| |
| |||||||
Log-Analyse und Auswertung: Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WWWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.02.2013, 16:44
| #1 |
 |  Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Hallo, ich brauche eure Hilfe. Nach dem vollständingen Systemscan mit AVIRA werden 16! Warnungen bzw. Virusmeldungen ausgespuckt, malwarebytes sagt aber es sei alles in Ordnung. Habe ich jetzt ein völlig infiziertes System oder ist alles nur halb so schlimm ? AVIRA: Avira Free Antivirus Erstellungsdatum der Reportdatei: Freitag, 8. Februar 2013 22:10 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : XYZ Computername : XYZ-PC Versionsinformationen: BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00 AVSCAN.EXE : 13.6.0.402 639264 Bytes 08.02.2013 21:04:28 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 08.02.2013 21:04:28 LUKE.DLL : 13.6.0.400 67360 Bytes 08.02.2013 21:04:40 AVSCPLR.DLL : 13.6.0.628 94432 Bytes 08.02.2013 21:04:58 AVREG.DLL : 13.6.0.600 250592 Bytes 08.02.2013 21:04:58 avlode.dll : 13.6.2.624 434912 Bytes 08.02.2013 21:04:59 avlode.rdf : 13.0.0.36 10917 Bytes 08.02.2013 21:04:58 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 21:03:30 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 21:03:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:03:48 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 21:03:51 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 21:03:54 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 21:03:57 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 21:04:01 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 21:04:03 VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 21:04:08 VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 21:04:08 VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 21:04:08 VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 21:04:08 VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 21:04:08 VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 21:04:08 VBASE014.VDF : 7.11.60.63 2048 Bytes 08.02.2013 21:04:08 VBASE015.VDF : 7.11.60.64 2048 Bytes 08.02.2013 21:04:08 VBASE016.VDF : 7.11.60.65 2048 Bytes 08.02.2013 21:04:09 VBASE017.VDF : 7.11.60.66 2048 Bytes 08.02.2013 21:04:09 VBASE018.VDF : 7.11.60.67 2048 Bytes 08.02.2013 21:04:09 VBASE019.VDF : 7.11.60.68 2048 Bytes 08.02.2013 21:04:09 VBASE020.VDF : 7.11.60.69 2048 Bytes 08.02.2013 21:04:09 VBASE021.VDF : 7.11.60.70 2048 Bytes 08.02.2013 21:04:09 VBASE022.VDF : 7.11.60.71 2048 Bytes 08.02.2013 21:04:09 VBASE023.VDF : 7.11.60.72 2048 Bytes 08.02.2013 21:04:09 VBASE024.VDF : 7.11.60.73 2048 Bytes 08.02.2013 21:04:09 VBASE025.VDF : 7.11.60.74 2048 Bytes 08.02.2013 21:04:09 VBASE026.VDF : 7.11.60.75 2048 Bytes 08.02.2013 21:04:09 VBASE027.VDF : 7.11.60.76 2048 Bytes 08.02.2013 21:04:09 VBASE028.VDF : 7.11.60.77 2048 Bytes 08.02.2013 21:04:09 VBASE029.VDF : 7.11.60.78 2048 Bytes 08.02.2013 21:04:10 VBASE030.VDF : 7.11.60.79 2048 Bytes 08.02.2013 21:04:10 VBASE031.VDF : 7.11.60.96 138752 Bytes 08.02.2013 21:04:10 Engineversion : 8.2.10.248 AEVDF.DLL : 8.1.2.10 102772 Bytes 08.02.2013 21:04:14 AESCRIPT.DLL : 8.1.4.88 471417 Bytes 08.02.2013 21:04:13 AESCN.DLL : 8.1.10.0 131445 Bytes 08.02.2013 21:04:13 AESBX.DLL : 8.2.5.12 606578 Bytes 08.02.2013 21:04:14 AERDL.DLL : 8.2.0.88 643444 Bytes 08.02.2013 21:04:13 AEPACK.DLL : 8.3.1.2 819574 Bytes 08.02.2013 21:04:13 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 08.02.2013 21:04:13 AEHEUR.DLL : 8.1.4.198 5751159 Bytes 08.02.2013 21:04:12 AEHELP.DLL : 8.1.25.2 258423 Bytes 08.02.2013 21:04:11 AEGEN.DLL : 8.1.6.16 434549 Bytes 08.02.2013 21:04:10 AEEXP.DLL : 8.3.0.20 188787 Bytes 08.02.2013 21:04:14 AEEMU.DLL : 8.1.3.2 393587 Bytes 08.02.2013 21:04:10 AECORE.DLL : 8.1.30.0 201079 Bytes 08.02.2013 21:04:10 AEBB.DLL : 8.1.1.4 53619 Bytes 08.02.2013 21:04:10 AVWINLL.DLL : 13.4.0.163 25888 Bytes 08.02.2013 21:03:14 AVPREF.DLL : 13.4.0.360 50464 Bytes 08.02.2013 21:04:28 AVREP.DLL : 13.6.0.480 178544 Bytes 08.02.2013 21:04:58 AVARKT.DLL : 13.6.0.402 260384 Bytes 08.02.2013 21:04:23 AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 08.02.2013 21:04:24 SQLITE3.DLL : 3.7.0.1 397088 Bytes 08.02.2013 21:04:50 AVSMTP.DLL : 13.4.0.163 62240 Bytes 08.02.2013 21:04:29 NETNT.DLL : 13.4.0.360 15648 Bytes 08.02.2013 21:04:43 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 08.02.2013 21:03:15 RCTEXT.DLL : 13.4.0.360 68384 Bytes 08.02.2013 21:03:15 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Freitag, 8. Februar 2013 22:10 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '122' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'NvXDSync.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '182' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'ETDCtrl.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'KiesTrayAgent.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'ETDCtrlHelper.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '117' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'YCMMirage.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'MovieColorEnhancer.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'dmhkcore.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxext.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '171' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_149.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_149.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'NOBuAgent.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMLSvc.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'Media+Player10Serv.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'hkcmd.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxtray.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'SSCKbdHk.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '159' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1424' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' [0] Archivtyp: RSRC --> C:\Program Files (x86)\Samsung\Easy Support Center\Drv\drv3x86\WUDFUpdate_01009.dll [1] Archivtyp: RSRC --> C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WUDFUpdate_01009.dll [2] Archivtyp: RSRC --> C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3f4723cd-1517d4a1 [3] Archivtyp: ZIP --> yPtQUsJR.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WM [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> aiA.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.QV [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> ehxakdyx.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WN [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> EnQrOypa.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WO [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> EqBvLHcWc.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WP [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> MkHha.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WQ [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> NMuoEvupe.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WR [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> rorDl.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WS [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> sQPcaoDyd.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WT [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> SxFLRX.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WU [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> TfwxClUn.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WV [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> XkcCrJ.