11:45:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 11:45:40 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.09.25 10:05:32 | 022,423,984 | ---- | M] () -- C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012.09.25 10:05:08 | 000,181,680 | ---- | M] () -- C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012.09.25 10:05:00 | 000,286,640 | ---- | M] () -- C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011.08.11 04:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2011.04.24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
========== Services (SafeList) ==========
SRV - [2013.01.19 11:43:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.01 09:41:20 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.07 11:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.04.02 22:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.03.08 11:51:22 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 22:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.01 10:16:36 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.06.03 10:08:08 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.06.03 10:08:08 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.02 12:10:03 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.11 11:20:49 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.07.11 11:20:49 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.07.11 11:20:49 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.03.18 07:42:54 | 000,023,704 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.12.20 18:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.11 04:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.11.01 10:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.11.01 10:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.11.01 10:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:43:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:43:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.04.19 17:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mar\AppData\Roaming\mozilla\Extensions
[2012.12.11 11:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mar\AppData\Roaming\mozilla\Firefox\Profiles\c2dvzf8s.default\extensions
[2012.12.11 11:56:12 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Mar\AppData\Roaming\mozilla\firefox\profiles\c2dvzf8s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.19 11:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.19 11:43:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.12.12 21:25:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.12 21:25:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.12.12 21:25:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.12 21:25:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.12 21:25:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.12 21:25:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EPSON PX720WD Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Windows\TEMP\E_SBB53.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Mar\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Mar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mar\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mar\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A0DE6A4-49E1-46AC-9501-0F3684FD7159}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.250
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011.09.16 05:58:13 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{71569e52-e2a8-11e0-8bbc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{71569e52-e2a8-11e0-8bbc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011.09.16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{7decbaf7-9392-11e1-bdbf-c89cdc2fd16d}\Shell - "" = AutoRun
O33 - MountPoints2\{7decbaf7-9392-11e1-bdbf-c89cdc2fd16d}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a215dc79-9447-11e1-925a-c89cdc2fd16d}\Shell - "" = AutoRun
O33 - MountPoints2\{a215dc79-9447-11e1-925a-c89cdc2fd16d}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{a215dc79-9447-11e1-925a-c89cdc2fd16d}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{a215dc79-9447-11e1-925a-c89cdc2fd16d}\Shell\install\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.28 10:09:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mar\Desktop\OTL.exe
[2013.01.28 09:52:40 | 000,000,000 | ---D | C] -- C:\Users\Mar\AppData\Roaming\Malwarebytes
[2013.01.28 09:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.28 09:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.28 09:51:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.28 09:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.28 09:50:58 | 000,000,000 | ---D | C] -- C:\Users\Mar\AppData\Local\Programs
