| |
| |||||||
Log-Analyse und Auswertung: CouponDropDown entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.04.2013, 02:04
| #1 |
| |  CouponDropDown entfernen Hallo Leute, nachdem ich mich durch Google gesucht habe, bin ich letztendlich auf diesem Board hier gelandet. Ich habe das schon oft behandelte CouponDropDown Problem. Da ja überall steht, das man nicht einfach die "Instandsetzungen" der anderen User anwenden soll, mache ich hier wie gewünscht ein neues Thema auf. Ich habe mich hier auch durch die Checkliste gearbeitet. Das heißt ich habe bereits die drei Schritte dort erledigt. Schritt 1: Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:47 on 22/04/2013 (KaMa)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 22.04.2013 01:48:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KaMa\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,84 Gb Total Physical Memory | 5,28 Gb Available Physical Memory | 67,30% Memory free 15,68 Gb Paging File | 12,91 Gb Available in Paging File | 82,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 129,48 Gb Free Space | 64,74% Space Free | Partition Type: NTFS Drive F: | 480,54 Gb Total Space | 458,59 Gb Free Space | 95,43% Space Free | Partition Type: NTFS Computer Name: KAMA-PC | User Name: KaMa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.04.22 01:48:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KaMa\Downloads\OTL.exe PRC - [2013.04.12 08:59:43 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.03.12 21:24:54 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013.02.19 11:53:08 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2013.01.19 23:55:32 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.15 08:46:12 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012.10.25 22:39:50 | 002,449,552 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe PRC - [2012.04.06 20:29:22 | 000,022,120 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe PRC - [2012.04.06 20:29:20 | 000,040,552 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe PRC - [2012.03.23 11:33:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2012.03.23 11:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2012.03.23 11:33:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2012.03.23 11:33:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2012.03.21 04:06:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.29 15:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2012.02.27 13:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.08 04:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.08 04:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.08 04:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.07 02:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2012.02.02 01:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.01.05 23:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2012.01.05 23:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe ========== Modules (No Company Name) ========== MOD - [2013.04.12 08:59:42 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.12 21:24:54 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013.02.13 17:02:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.09 21:34:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 21:33:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 21:33:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2012.04.06 20:29:22 | 000,022,120 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe MOD - [2012.04.06 20:29:20 | 000,040,552 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe MOD - [2012.03.21 04:06:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012.01.05 23:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.16 23:15:49 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc) SRV - [2013.04.12 08:59:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.12 21:24:55 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.19 23:55:32 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.15 08:46:12 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.10.25 22:39:50 | 002,449,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.16 23:24:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.04.23 06:25:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.03.23 11:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2012.03.21 13:03:16 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2012.03.21 04:06:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 15:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2012.02.08 04:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.08 04:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.08 04:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.07 17:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2012.02.07 02:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.02 01:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.01.20 16:15:14 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2012.01.05 23:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.29 06:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.15 08:48:04 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.11.15 08:48:04 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2012.10.20 14:31:25 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.10.20 14:31:25 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.06.16 23:15:48 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2012.06.16 23:15:47 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.06.16 