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WW [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden C:\Users\XYZ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3f4723cd-1517d4a1 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WW --> C:\Users\XYZ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6a100705-2bdd5bed [3] Archivtyp: ZIP --> JXiDdo.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.A.174 [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> vYuRSr.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422.I [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6a100705-2bdd5bed [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422.I Beginne mit der Suche in 'D:\' Beginne mit der Desinfektion: C:\Users\XYZ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6a100705-2bdd5bed [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422.I [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '591f759a.qua' verschoben! C:\Users\XYZ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3f4723cd-1517d4a1 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.WW [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '41875a32.qua' verschoben! Ende des Suchlaufs: Samstag, 9. Februar 2013 06:14 Benötigte Zeit: 1:13:04 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 28901 Verzeichnisse wurden überprüft 738185 Dateien wurden geprüft 16 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 738169 Dateien ohne Befall 17983 Archive wurden durchsucht 14 Warnungen 2 Hinweise 770151 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden ==================================================================== malwarebytes: Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.09.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stefan :: XYZ-PC [limited] Protection: Enabled 09.02.2013 15:16:57 mbam-log-2013-02-09 (15-16-57).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 350952 Time elapsed: 1 hour(s), 6 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
10.02.2013, 22:03
| #2 |
| | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Hallo,
__________________hier noch die gwünschten Logs: OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2013 14:30:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XYZ\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,92 Gb Total Physical Memory | 4,71 Gb Available Physical Memory | 79,57% Memory free 11,83 Gb Paging File | 10,07 Gb Available in Paging File | 85,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 230,00 Gb Total Space | 172,44 Gb Free Space | 74,97% Space Free | Partition Type: NTFS Drive D: | 343,00 Gb Total Space | 298,71 Gb Free Space | 87,09% Space Free | Partition Type: NTFS Computer Name: STEFAN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.10 14:29:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XYZ\Downloads\OTL.exe PRC - [2013.02.08 22:04:47 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.08 22:04:26 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.08 22:04:25 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.31 08:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.09.28 00:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe PRC - [2011.09.06 09:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe PRC - [2011.09.06 09:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe PRC - [2011.08.19 05:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe PRC - [2011.08.17 08:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011.07.29 23:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe PRC - [2011.06.05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.09.20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe PRC - [2009.11.02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.01.09 18:25:30 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.09 18:25:24 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 18:25:22 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.09 18:25:08 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 18:25:04 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 18:25:03 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 18:24:47 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.02.16 17:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll MOD - [2009.11.02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.09.22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.02.08 22:04:47 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.08 22:04:26 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.08 11:04:36 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.10.19 19:56:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.06.05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.06.01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.08 22:04:58 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.08 22:04:58 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.08 22:04:57 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.07.29 23:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2011.06.17 04:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.06.05 00:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.05.01 06:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.04.22 11:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.16 11:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.19 19:56:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.19 19:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.19 19:56:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A9C25AC-30C1-4408-9A5E-D0AD46F95E8E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.09 06:19:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.02.09 06:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.09 06:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.08 22:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.08 22:05:48 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.02.08 22:05:48 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.02.08 22:05:48 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.02.08 22:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.08 22:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.08 14:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.08 14:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.08 14:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.02.07 22:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.02.07 22:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.30 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2013.01.30 15:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.30 15:22:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs [2013.01.26 11:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.26 11:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java ========== Files - Modified Within 30 Days ========== [2013.02.10 14:04:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.02.10 10:51:52 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 10:51:52 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 10:47:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.10 07:33:52 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys [2013.02.09 17:47:43 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.02.09 06:19:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.08 22:05:54 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.08 22:04:58 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.02.08 22:04:58 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.02.08 22:04:57 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.02.07 13:34:04 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.02.07 13:34:04 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.02.07 13:34:04 