[2013.01.19 11:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2013.01.28 10:13:40 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 10:13:40 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 10:11:07 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.28 10:11:07 | 000,654,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.28 10:11:07 | 000,615,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.28 10:11:07 | 000,129,878 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.28 10:11:07 | 000,106,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.28 10:09:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mar\Desktop\OTL.exe
[2013.01.28 10:06:56 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.28 10:06:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.28 10:06:09 | 3207,073,792 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.28 10:05:15 | 000,000,188 | ---- | M] () -- C:\Users\Mar\defogger_reenable
[2013.01.28 10:04:05 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.28 10:02:45 | 000,050,477 | ---- | M] () -- C:\Users\Mar\Desktop\Defogger.exe
[2013.01.28 09:51:18 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.27 13:29:02 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1792715189-4287422523-3878174603-1001UA.job
[2013.01.24 19:29:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1792715189-4287422523-3878174603-1001Core.job
[2013.01.12 09:12:50 | 000,155,980 | ---- | M] () -- C:\Users\Mar\Desktop\fg8_2009Nr04_taenzler_ks.pdf
[2013.01.11 11:41:51 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.01.28 10:05:15 | 000,000,188 | ---- | C] () -- C:\Users\Mar\defogger_reenable
[2013.01.28 10:02:44 | 000,050,477 | ---- | C] () -- C:\Users\Mar\Desktop\Defogger.exe
[2013.01.28 09:51:18 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 09:12:49 | 000,155,980 | ---- | C] () -- C:\Users\Mar\Desktop\fg8_2009Nr04_taenzler_ks.pdf
[2012.10.13 17:32:15 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.05.05 13:27:05 | 000,000,136 | ---- | C] () -- C:\Windows\wininit.ini
[2012.04.19 17:00:33 | 000,017,408 | ---- | C] () -- C:\Users\Mar\AppData\Local\WebpageIcons.db
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.06.14 11:16:58 | 000,000,000 | ---D | M] -- C:\Users\Mar\AppData\Roaming\Amazon
[2012.05.02 12:15:54 | 000,000,000 | ---D | M] -- C:\Users\Mar\AppData\Roaming\DAEMON Tools Lite
[2012.07.14 17:02:00 | 000,000,000 | ---D | M] -- C:\Users\Mar\AppData\Roaming\DVDVideoSoft
[2012.07.14 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\Mar\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.14 23:41:47 | 000,000,000 | ---D | M] -- C:\Users\Mar\AppData\Roaming\Epson
[2012.04.19 16:43:06 | 000,000,000 | ---D | M] -- C:\Users\Mar\AppData\Roaming\OEM
[2012.12.10 11:06:11 | 000,000,000 | ---D | M] -- C:\Users\Mar\AppData\Roaming\Ubisoft
========== Purity Check ==========
< End of report >
Extra.txt Code:
ATTFilter OTL Extras logfile created on: 28.01.2013 10:11:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mar\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 64,33% Memory free
7,96 Gb Paging File | 6,32 Gb Available in Paging File | 79,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,95 Gb Total Space | 367,04 Gb Free Space | 80,32% Space Free | Partition Type: NTFS
Drive D: | 457,46 Gb Total Space | 270,04 Gb Free Space | 59,03% Space Free | Partition Type: NTFS
Drive E: | 5,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: Mar-PC | User Name: Mar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01108AAE-8583-4651-B187-309925413818}" = rport=137 | protocol=17 | dir=out | app=system |
"{04F62ABA-5639-4DF2-973D-420EB3838F23}" = lport=137 | protocol=17 | dir=in | app=system |
"{0E7A0BB5-85CF-42FB-BF17-6A1A04F4A489}" = rport=1723 | protocol=6 | dir=out | app=system |
"{1055D985-3407-4363-AE23-AFCF06EF86B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1066796D-9EE5-40BB-AA22-F04A28C67B04}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe |
"{106DB7FB-0E67-4C51-9CAC-3903D0785546}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{16E5B3EC-C74D-4CCC-A36A-FC756AA997F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{1798384A-B19E-430E-8485-21E6204EAD3A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BBA3C79-4C65-4038-98BD-1EAEBFA56BAE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{2379C4EC-9B18-4286-A74C-CF4E4672C192}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28195484-91C2-4939-A8D2-74BBC0895BCA}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{2BB1C6BA-C2B0-4704-AA32-B19738058545}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe |
"{2BB9B649-8BCD-40B9-93F0-92EAB1DD9FC3}" = lport=445 | protocol=6 | dir=in | app=system |
"{316FA6CE-6598-4D99-9448-ECF303A932C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{34CDF02B-F168-4D7C-A5AD-64DCC2108B70}" = lport=443 | protocol=6 | dir=in | app=system |