23:15:47 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:64bit: - [2012.05.03 22:59:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2012.03.27 04:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.21 23:23:22 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2012.03.21 23:23:22 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2012.03.21 23:23:18 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2012.03.21 23:23:18 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2012.03.21 23:23:18 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2012.03.21 23:23:18 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2012.03.21 04:06:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.03.07 15:48:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.27 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.27 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.07 08:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2012.02.07 08:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2012.02.02 01:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.01.20 16:14:34 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2012.01.19 00:30:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2011.12.06 13:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.10 11:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.04 10:21:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2011.11.04 10:21:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.02 14:36:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2011.07.14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={AF3EFE29-3986-11E2-AFA0-B888E308D4D6} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={AF3EFE29-3986-11E2-AFA0-B888E308D4D6} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={AF3EFE29-3986-11E2-AFA0-B888E308D4D6} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3240727.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "findr Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=3&q={searchTerms}&CUI=UN31307644841777438" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0 FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2 FF - prefs.js..extensions.enabledAddons: %7B4373e9b4-0a12-4112-8e3d-36ded19ee3dd%7D:10.15.2.523 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=2&CUI=UN31307644841777438&UM=&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 09:58:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 09:58:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 09:58:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.21 09:58:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.21 09:58:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:59:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:59:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.05 18:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KaMa\AppData\Roaming\mozilla\Extensions [2013.04.22 00:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KaMa\AppData\Roaming\mozilla\Firefox\Profiles\4rdevquz.default\extensions [2013.03.22 11:59:48 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\KaMa\AppData\Roaming\mozilla\Firefox\Profiles\4rdevquz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013.04.20 16:06:10 | 000,000,000 | ---D | M] (findr) -- C:\Users\KaMa\AppData\Roaming\mozilla\Firefox\Profiles\4rdevquz.default\extensions\{4373e9b4-0a12-4112-8e3d-36ded19ee3dd} [2013.04.22 00:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KaMa\AppData\Roaming\mozilla\Firefox\Profiles\4rdevquz.default\extensions\staged [2012.11.06 18:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\KaMa\AppData\Roaming\mozilla\firefox\profiles\4rdevquz.default\extensions\putlockerdownloader@putlockerdownloader.com.xpi [2013.04.21 23:43:58 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\KaMa\AppData\Roaming\mozilla\firefox\profiles\4rdevquz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.08 17:00:38 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\KaMa\AppData\Roaming\mozilla\firefox\profiles\4rdevquz.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.01.19 23:36:12 | 000,000,969 | ---- | M] () -- C:\Users\KaMa\AppData\Roaming\mozilla\firefox\profiles\4rdevquz.default\searchplugins\conduit.xml [2013.04.12 08:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 08:59:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.22 13:57:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.22 13:57:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.22 13:57:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.22 13:57:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.22 13:57:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.22 13:57:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation) O4:64bit: - HKLM..\Run: [CNAP2 Launcher] C:\Windows\SysNative\spool\drivers\x64\3\CNAP2LAK.EXE (CANON INC.