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.02.07 13:34:04 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.02.07 13:34:04 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2013.02.09 17:47:43 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.02.09 06:19:19 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.08 22:05:54 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011.10.11 03:28:02 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011.10.11 02:27:55 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini [2011.07.21 06:51:15 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.07.21 06:51:14 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.07.21 06:51:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.30 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung ========== Purity Check ========== < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.02.2013 14:30:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XYZ\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,92 Gb Total Physical Memory | 4,71 Gb Available Physical Memory | 79,57% Memory free
11,83 Gb Paging File | 10,07 Gb Available in Paging File | 85,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,00 Gb Total Space | 172,44 Gb Free Space | 74,97% Space Free | Partition Type: NTFS
Drive D: | 343,00 Gb Total Space | 298,71 Gb Free Space | 87,09% Space Free | Partition Type: NTFS
Computer Name: STEFAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A42BEAE-A7DB-4BAA-A462-70B29DA84B49}" = rport=138 | protocol=17 | dir=out | app=system |
"{2071E0B3-9027-4FFE-9AEB-1159B8954172}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BC452FA-3401-4866-AE8E-6BD5CFC3BCAE}" = rport=139 | protocol=6 | dir=out | app=system |
"{2C77938C-8792-46EB-8B2B-C6D333F48138}" = lport=445 | protocol=6 | dir=in | app=system |
"{30D7C339-54D2-4C62-8E18-A62A075FB9DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33737E1C-9530-4878-9E78-CA754AEA5FFF}" = rport=137 | protocol=17 | dir=out | app=system |
"{3AF6660F-0825-43CF-96FE-AADAFF825CDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{441D63E7-4463-48F0-A5BD-4C6FE7AD52D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48CD1599-D3F6-4A82-BE32-5937D1303E9E}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A5027B2-4181-4FC0-B886-AEBF5D210C34}" = lport=137 | protocol=17 | dir=in | app=system |
"{6ACD859D-A80A-407F-BCA1-3D4D5E8E6541}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C2C6067-A00E-4D6D-9852-4309A00BF13F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D9CD3DE-85BC-4DCD-A342-762240DA2131}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8AAA3C08-AD8D-4A49-A225-F029CE582BB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{9485FD65-90AB-470B-96A5-5316258180D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{952188CC-E441-4006-9C3F-BA2B2DF736F5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9E07878E-B612-4278-9DC7-7AE51B873973}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB53985F-C22F-41AF-A5EC-9E6F272EE5DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C33226E2-4C35-41B4-91F9-84C2C8271281}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0ADFE60-1BE3-43A8-9DE8-36417F027864}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3C00197-A542-4ED5-BB7B-5BD9CCF3EBA4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D98286F6-B377-4280-A938-E1A3D710C14F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D9FDFB53-D674-4A95-BBA8-5ED7AF50BB72}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E0EA2789-99E3-4CF0-9DFD-58B3A9A5955A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F75E1F14-775E-4CE7-8221-24463042CF03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08044543-12E5-4DF6-ACDF-F7D0DF9C7D1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0B0F1A55-2F6C-444D-85E5-C4BC242EFA59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15E4330F-8E20-416C-BA03-8F3CCD3D6971}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23CFF859-971E-4443-BEA2-E58F7AFD456C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{295C7E8E-E3BF-4C9E-BA0D-22200364023C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EAB6742-815F-435C-B81E-D33D96E724A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3B80C65C-5E18-4B05-ACB9-B3271545E332}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3C807EEB-575F-4A37-86A2-01C0FE43FB6F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3F396ADA-B4A7-432C-964D-FD24AF45972C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4506E17D-657C-48CD-BB64-5F4D052BE6FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CB4D7AC-12FE-4C75-A3AF-2E2516FDB9E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4FB4D578-8285-4C92-B72C-A7F5B215159A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{70D1F54A-7DC4-43BA-B73B-F063DB822DD2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7328F5C6-F0E1-449B-8EF1-A6F0E5474CFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85891C0C-74AD-405E-B518-C076F942A078}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9572A463-DEE3-4FBB-B8A8-F022529DE809}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96BC193A-F0B4-432F-9AE7-C92FE14CA8DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2AF4A49-2C67-44BD-9247-61D5BE3C38F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ABBD1E0E-FB3F-4CD2-AEAF-388CF332CEA3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B75D73C3-07F2-4D2A-A839-BFCB06324D41}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B844ABCC-F31D-4DB1-9B07-883D5B1E4E41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD08B820-3A14-4A1C-AC60-CDB9762C449E}" = protocol=6 | dir=out | app=system |
"{C710426D-3CBC-4901-B087-5FEFC055F017}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C91E7603-7D3B-4B7D-8BBE-7662CC176079}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D314578B-A21B-4826-9764-2E266066B949}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6A96630-35ED-4F43-90E4-F5270AD823F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{E9DC5139-212D-42AD-B955-2B73917A08AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0C81B07-F658-4AB9-B3F6-DB88814A8866}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA0EFB10-C9F5-45D6-B568-FFFF75A7C0F6}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.0.7.2_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1CEA14B0-9E95-43FC-8D79-C81D20052375}}_is1" = FOTOParadies
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Game Console - WildGames" = WildTangent ORB Game Console
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Personal Backup 5_is1" = Personal Backup 5.3
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
"XnView_is1" = XnView 1.99.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.12.2012 09:02:13 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.12.2012 15:58:07 | Computer Name = Stefan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 11.12.2012 10:29:49 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.12.2012 05:49:25 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.12.2012 06:28:34 | Computer Name = Stefan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 12.12.2012 09:29:20 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.12.2012 04:52:15 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.12.2012 05:16:14 | Computer Name = Stefan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 14.12.2012 08:53:11 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.12.2012 09:18:34 | Computer Name = Stefan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 04.12.2012 04:42:27 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 07.12.2012 14:41:40 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description =