"{360ED2E4-3B6A-49BC-817A-FF137653C5AB}" = rport=5358 | protocol=6 | dir=out | app=system |
"{43064562-6D17-490F-8E6A-873EC91CDED7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{457E635E-C4FD-4A34-87B0-9E0314D1B096}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{47A12283-75AD-47CD-8331-4FA391184552}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe |
"{491BBA9C-C136-4C39-9274-E60DBA6C845D}" = lport=5358 | protocol=6 | dir=in | app=system |
"{4BC7FF30-67C3-4F25-AB48-7F1CD5E28120}" = lport=1701 | protocol=17 | dir=in | app=system |
"{56EDBCE6-9E93-4EF3-88BE-3D47D520D5A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5B748409-92DE-4286-B62B-4F4086AFF549}" = lport=80 | protocol=6 | dir=in | app=system |
"{5CCB7E7C-D68E-412E-BBF2-5D13E7BAB911}" = lport=5357 | protocol=6 | dir=in | app=system |
"{5D01613F-C56B-4357-8AA0-8CAEB7295BC5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{5E72F98C-82F6-4B0B-9438-CC18A9659FEF}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F9DBCA5-EA96-49D2-92FB-ADA61B225059}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FCCEC6A-CC83-409A-942D-ADD77ED07AF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{600BA4A8-53A4-488A-A939-FD6B7E5939A7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{63E83831-A2EB-4DBE-8705-5FFDC7DA7BD9}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe |
"{66324024-7360-4223-90D9-7BBDB200CAC6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{6715A64A-9140-4990-8BDB-FC2C0AD5654F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D06212E-DC97-4939-A546-82AB20DBAE21}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DB90618-90F1-4AAD-8C24-0B1A37E5B2D4}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6E6C70F7-C9CE-44FA-B8F3-6AB9078F5774}" = lport=445 | protocol=6 | dir=in | app=system |
"{74736677-E256-499C-B7A7-97A719F5D4DE}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{770AD6AB-D970-4FFF-B05F-60110F6F816F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{7AA18A87-C809-43AB-94D1-2F242D8CFB2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B759B58-72A5-433B-B0F1-4191414B2D19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{7CC334DD-0202-46F4-99C4-2568C7FB9613}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{836EB622-1E4B-4497-AB54-DE5D79BB26A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83FA429E-A6FC-408E-B713-669F50B474A4}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe |
"{84D32CE4-CFCA-44BB-85E7-37E5261AFCE0}" = lport=1723 | protocol=6 | dir=in | app=system |
"{88DD3169-4152-4878-9941-581F512DCFFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A0AD6D2-C052-42F5-B3FC-140B19322336}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B643344-D177-44B4-A3B4-75DAF23540A6}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{8FC1615F-2D9C-4ED7-A381-FB42EF0DE9AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9597C05A-1907-40A9-B1FA-916B94D1DCED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{99C482CB-5D82-4C0D-8819-6E96B1995DAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C25842A-5A29-4A8C-9B4D-DCA01ACFC12E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A2295364-2F4F-4F29-8BB9-578756B2CD4E}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2421C0F-4E23-46C8-BA5E-27959E0E00A3}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe |
"{A422C0FF-FC1A-41EE-A762-F6B96D32DC67}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6542EB5-FEDC-4F0D-8523-3BA31F40ADDC}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A78A41E9-904C-4561-B807-66D50D88CF20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{AB43C209-14D2-40C1-AED1-3321F5483DAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0C51FDF-FA88-4E29-A7EC-D8CEA4139166}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3D551AF-F01B-4331-9EB4-0E189B23A254}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{B7E22434-9DC7-4583-BCFE-FC2284263464}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B80CA7D4-1413-407F-84B3-9560CC938F51}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{BA09DD93-075E-4F80-A1EC-6DEE7E3741BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC093C99-E398-48E5-8C4A-FA3944FCED49}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{C410347E-1110-4D24-9EE3-8953BC25C81D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C42BB564-242A-4AF2-B779-82A12279847A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{C42CBD3A-C484-4AAB-921B-8A1DC8924BA8}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe |
"{C71DCFC2-EC88-4C67-8CF5-F5FD5F561541}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe |
"{CA12638C-1685-4721-AEBB-D57A584C03D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CE46D222-EB9A-40D0-B619-382A88416FB2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1289246-B6ED-472B-B3BA-EE1C0598959E}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3700B3D-5210-43AE-9C1A-3E0DFD7C7F0C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D66C6843-7270-4AAF-A3A6-3667704D5D12}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D87866D2-E1C8-4505-BE53-B758FC8E8952}" = lport=5985 | protocol=6 | dir=in | app=system |
"{DE2D7A73-2FE4-4323-8B6E-3A273224079F}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE827273-4676-4E6D-8CEB-C6F763BD1C82}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E058A4F0-71EF-4718-9ED1-EA6C1F3FB0ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{E8EBA950-3D83-4A3F-9046-EFF460C16991}" = lport=10245 | protocol=6 | dir=in | app=system |
"{EAB014A1-D4D2-49A0-860C-AEBD9153D628}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB53452D-3C38-490B-B92D-DEEA3FF755D1}" = rport=1701 | protocol=17 | dir=out | app=system |
"{F07B9CE0-A914-4A83-8762-B32CF001AE67}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{F36214A0-F222-4F50-AFD8-DAF3F5D3F082}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F373272D-684A-4E0E-91FE-DED3E733F170}" = rport=5357 | protocol=6 | dir=out | app=system |
"{FF8AA5CC-7C84-4655-9275-C37B8D356F5F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027D91E7-595C-44B3-A922-0391200E8E62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DDA1C15-E83D-4E02-8B03-9518D8C1564A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{298E624C-8A8D-43B1-A259-CAD7943464AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2F5DF7CF-E058-4DCB-8B2F-65AA51D1956D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3134A013-5CFD-4B12-8A35-9E76D498B0C1}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe |
"{37C92302-0784-4174-AD9F-06AEEF2A319A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37F4EC3A-5757-4D9F-A7D6-E88C13DECC2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{399E7D07-53C5-417D-AFE0-4AAF2FC0BEC4}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3C47A78D-7CCA-4D2E-A2B7-E41DEC3FB628}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3F606E3D-CD43-45DA-A689-462A7A1CA993}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{438A257A-8EE3-4CC9-9FF9-DC65A9C23171}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{46795BC0-66B0-4BF6-9829-534265E113CB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4C1D70EF-2538-4B52-ACF0-9A14E77EF30C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4ECBFB63-AFF7-45D8-9841-6437DA77CDE6}" = protocol=47 | dir=out | app=system |
"{5767C2D0-0A9B-4784-BC72-B03E0E8BDC08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A1B8D89-6B0D-4CD2-9435-9CACFD06E736}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{60B066DB-E255-4C7E-BDE2-A220D610F7ED}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{67A49010-FB8B-45C7-A2F2-8B3A582CC68D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{6DEA7452-DE95-4792-8232-61AC4C40E819}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{75A779EA-5D75-41E5-8086-CAA21B91A98F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75DA66F1-F5B2-47B6-931F-D8C099EC9266}" = protocol=6 | dir=out | app=system |
"{7727A451-199C-48C9-A966-07FFF17FCB6E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{79DD259A-704C-4F2C-9263-AA76B321E810}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{7E2CDE5B-4233-456E-ABD9-AE0147EA740C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E9724D4-BBC2-4F08-A50C-B5CB49993F4A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7F4CB62E-F63A-462A-92BB-E1F792046B68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{814AE29F-7217-443C-B57F-91722C7B4E14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{859D98A8-0C83-4338-9249-DBDFA56A7D39}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{87173E41-3A0F-4488-990A-4BA9CEB4F530}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{876D0999-02A6-4BFD-968F-4210DD7FF009}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{8F49A442-2F0A-4924-A336-CC59D11518AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{90C582C8-518C-4DCB-BBD7-34EE66D67DC1}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{9F9B089C-D718-40E5-9F2D-00CF10BD1441}" = protocol=47 | dir=in | app=system |
"{A74D97F3-CFB4-42BF-A89E-B70F15C7AAEC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9317CB9-B2CC-4917-BFFD-AC355CB4B128}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{ABF66BAD-620D-48C9-A542-02DC8E893D75}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{ACBBC547-D85E-44D0-8ECF-89EE49AC5624}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ADF0E069-2EE3-4DA6-BEBD-1CEA67E38161}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe |
"{B127FA2B-688C-449A-9FCF-A152BE1E2A98}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4C3C3C1-B85E-4D85-B8D5-A176816FEC67}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{C05EBE29-8174-4F2B-9EE9-56BCBCD8DB96}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C69D2D00-4408-4326-9E0F-004B0AF58A0C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C830BFA2-ECC6-45D5-8A78-A49AE2F1DCE9}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe |
"{C9D242DC-25AF-4AF2-BB94-DAB940B3A60D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CBDC6F95-B8D9-4212-9EC7-30FC58BFF391}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CC2BBE5C-12E4-401C-9FA1-FA4AFC17055B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2F1BF35-4B25-4633-A75B-5D790594D4A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D3000302-18AB-4EAB-B531-5E569385E0DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D5EA8C76-BB2A-4955-9682-A7EB04FFC135}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D9BED7EB-518B-4074-AEE1-1E7750963C78}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DFC2BA8C-A87A-4734-8174-54579B8EEB87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0621CB6-CC08-4416-80E7-AD542A6B50DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4E1DB0D-B5A2-42DF-BF68-D3B5976F3F43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ED91579B-7073-4D88-BAA2-EF8754A652D9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{EF2AD903-CA8A-48B8-BA8D-AC8AF551734A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F1E2EE63-39DA-4B2F-A8BA-E4EFBC6840DD}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe |
"{F6D54B18-CDDB-4C6C-AC8F-1BE4E0A35342}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC84ABBF-90D3-4446-879F-25716DE40A42}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{FF9FC9BC-9293-4660-8AEA-C98B7D708221}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"TCP Query User{179C4845-867C-45EE-952A-3FD29FEF7BCA}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{C84E586B-9068-46BC-8D3C-C933B8E204CF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{970ED07E-65B9-4BDB-B8A1-DD3F670ABB9A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{ADA3977F-E87E-49D4-B636-31F1DA0B60E8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"EPSON PX720WD Series" = EPSON PX720WD Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudibleDownloadManager" = Audible Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON PX720WD Series Manual" = EPSON PX720WD Series Handbuch
"EPSON PX720WD Series Network Guide" = EPSON PX720WD Series Netzwerk-Handbuch
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.10.2012 04:30:51 | Computer Name = Mar-PC | Source = Google Update | ID = 20
Description =
Error - 15.10.2012 07:43:08 | Computer Name = Mar-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.10.2012 04:24:34 | Computer Name = Mar-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.10.2012 04:26:55 | Computer Name = Mar-PC | Source = Google Update | ID = 20
Description =
Error - 16.10.2012 04:30:52 | Computer Name = Mar-PC | Source = Google Update | ID = 20
Description =
Error - 16.10.2012 06:52:05 | Computer Name = Mar-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.10.2012 06:52:05 | Computer Name = Mar-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9969
Error - 16.10.2012 06:52:05 | Computer Name = Mar-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9969
Error - 16.10.2012 07:40:22 | Computer Name = Mar-PC | Source = Google Update | ID = 20
Description =
Error - 17.10.2012 05:45:08 | Computer Name = Mar-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.12.2012 05:26:06 | Computer Name = Mar-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 11.12.2012 05:26:06 | Computer Name = Mar-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 11.12.2012 15:06:18 | Computer Name = Mar-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 11.12.2012 15:06:19 | Computer Name = Mar-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 11.12.2012 15:06:19 | Computer Name = Mar-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12.12.2012 06:14:17 | Computer Name = Mar-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 12.12.2012 06:14:18 | Computer Name = Mar-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 12.12.2012 06:14:19 | Computer Name = Mar-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.12.2012 03:57:15 | Computer Name = Mar-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?12.?2012 um 22:46:34 unerwartet heruntergefahren.
Error - 13.12.2012 03:57:19 | Computer Name = Mar-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
< End of report >
Wäre so dankbar, wenn ihr mir helfen könntet! |
|
28.01.2013, 11:16
| #2 |
| | HEUR:Exploit.Java.CVE-2012-5076.gen loswerden Den ersten .txt hab ich wohl flasch gemacht.... Hoffe, es geht trotzdem.