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe () O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{426806B2-7EFC-4E98-8437-AA61A05F0438}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1BAED4F-CF06-40FB-AD6A-7A2FD7D1D352}: DhcpNameServer = 150.200.3.2 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 08:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.04 19:23:30 | 000,000,000 | ---D | C] -- C:\Users\KaMa\AppData\Local\CrashDumps [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.22 01:46:36 | 000,000,000 | ---- | M] () -- C:\Users\KaMa\defogger_reenable [2013.04.22 01:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.21 22:41:42 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.21 22:41:42 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.21 22:34:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.21 22:34:06 | 2020,360,191 | -HS- | M] () -- C:\hiberfil.sys [2013.04.12 20:56:04 | 000,002,586 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk [2013.04.12 18:51:29 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.12 18:51:29 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.12 18:51:29 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.12 18:51:29 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.12 18:51:29 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.10 08:16:32 | 000,283,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.04 22:38:09 | 000,017,354 | ---- | M] () -- C:\Users\KaMa\Desktop\Teile3.PNG [2013.04.04 22:37:46 | 000,036,710 | ---- | M] () -- C:\Users\KaMa\Desktop\Teile2.PNG [2013.04.04 22:37:18 | 000,028,314 | ---- | M] () -- C:\Users\KaMa\Desktop\Teile1.PNG [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.22 01:46:36 | 000,000,000 | ---- | C] () -- C:\Users\KaMa\defogger_reenable [2013.04.12 20:56:04 | 000,002,586 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk [2013.04.04 22:38:09 | 000,017,354 | ---- | C] () -- C:\Users\KaMa\Desktop\Teile3.PNG [2013.04.04 22:37:46 | 000,036,710 | ---- | C] () -- C:\Users\KaMa\Desktop\Teile2.PNG [2013.04.04 22:37:18 | 000,028,314 | ---- | C] () -- C:\Users\KaMa\Desktop\Teile1.PNG [2013.01.19 23:55:34 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.19 23:55:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.16 23:13:09 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.14 12:29:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.05.14 12:29:54 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.05.14 12:29:34 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.05.14 12:29:34 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.18 12:45:13 | 000,000,000 | ---D | M] -- C:\Users\KaMa\AppData\Roaming\acer [2013.01.19 23:51:15 | 000,000,000 | ---D | M] -- C:\Users\KaMa\AppData\Roaming\DAEMON Tools Lite [2013.01.18 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\KaMa\AppData\Roaming\OpenCandy [2012.09.05 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\KaMa\AppData\Roaming\Screensaver [2013.03.26 12:39:52 | 000,000,000 | ---D | M] -- C:\Users\KaMa\AppData\Roaming\SoftGrid Client [2012.09.08 11:55:52 | 000,000,000 | ---D | M] -- C:\Users\KaMa\AppData\Roaming\TP [2013.01.18 23:14:25 | 000,000,000 | ---D | M] -- C:\Users\KaMa\AppData\Roaming\TuneUp Software [2013.04.12 20:55:31 | 000,000,000 | ---D | M] -- C:\Users\KaMa\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.04.2013 01:48:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KaMa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,84 Gb Total Physical Memory | 5,28 Gb Available Physical Memory | 67,30% Memory free
15,68 Gb Paging File | 12,91 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 129,48 Gb Free Space | 64,74% Space Free | Partition Type: NTFS
Drive F: | 480,54 Gb Total Space | 458,59 Gb Free Space | 95,43% Space Free | Partition Type: NTFS
Computer Name: KAMA-PC | User Name: KaMa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069212F2-400E-44D7-ADAD-BE2810E56858}" = lport=139 | protocol=6 | dir=in | app=system |
"{31708EEB-AB95-4B6B-B710-73AD30E7756A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{447F9B89-8731-4D23-8F35-3664EA75498F}" = rport=137 | protocol=17 | dir=out | app=system |
"{463F1A13-8AB2-4299-868A-901F1645BDA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46F37BC0-CCF6-40B3-A5A0-47985730DD86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C6943CD-18E1-47AE-BD8D-DE51ED0C8414}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6571A0C4-9E5B-4738-B07A-46D342892DD2}" = lport=445 | protocol=6 | dir=in | app=system |
"{65C8356C-BC84-4C80-933C-51080C7A8703}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C65C640-186D-4238-AE8A-8E13EE927304}" = lport=10243 | protocol=6 | dir=in | app=system |
"{730BC409-E037-4D10-9074-B68CB880F7F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A256856A-6188-49F3-AEBC-E911F1582E11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A339C343-DADD-4A56-ABB3-1CCCA0CB0A5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF04028F-CFC5-4676-8E96-9935BEF2A42E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BCAF2A4C-EB40-4219-971E-457F05F119D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C935FC5F-7918-4705-BA65-34C3C2163B98}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CBD57DC3-2D06-41F6-9A89-EF7EDAFD68DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CEDFA3C5-CE19-43A6-B35F-6E6441148194}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D25D21F9-F010-40FC-B1C8-66CEA113BF95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E3CEF53F-5930-454B-A60A-330DD25A8FD6}" = rport=138 | protocol=17 | dir=out | app=system |
"{E49ED2AC-4CF9-49C3-854E-FB3B580177A7}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6798419-48D1-40F5-B436-E6AD2F6AC8EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0A07136-EBE4-4D85-A1C6-F336BA781935}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7C3EC19-836B-47C1-930A-7053E2C0B3AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD768B29-82E0-4EEF-B5BA-BE019EAE941D}" = lport=137 | protocol=17 | dir=in | app=system |