Error - 07.12.2012 14:47:01 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 07.12.2012 14:47:35 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 11.12.2012 14:45:06 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description =
Error - 12.12.2012 14:38:10 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description =
Error - 17.12.2012 03:34:17 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 27.12.2012 06:35:36 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 27.01.2013 04:17:52 | Computer Name = Stefan-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 30.01.2013 04:59:58 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Geändert von blaue_sonne (10.02.2013 um 22:20 Uhr) |
|
10.02.2013, 22:22
| #3 |
| | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW .... und noch gmer.txt
__________________GMER Logfile: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-10 21:47:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxdiqpob.sys
---- User code sections - GMER 2.0 ----
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000772d1401 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000772d1419 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000772d1431 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000772d144a 2 bytes [2D, 77]
.text ... * 9
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772d14dd 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772d14f5 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000772d150d 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000772d1525 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000772d153d 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000772d1555 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000772d156d 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000772d1585 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000772d159d 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772d15b5 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772d15cd 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772d16b2 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[4900] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772d16bd 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007731f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007731f99b 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007731fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007731fa17 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007731fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007731fb2f 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007731fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007731fbdf 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007731fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007731fc0f 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007731fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007731fc27 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007731fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007731fc3f 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007731fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007731fc6f 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007731fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007731fcef 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007731fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007731fd07 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007731fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007731fd53 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007731fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007731fdb7 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007731fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007731fe4b 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007731ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007731ff93 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077320099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000773200a3 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077320781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007732078b 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077320ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077321007 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007732105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077321067 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773210a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000773210af 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007732111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077321127 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077321321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007732132b 1 byte [90]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000074bf103d 5 bytes JMP 0000000100010030
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000074bf1072 5 bytes JMP 0000000100010070
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\KERNELBASE.dll!CreateEventW 00000000767c119f 5 bytes JMP 0000000100020030
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\KERNELBASE.dll!OpenEventW 00000000767c11cf 5 bytes JMP 0000000100020070
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075694de0 5 bytes JMP 00000001001203b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SelectObject 0000000075694f70 5 bytes JMP 00000001001205f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SetBkMode 00000000756951a2 5 bytes JMP 00000001001208f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SetTextColor 000000007569522d 5 bytes JMP 0000000100120a30
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!DeleteObject 0000000075695689 5 bytes JMP 00000001001201b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000756958b3 5 bytes JMP 0000000100120170
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetCurrentObject 0000000075696bad 5 bytes JMP 0000000100120370
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SaveDC 0000000075696e05 5 bytes JMP 0000000100120570
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!RestoreDC 0000000075696ead 5 bytes JMP 0000000100120530
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SetStretchBltMode 0000000075697180 5 bytes JMP 00000001001206b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!StretchDIBits 0000000075697435 5 bytes JMP 0000000100120770
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000075697bcc 5 bytes JMP 00000001001200b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!IntersectClipRect 0000000075697dc4 5 bytes JMP 00000001001203f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetTextAlign 0000000075697fd5 5 bytes JMP 0000000100120d70
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetTextMetricsW 00000000756982b2 5 bytes JMP 0000000100120e30
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SetTextAlign 0000000075698401 5 bytes JMP 00000001001209f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!ExtSelectClipRgn 000000007569879f 5 bytes JMP 00000001001202f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SelectClipRgn 0000000075698916 5 bytes JMP 00000001001205b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!ExtTextOutW 0000000075698b7a 5 bytes JMP 0000000100120970
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!MoveToEx 0000000075698ee6 5 bytes JMP 0000000100120470
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetFontData 0000000075699875 5 bytes JMP 0000000100120c70
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetTextFaceW 0000000075699936 5 bytes JMP 0000000100120d30