__________________Hier der gmer.txt Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-28 11:13:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.JC45 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Mar\AppData\Local\Temp\awdiifow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077100018 5 bytes JMP 000000016ac91765
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764a1401 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764a1419 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764a1431 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764a144a 2 bytes [4A, 76]
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764a14dd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764a14f5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764a150d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764a1525 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764a153d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764a1555 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764a156d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764a1585 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764a159d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764a15b5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764a15cd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764a16b2 2 bytes [4A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764a16bd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\kernel32.dll!FindResourceW 0000000076585959 5 bytes JMP 0000000100440980
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\kernel32.dll!FindResourceA 000000007659e9a3 5 bytes JMP 0000000100440930
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\USER32.dll!LoadStringW 0000000076698eb9 5 bytes JMP 0000000100440fd0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\USER32.dll!LoadStringA 000000007669db21 5 bytes JMP 0000000100441110
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\USER32.dll!LoadMenuW 00000000766a4391 5 bytes JMP 0000000100440b40
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\USER32.dll!LoadMenuA 00000000766b4eef 5 bytes JMP 0000000100440ad0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 00000000766b5246 5 bytes JMP 00000001004409d0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000766c10dc 5 bytes JMP 0000000100440a50
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764a1401 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764a1419 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764a1431 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764a144a 2 bytes [4A, 76]
.text ... * 9
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764a14dd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764a14f5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764a150d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764a1525 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764a153d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764a1555 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764a156d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764a1585 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764a159d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764a15b5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764a15cd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764a16b2 2 bytes [4A, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764a16bd 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764a1401 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764a1419 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764a1431 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764a144a 2 bytes [4A, 76]
.text ... * 9
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764a14dd 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764a14f5 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764a150d 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764a1525 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764a153d 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764a1555 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764a156d 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764a1585 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764a159d 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764a15b5 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764a15cd 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764a16b2 2 bytes [4A, 76]
.text C:\Users\Mar\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764a16bd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764a1401 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764a1419 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764a1431 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764a144a 2 bytes [4A, 76]
.text ... * 9
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764a14dd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764a14f5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764a150d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764a1525 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764a153d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764a1555 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764a156d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764a1585 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764a159d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764a15b5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764a15cd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764a16b2 2 bytes [4A, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764a16bd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764a1401 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764a1419 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764a1431 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764a144a 2 bytes [4A, 76]
.text ... * 9
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764a14dd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764a14f5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764a150d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764a1525 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764a153d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764a1555 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764a156d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764a1585 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764a159d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764a15b5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764a15cd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764a16b2 2 bytes [4A, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764a16bd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764a1401 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764a1419 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764a1431 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764a144a 2 bytes [4A, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764a14dd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764a14f5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764a150d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764a1525 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764a153d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764a1555 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764a156d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764a1585 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764a159d 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764a15b5 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764a15cd 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764a16b2 2 bytes [4A, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764a16bd 2 bytes [4A, 76]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [1904:2560] 000000006bf78f50
Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [1904:3200] 000000007078c210
Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [1904:1512] 00000000707f32fb
Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [1904:5520] 000000006f9317a4
Thread C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2784:4776] 0000000072c0a3e0
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [1904] 00000000717a0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2784] 0000000072380000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [848] 000007fef14e0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x13 0x22 0xD5 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x1E 0x68 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x24 0x67 0x55 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x13 0x22 0xD5 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x1E 0x68 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x24 0x67 0x55 0xA7 ...