"{FEB13A8C-05FB-4BD8-8508-1EAAA7635546}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B0909D-56A3-449B-9215-E7F854CBEE76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{087BFB11-B6BD-44AF-BC36-4F9F1A857E4A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{0AA9C404-E778-4B69-8709-B29CEF4D800F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{1188609C-1BC4-4191-BF0C-54C0E40C1973}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{126382F7-9B85-4FD1-8426-8C99FB501553}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{1A697658-58BE-428F-86F4-2DB93E360FF6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1EE27E19-BF88-40B5-9A7F-3406DB311851}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{25323C36-7200-4437-9CE1-A9B7CA50C4AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2B7C33C7-6E77-4FF5-8194-126093726AC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2D745A73-DE19-4691-9136-2F682AB778A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E13E185-300E-4651-B7E6-95ACA0D00376}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E7D97B2-3071-42A8-8457-B08B67AA27E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{2FC6F074-6CCB-4144-85F8-5A80B8EECDFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{308A3C04-0F58-42E3-AE30-3B630CCAB60F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{354D33A9-0899-4638-B7D1-FF85338BE446}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38572DBA-1CF1-45BE-A322-6CFB3739EFA1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{3878F9C6-9618-4841-BC15-861D80DF728C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4289E833-381E-42A2-8019-FEFBF19019EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{42FA7B94-80EE-49FB-A65D-1743361E4324}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46902339-5D15-447E-BA5E-BCEEB19A3FBA}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{482727BD-5C0F-4291-A7E4-E00454571CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{49C6BC84-2381-4F7C-8A3E-75A68FB41948}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{4CDF42B5-D694-4FF9-B58A-49621EFB6A7C}" = protocol=6 | dir=in | app=c:\users\kama\appdata\local\temp\smallinstaller\installfiles\ccdd.exe |
"{537BF1E7-2C18-4EED-8EED-60C8451DDC0B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5719CE19-93BA-44C3-9CF6-5663284F1809}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E6575CB-0B70-4154-AAB1-15ED288D4394}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{60F8A9B9-1487-42FA-82DA-65FADD3715FB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{678F8E0C-F0FD-41DD-9EA7-112A234D8C33}" = protocol=6 | dir=out | app=system |
"{6B0164AB-6E62-472B-BF98-40EE0A07E0D6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{80FA1C60-B6B0-40BD-B590-EB305E0D35CB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{8523B719-9332-457C-AC73-FA7863531635}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8641BE7D-8928-479C-9020-AAE5201F11A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{938792EE-5453-4C76-8830-7119190C9184}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{960DAE51-3A7E-48EA-A473-B28092898C37}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{9BAF2586-8D10-465C-8EA8-ECEDA2829538}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A43044E4-B964-4096-82BD-73EB166B0EB1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A63F7E16-A0AF-4E56-BE9B-453C379F921A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{AA02744A-713F-43CF-BA65-2FA785D5D245}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AA7641F2-680C-482C-9E8F-D6A0C3B75ACA}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{B55C255C-F78D-4EB4-9078-963B73D32DAC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B8DC782A-0B1E-4098-A5B9-6C3512A2A24F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9900CFA-A9C6-45D4-AD4E-067755F8E00F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAD1A35B-681F-4B8F-91CA-4EB09D3D234A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CDF64CE3-9C49-4907-8A55-FB7B5ACD388C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{D11B2CA3-3A00-4497-A206-1FEFCA823C48}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D3FD1EAC-4960-4D04-B40A-A80EAE46C5D0}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{D4B3CA2D-C784-4ABA-9E78-3DDAF53148E8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{DA6BA9E3-84CA-4753-86B6-9DE8DE9CE301}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{E90811F5-226E-4F8C-A371-A7894BA29643}" = protocol=17 | dir=in | app=c:\users\kama\appdata\local\temp\smallinstaller\installfiles\ccdd.exe |
"{F6E13D57-7208-466E-A396-C4C16F7ACCD4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{F9D9544D-FE04-45DA-B25B-B53C1474B8B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{FBDF9373-2E63-4010-877C-37C4C41AB09D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{36674AE9-6D3D-48D6-BC7B-209F556D65EE}" = Acer Instant Update Service
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"Canon LBP6000/LBP6018" = Canon LBP6000/LBP6018
"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.6
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PunkBusterSvc" = PunkBuster Services
"Uplay" = Uplay
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0336cf16-5575-4b86-8373-a64dfeb83356" = Agatha Christie - Death on the Nile
"WTA-0f867ec6-6159-4326-9394-222bd5020d0e" = Plants vs. Zombies - Game of the Year
"WTA-20826861-de3b-42e2-b292-387b9606d4ca" = Final Drive: Nitro
"WTA-2415bbf6-f96f-4740-9148-ba85611b808c" = Jewel Match 3
"WTA-3e4f2f56-3325-411e-92bc-0fdc0b35ab85" = FATE
"WTA-45c076a1-a32e-4ff3-b8db-a2f9727d6128" = Polar Bowler
"WTA-5f4e63d7-4629-4126-bb8e-2d7b1b00f894" = Bejeweled 3
"WTA-6563f3d7-2cdf-4b60-b93c-561fe5501b57" = Penguins!