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!Rectangle 000000007569a53a 5 bytes JMP 00000001001209b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetClipBox 000000007569af9f 5 bytes JMP 0000000100120330
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!LineTo 000000007569b9e5 5 bytes JMP 0000000100120430
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SetICMMode 000000007569bd55 5 bytes JMP 0000000100120db0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!CreateICW 000000007569c040 5 bytes JMP 0000000100120130
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007569c107 5 bytes JMP 0000000100120670
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SetWorldTransform 000000007569c269 5 bytes JMP 00000001001206f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetTextMetricsA 000000007569d1f1 5 bytes JMP 0000000100120df0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007569d349 5 bytes JMP 0000000100120630
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!ExtTextOutA 000000007569dce4 5 bytes JMP 0000000100120930
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!CreateDCW 000000007569e743 5 bytes JMP 00000001001200f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!ExtEscape 00000000756a03b7 5 bytes JMP 00000001001202b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!Escape 00000000756a1bda 5 bytes JMP 0000000100120270
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetTextFaceA 00000000756a1e89 5 bytes JMP 0000000100120cf0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SetPolyFillMode 00000000756a4843 5 bytes JMP 0000000100120b30
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SetMiterLimit 00000000756a5690 5 bytes JMP 0000000100120b70
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!EndPage 00000000756a6bde 5 bytes JMP 0000000100120230
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!ResetDCW 00000000756ae2db 5 bytes JMP 0000000100120ab0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000756b940d 5 bytes JMP 0000000100120cb0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000756bc621 5 bytes JMP 0000000100120bb0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!AddFontResourceW 00000000756bd2b2 5 bytes JMP 0000000100120bf0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000756bd919 5 bytes JMP 0000000100120c30
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!AbortDoc 00000000756c3adc 5 bytes JMP 0000000100120030
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!EndDoc 00000000756c3f29 5 bytes JMP 00000001001201f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!StartPage 00000000756c401a 5 bytes JMP 0000000100120730
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!StartDocW 00000000756c4c51 5 bytes JMP 00000001001207f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!BeginPath 00000000756c53fd 5 bytes JMP 0000000100120830
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!SelectClipPath 00000000756c5454 5 bytes JMP 0000000100120af0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!CloseFigure 00000000756c54af 5 bytes JMP 0000000100120070
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!EndPath 00000000756c5506 5 bytes JMP 0000000100120a70
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!StrokePath 00000000756c573f 5 bytes JMP 00000001001207b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!FillPath 00000000756c57d2 5 bytes JMP 0000000100120870
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!PolylineTo 00000000756c5c44 5 bytes JMP 00000001001204f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!PolyBezierTo 00000000756c5cd5 5 bytes JMP 00000001001204b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\GDI32.dll!PolyDraw 00000000756c5d87 5 bytes JMP 00000001001208b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!MapWindowPoints 0000000075728c40 5 bytes JMP 0000000100130570
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000075729ebd 5 bytes JMP 00000001001302b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000075730afa 5 bytes JMP 00000001001302f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetClientRect 0000000075730c62 7 bytes JMP 00000001001305b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetParent 0000000075730f68 7 bytes JMP 00000001001306f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!IsWindowVisible 000000007573112d 7 bytes JMP 00000001001306b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757312a5 5 bytes JMP 00000001001305f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!ScreenToClient 000000007573227d 7 bytes JMP 0000000100130670
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!MonitorFromWindow 0000000075733150 7 bytes JMP 0000000100130630
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!SetCursor 00000000757341f6 5 bytes JMP 0000000100130530
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000757368ef 5 bytes JMP 0000000100130270
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000757377fa 5 bytes JMP 0000000100130230
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetTopWindow 0000000075737887 7 bytes JMP 0000000100130730
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000075738676 5 bytes JMP 00000001001300f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000075738696 5 bytes JMP 0000000100130330
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!CloseClipboard 0000000075738e8d 5 bytes JMP 00000001001300b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!OpenClipboard 0000000075738ecb 5 bytes JMP 0000000100130070
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!ChangeClipboardChain 000000007573c17b 5 bytes JMP 0000000100130430
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!EnumClipboardFormats 000000007573c449 5 bytes JMP 00000001001301b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007573c468 5 bytes JMP 00000001001303f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!CountClipboardFormats 000000007573c486 5 bytes JMP 00000001001301f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007573c4b6 5 bytes JMP 00000001001304b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!ActivateKeyboardLayout 000000007573d6c0 5 bytes JMP 00000001001304f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetClipboardOwner 000000007573e360 5 bytes JMP 0000000100130370
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075768e57 5 bytes JMP 0000000100130170
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000075769cfd 5 bytes JMP 0000000100130770
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075769f1d 5 bytes JMP 0000000100130030
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!EmptyClipboard 0000000075787cb9 5 bytes JMP 0000000100130130
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetClipboardViewer 0000000075788111 5 bytes JMP 0000000100130470
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007578832f 5 bytes JMP 00000001001303b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000749f9606 5 bytes JMP 00000001001400f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074a00581 5 bytes JMP 0000000100140130
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074a00bb9 5 bytes JMP 0000000100140270
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074a00c2e 5 bytes JMP 00000001001401b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074a00f2e 5 bytes JMP 0000000100140070
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074a01096 5 bytes JMP 00000001001400b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!EncryptMessage 0000000074a0124e 5 bytes JMP 00000001001401f0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!DecryptMessage 0000000074a0129d 5 bytes JMP 0000000100140230
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074a01527 5 bytes JMP 0000000100140030