---- EOF - GMER 2.0 ----
|
|
28.01.2013, 13:58
| #3 |
| /// Helfer-Team  | HEUR:Exploit.Java.CVE-2012-5076.gen loswerden Bitte das Malwarebytes Logfile posten! (Reiter Logdateien) danach: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
danach: Downloade Dir bitte SecurityCheck von einem der folgenden Links: LINK1 LINK2
__________________ |
|
28.01.2013, 15:30
| #4 |
| | HEUR:Exploit.Java.CVE-2012-5076.gen loswerden Danke John, dass du dich schon drum kümmerst! Hier sind nun die Logdateien von Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mar :: mar-PC [Administrator] Schutz: Aktiviert 28.01.2013 14:40:16 mbam-log-2013-01-28 (14-40-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 379946 Laufzeit: 43 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mar :: mar-PC [Administrator] Schutz: Aktiviert 28.01.2013 14:40:16 mbam-log-2013-01-28 (14-40-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 379946 Laufzeit: 43 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich mach dann mit AdwCleaner weiter! Vielen Dank schonmal! AdwCleaner Logdatei: Code:
ATTFilter # AdwCleaner v2.109 - Datei am 28/01/2013 um 15:32:37 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : mar - mar-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\mar\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\mar\AppData\Roaming\Mozilla\Firefox\Profiles\c2dvzf8s.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [733 octets] - [28/01/2013 15:32:37]
########## EOF - C:\AdwCleaner[S1].txt - [792 octets] ##########
Ok, ich bin dann erstmal durch. SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Trojan Remover 6.8.5 Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (18.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2012 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
28.01.2013, 18:24
| #5 |
| /// Helfer-Team | HEUR:Exploit.Java.CVE-2012-5076.gen loswerden Alles Clean. Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
28.01.2013, 19:15
| #6 |
| | HEUR:Exploit.Java.CVE-2012-5076.gen loswerden Ich hab auf den Link zum Java Download geklickt, die Datei hieß aber nich jxpiinstall.exe sondern jre-7u11-windows-i586 Hab dann bei den downloads geguckt und die letzte jxpiinstall.exe die ich habe ist vom 13.10.12. Ich habe jetzt nur die aktuelle Java Version drauf. Und hab neugestartet. Allerdings hängt er jetzt, nachdem ich mich angemeldet habe. Geht gerade garnichts mehr... Hab jetzt nochmal neu gestartet. Java Einstellungen sind verändert. PluginCheck: Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java (1,7,0,11) ist aktuell. Adobe Reader 10,1,4,38 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Nach Java Deaktivierung: Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java ist Installiert aber nicht aktiviert. Adobe Reader 10,1,4,38 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Geändert von Dudi83 (28.01.2013 um 19:36 Uhr) |
|
28.01.2013, 20:33
| #7 |
| /// Helfer-Team | HEUR:Exploit.Java.CVE-2012-5076.gen loswerden Sehr gut!  damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
29.01.2013, 19:44
| #9 | ||
| /// Helfer-Team | HEUR:Exploit.Java.CVE-2012-5076.gen loswerdenZitat:
Zitat:
|
|
29.01.2013, 19:56
| #10 |
| | HEUR:Exploit.Java.CVE-2012-5076.gen loswerden In der Anleitung steht nichts mit temporären Dateien... Da ist nach dem "starte Cleaner"-Teil Schluss. Zum Kaspersky: c:\documents and settings\mar\appdata\locallow\sun\java\deployment\cache\6.0\57\6d8530b9-1920a79c Änderungsdatum 02.12.12 |
|
29.01.2013, 20:21
| #11 | ||
| /// Helfer-Team | HEUR:Exploit.Java.CVE-2012-5076.gen loswerdenZitat:
Zitat:
Das ist ein Exploit und keine aktuelle Meldung. |
|
06.02.2013, 10:03
| #12 |
| | HEUR:Exploit.Java.CVE-2012-5076.gen loswerden Muss ich jetzt noch irgendwas tun? |
|
07.02.2013, 00:46
| #13 |
| /// Helfer-Team | HEUR:Exploit.Java.CVE-2012-5076.gen loswerden Nein, es ist alles in Ordnung. |
|
| Themen zu HEUR:Exploit.Java.CVE-2012-5076.gen loswerden |
| bho, bingbar, bonjour, converter, error, excel, firefox, flash player, format, heur, heur:expolit, home, install.exe, kaspersky, logfile, loswerden, malware, mozilla, nvpciflt.sys, office 2007, policyagent, realtek, registry, rundll, scan, security, siteadvisor, software, svchost.exe, tastatur, trojaner, udp, windows |
Linear-Darstellung