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074a01590 5 bytes JMP 0000000100140170
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\ole32.dll!OleSetClipboard 0000000075460045 5 bytes JMP 0000000100150030
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000754636b2 5 bytes JMP 0000000100150070
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\ole32.dll!OleGetClipboard 000000007548fdcd 5 bytes JMP 00000001001500b0
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000772d1401 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000772d1419 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000772d1431 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000772d144a 2 bytes [2D, 77]
.text ... * 9
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772d14dd 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772d14f5 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000772d150d 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000772d1525 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000772d153d 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000772d1555 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000772d156d 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000772d1585 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000772d159d 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772d15b5 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772d15cd 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772d16b2 2 bytes [2D, 77]
.text C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3988] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772d16bd 2 bytes [2D, 77]
---- Threads - GMER 2.0 ----
Thread C:\windows\system32\svchost.exe [1008:1736] 000007fef8f65124
Thread C:\windows\system32\svchost.exe [1008:880] 000007fef6d6506c
Thread C:\windows\system32\svchost.exe [1008:1856] 000007fef8521c20
Thread C:\windows\system32\svchost.exe [1008:2328] 000007fef8521c20
Thread C:\windows\system32\svchost.exe [1008:3600] 000007fefa7a1ab0
Thread C:\windows\system32\svchost.exe [1008:4840] 000007fef7fe4164
Thread C:\windows\system32\svchost.exe [588:3512] 000007fef3f15170
Thread C:\windows\system32\svchost.exe [1772:4420] 000007fef6af5f1c
Thread C:\windows\system32\svchost.exe [1772:316] 000007fef8f65124
Thread C:\windows\system32\svchost.exe [1772:3344] 000007fef61a2f9c
Thread C:\windows\system32\taskhost.exe [2120:2496] 000007fef77e2740
Thread C:\windows\system32\taskhost.exe [2120:2580] 000007fef77c1f38
Thread C:\windows\system32\taskhost.exe [2120:1408] 000007fefaab1010
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e003e75
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2597
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e003e75 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet)
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
|
|
12.02.2013, 12:22
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Hallo und  Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Wenn ja bitte alle nachreichen, v.a. die von Malwarebytes, falls es da noch Funde gab. Und poste bitte alles in CODE-Tags!!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Danach bitte aswMBR und MBAR ausführen: Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.02.2013, 20:58
| #5 | |||
| | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Hallo, hier die Logs: Zitat:
Zitat:
Zitat:
Fehlermeldung:avast antirootkit funktioniert nicht mehr. Danke für die Auswertung. |
|
13.02.2013, 10:53
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Sind das alle Logs? Hatte Malwarebytes nie etwas gefunden? Zitat:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW |
|
13.02.2013, 17:29
| #7 | ||
| | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WWZitat:
aswMBR.exe hat dank deiner Anweisung funktioniert. Hier das Log: Zitat:
|
|
14.02.2013, 10:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Ok, bitte nun ein Log TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 20:56
| #9 |
| | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Hallo, TDSSKiller.bringt einen threat. (Ist der schlimm ?) Ich habe das Log an den Beitrag wegen der Größe angehängt. |
|
15.02.2013, 10:51
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Du meinst den: Zitat:
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2013, 22:45
| #11 |
| | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Hallo, anbei die gewünschten Logfiles: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 15/02/2013 um 16:30:35 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin - XYZ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Downloads\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [1064 octets] - [15/02/2013 16:30:35]
########## EOF - \AdwCleaner[S1].txt - [1124 octets] ##########
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.02.2013 22:29:44 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XYZ\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,92 Gb Total Physical Memory | 4,04 Gb Available Physical Memory | 68,22% Memory free
11,83 Gb Paging File | 9,87 Gb Available in Paging File | 83,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,00 Gb Total Space | 170,61 Gb Free Space | 74,18% Space Free | Partition Type: NTFS
Drive D: | 343,00 Gb Total Space | 298,70 Gb Free Space | 87,08% Space Free | Partition Type: NTFS
Computer Name: XYZ-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-578327087-4110603385-1361986703-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A42BEAE-A7DB-4BAA-A462-70B29DA84B49}" = rport=138 | protocol=17 | dir=out | app=system |
"{2071E0B3-9027-4FFE-9AEB-1159B8954172}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BC452FA-3401-4866-AE8E-6BD5CFC3BCAE}" = rport=139 | protocol=6 | dir=out | app=system |
"{2C77938C-8792-46EB-8B2B-C6D333F48138}" = lport=445 | protocol=6 | dir=in | app=system |
"{30D7C339-54D2-4C62-8E18-A62A075FB9DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33737E1C-9530-4878-9E78-CA754AEA5FFF}" = rport=137 | protocol=17 | dir=out | app=system |
"{3AF6660F-0825-43CF-96FE-AADAFF825CDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{441D63E7-4463-48F0-A5BD-4C6FE7AD52D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48CD1599-D3F6-4A82-BE32-5937D1303E9E}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A5027B2-4181-4FC0-B886-AEBF5D210C34}" = lport=137 | protocol=17 | dir=in | app=system |
"{6ACD859D-A80A-407F-BCA1-3D4D5E8E6541}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C2C6067-A00E-4D6D-9852-4309A00BF13F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D9CD3DE-85BC-4DCD-A342-762240DA2131}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8AAA3C08-AD8D-4A49-A225-F029CE582BB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{9485FD65-90AB-470B-96A5-5316258180D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{952188CC-E441-4006-9C3F-BA2B2DF736F5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9E07878E-B612-4278-9DC7-7AE51B873973}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB53985F-C22F-41AF-A5EC-9E6F272EE5DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C33226E2-4C35-41B4-91F9-84C2C8271281}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0ADFE60-1BE3-43A8-9DE8-36417F027864}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3C00197-A542-4ED5-BB7B-5BD9CCF3EBA4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D98286F6-B377-4280-A938-E1A3D710C14F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D9FDFB53-D674-4A95-BBA8-5ED7AF50BB72}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E0EA2789-99E3-4CF0-9DFD-58B3A9A5955A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F75E1F14-775E-4CE7-8221-24463042CF03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08044543-12E5-4DF6-ACDF-F7D0DF9C7D1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0B0F1A55-2F6C-444D-85E5-C4BC242EFA59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15E4330F-8E20-416C-BA03-8F3CCD3D6971}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23CFF859-971E-4443-BEA2-E58F7AFD456C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{295C7E8E-E3BF-4C9E-BA0D-22200364023C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EAB6742-815F-435C-B81E-D33D96E724A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3B80C65C-5E18-4B05-ACB9-B3271545E332}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3C807EEB-575F-4A37-86A2-01C0FE43FB6F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3F396ADA-B4A7-432C-964D-FD24AF45972C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4506E17D-657C-48CD-BB64-5F4D052BE6FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CB4D7AC-12FE-4C75-A3AF-2E2516FDB9E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4FB4D578-8285-4C92-B72C-A7F5B215159A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{70D1F54A-7DC4-43BA-B73B-F063DB822DD2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7328F5C6-F0E1-449B-8EF1-A6F0E5474CFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85891C0C-74AD-405E-B518-C076F942A078}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9572A463-DEE3-4FBB-B8A8-F022529DE809}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96BC193A-F0B4-432F-9AE7-C92FE14CA8DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2AF4A49-2C67-44BD-9247-61D5BE3C38F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ABBD1E0E-FB3F-4CD2-AEAF-388CF332CEA3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B75D73C3-07F2-4D2A-A839-BFCB06324D41}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B844ABCC-F31D-4DB1-9B07-883D5B1E4E41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD08B820-3A14-4A1C-AC60-CDB9762C449E}" = protocol=6 | dir=out | app=system |
"{C710426D-3CBC-4901-B087-5FEFC055F017}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C91E7603-7D3B-4B7D-8BBE-7662CC176079}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D314578B-A21B-4826-9764-2E266066B949}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6A96630-35ED-4F43-90E4-F5270AD823F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{E9DC5139-212D-42AD-B955-2B73917A08AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0C81B07-F658-4AB9-B3F6-DB88814A8866}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA0EFB10-C9F5-45D6-B568-FFFF75A7C0F6}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.0.7.2_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1CEA14B0-9E95-43FC-8D79-C81D20052375}}_is1" = FOTOParadies
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Game Console - WildGames" = WildTangent ORB Game Console
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Personal Backup 5_is1" = Personal Backup 5.3
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
"XnView_is1" = XnView 1.99.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-578327087-4110603385-1361986703-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.12.2012 05:18:08 | Computer Name = XYZ-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.12.2012 04:31:40 | Computer Name = XYZ-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.12.2012 08:41:37 | Computer Name = XYZ-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 23.12.2012 06:24:18 | Computer Name = XYZ-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 24.12.2012 05:45:06 | Computer Name = XYZ-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.12.2012 06:32:08 | Computer Name = XYZ-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25.12.2012 04:30:04 | Computer Name = XYZ-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.12.2012 15:26:51 | Computer Name = XYZ-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 26.12.2012 05:10:00 | Computer Name = XYZ-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 06:32:05 | Computer Name = XYZ-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 07.12.2012 14:47:01 | Computer Name = XYZ-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 07.12.2012 14:47:35 | Computer Name = XYZ-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 11.12.2012 14:45:06 | Computer Name = XYZ-PC | Source = DCOM | ID = 10010
Description =
Error - 12.12.2012 14:38:10 | Computer Name = XYZ-PC | Source = DCOM | ID = 10010
Description =
Error - 17.12.2012 03:34:17 | Computer Name = XYZ-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 27.12.2012 06:35:36 | Computer Name = XYZ-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 27.01.2013 04:17:52 | Computer Name = XYZ-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 30.01.2013 04:59:58 | Computer Name = XYZ-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 07.02.2013 07:49:54 | Computer Name = XYZ-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 10.02.2013 16:50:57 | Computer Name = XYZ-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.02.2013 22:29:44 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XYZ\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,92 Gb Total Physical Memory | 4,04 Gb Available Physical Memory | 68,22% Memory free 11,83 Gb Paging File | 9,87 Gb Available in Paging File | 83,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 230,00 Gb Total Space | 170,61 Gb Free Space | 74,18% Space Free | Partition Type: NTFS Drive D: | 343,00 Gb Total Space | 298,70 Gb Free Space | 87,08% Space Free | Partition Type: NTFS Computer Name: XYZ-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XYZ\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SGDrv) -- C:\Windows\SysNative\drivers\SGDrv64.sys (Phoenix Technologies Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-578327087-4110603385-1361986703-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-578327087-4110603385-1361986703-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKU\S-1-5-21-578327087-4110603385-1361986703-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKU\S-1-5-21-578327087-4110603385-1361986703-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-578327087-4110603385-1361986703-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-578327087-4110603385-1361986703-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKU\S-1-5-21-578327087-4110603385-1361986703-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKU\S-1-5-21-578327087-4110603385-1361986703-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-578327087-4110603385-1361986703-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.19 19:56:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.19 19:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.19 19:56:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-578327087-4110603385-1361986703-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-578327087-4110603385-1361986703-1004..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-578327087-4110603385-1361986703-1004..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-578327087-4110603385-1361986703-1004..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKLM..\RunOnce: [Z1] C:\windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-578327087-4110603385-1361986703-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-578327087-4110603385-1361986703-1004..\RunOnce: [Report] \AdwCleaner[S1].txt () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-578327087-4110603385-1361986703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A9C25AC-30C1-4408-9A5E-D0AD46F95E8E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 09:08:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2013.02.13 09:08:54 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2013.02.13 09:08:54 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2013.02.13 09:05:29 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013.02.13 09:05:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013.02.13 09:05:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013.02.13 09:05:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013.02.13 09:05:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013.02.13 09:05:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013.02.13 09:05:13 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.13 05:30:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2013.02.13 05:30:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2013.02.13 05:30:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.02.13 05:30:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2013.02.13 05:30:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2013.02.13 05:30:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.02.13 05:30:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2013.02.13 05:30:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2013.02.13 05:30:32 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.02.13 05:30:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2013.02.13 05:30:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2013.02.13 05:30:32 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.02.13 05:30:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.02.13 05:30:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.02.13 05:30:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2013.02.12 21:16:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2013.02.09 06:19:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.02.09 06:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.09 06:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.08 22:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.08 22:05:48 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.02.08 22:05:48 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.02.08 22:05:48 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.02.08 22:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.08 22:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.08 14:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.08 14:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.08 14:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.02.07 22:33:01 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2013.02.07 22:33:01 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2013.02.07 22:33:01 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2013.02.07 22:32:56 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2013.02.07 22:32:56 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2013.02.07 22:32:56 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2013.02.07 22:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.02.07 22:31:44 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.02.07 22:31:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.02.07 22:31:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.02.07 22:31:39 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.07 22:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.30 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2013.01.30 15:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.30 15:22:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs [2013.01.26 11:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.26 11:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.26 11:30:45 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2013.01.26 11:30:45 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll ========== Files - Modified Within 30 Days ========== [2013.02.15 22:30:03 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 22:30:03 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 22:22:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.15 22:22:24 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys [2013.02.15 21:04:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.02.15 16:34:21 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.02.15 16:34:21 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.14 05:16:49 | 000,352,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.02.13 21:46:26 | 001,519,874 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.02.13 21:46:26 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.02.13 21:46:26 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.02.13 21:46:26 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.02.13 21:46:26 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.02.12 20:15:55 | 567,736,869 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.02.09 17:47:43 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.02.09 06:19:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.08 22:05:54 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.08 22:04:58 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.02.08 22:04:58 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.02.08 22:04:57 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.02.07 22:32:49 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2013.02.07 22:32:48 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2013.02.07 22:32:48 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2013.02.07 22:32:48 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2013.02.07 22:32:47 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2013.02.07 22:32:47 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2013.02.07 22:31:35 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2013.02.07 22:31:35 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.02.07 22:31:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.02.07 22:31:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.02.07 22:31:35 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.26 11:30:30 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll ========== Files Created - No Company Name ========== [2013.02.09 17:47:43 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.02.09 06:19:19 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.08 22:05:54 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011.10.11 03:28:02 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011.10.11 02:27:55 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini [2011.07.21 06:51:15 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.07.21 06:51:14 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.07.21 06:51:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
16.02.2013, 17:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2013, 10:31
| #13 | ||
| | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Die Scans von Malwarebytes und ESET waren unauffällig. Ist mein System wieder sauber ? Kannst du mir sagen was ich mir eingefangen habe, und was im schlimmsten Fall hätte passieren können ? Zitat:
Zitat:
|
|
18.02.2013, 16:44
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WWZitat:
 Welchen Sinn ergibt ein Virencheck mit eingeschränkten Rechten?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.02.2013, 20:35
| #15 | |
| | Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW Ja, das hast du recht. Jetzt mit Admin-Rechten : Zitat:
|
|
| Themen zu Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW |
| anti-malware, appdata, avira, csrss.exe, datei, desktop, detected, dllhost.exe, explorer.exe, februar 2013, free, home, java, lsass.exe, malwarebytes, modul, namen, programm, prozesse, recovery, registry, services.exe, spoolsv.exe, svchost.exe, taskhost.exe, windows, winlogon.exe, wmp |
Linear-Darstellung