"WTA-67d8be8e-d5d9-45c6-a33f-ac054e65dc72" = John Deere Drive Green
"WTA-aa78f78c-fc7b-42c0-a203-49e09228ae87" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-abb76df8-64dd-4ed6-a0a7-b679beb8db2d" = Slingo Deluxe
"WTA-bb548544-6f1e-4a21-bbf4-ec5065b61b7d" = Torchlight
"WTA-c074b1b5-f4e2-4bf2-914e-2fa7df85c396" = Insaniquarium Deluxe
"WTA-dd858985-312b-4480-b5c7-fcefef4082e5" = Virtual Villagers 4 - The Tree of Life
"WTA-e5a66a9b-851d-4397-ab58-2fd47f64aa80" = Zuma Deluxe
"WTA-e8fd0092-901a-48db-95cd-cf5c0eb28ef4" = Wedding Dash
"WTA-fd10dba8-ef2a-428e-bf82-81800588a32f" = Chuzzle Deluxe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.02.2013 11:09:49 | Computer Name = KaMa-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2013 02:52:41 | Computer Name = KaMa-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2013 03:10:37 | Computer Name = KaMa-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.02.2013 03:10:58 | Computer Name = KaMa-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.02.2013 03:11:08 | Computer Name = KaMa-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 26.02.2013 12:46:49 | Computer Name = KaMa-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 16:32:47 | Computer Name = KaMa-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 26.02.2013 16:33:07 | Computer Name = KaMa-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 26.02.2013 16:33:17 | Computer Name = KaMa-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 27.02.2013 02:27:30 | Computer Name = KaMa-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 13.02.2013 12:57:22 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 13.02.2013 12:57:33 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 13.02.2013 13:05:22 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 13.02.2013 13:05:31 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 13.02.2013 13:21:22 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 13.02.2013 13:22:18 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 13.02.2013 13:22:45 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 13.02.2013 13:54:24 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 13.02.2013 13:54:35 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
Error - 13.02.2013 14:53:54 | Computer Name = KaMa-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-22 02:43:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\KaMa\AppData\Local\Temp\kwldqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007735fa88 5 bytes JMP 0000000171c3139e
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077360018 5 bytes JMP 0000000171c31a54
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2452] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070631a22 2 bytes [63, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2452] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070631ad0 2 bytes [63, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2452] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070631b08 2 bytes [63, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2452] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070631bba 2 bytes [63, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2452] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070631bda 2 bytes [63, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2820] entry point in ".rdata" section 000000006d9c71e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
.text C:\Windows\SysWOW64\RunDll32.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076311465 2 bytes [31, 76]
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763114bb 2 bytes [31, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885f8e768
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885f8e768 (not active ControlSet)
---- EOF - GMER 2.1 ----
Ich hoffe das ich das alles soweit richtig gemacht habe, da ich recht wenig Ahnung von Computern habe. Allerdings fand ich eure Hilfen in den anderen Treads so wunderbar genau ausgeführt, das ich denke, das selbst ich das hinbekomme. Vielen Dank schonmal im Vorraus Mfg Marcus |
|
22.04.2013, 09:35
| #2 |
| /// Malwareteam / Visitor  | CouponDropDown entfernen Hallo Marcus ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen
__________________ Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste in deiner nächsten Antwort:
Bitte alles nach Möglichkeit hier in CODE-Tags posten  Code tags kann man so machen [code] Logfile hier [/code] |
|
23.04.2013, 12:17
| #3 |
| | CouponDropDown entfernen Das ging ja schnell. Also hier die Logdatei von deinem Programm:
__________________Zoek Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 13-April-2013
Tool run by KaMa on 23.04.2013 at 13:03:06,29.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
==== System Restore Info ======================
23.04.2013 13:04:38 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2682898738-2091506369-1392661487-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default
---- Lines CT3240727 removed from prefs.js ----
user_pref("CT3240727_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366576503960,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3240727&SearchSource=13&CUI=UN31307644841777438");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=2&CUI=UN31307644841777438&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3240727");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=3&q={searchTerms}&CUI=UN31307644841777438");
user_pref("ct3240727.UserID", "UN31307644841777438");
user_pref("smartBar.searchInNewTabOwner", "CT3240727");
---- Lines CT3240727 modified from prefs.js ----
---- Lines conduit removed from prefs.js ----
user_pref("Smartbar.ConduitSearchEngineList", "findr Customized Web Search");
---- Lines conduit modified from prefs.js ----
---- Lines Web Search removed from prefs.js ----
user_pref("browser.search.defaultthis.engineName", "findr Customized Web Search");
---- Lines Web Search modified from prefs.js ----
---- Lines Customized removed from prefs.js ----
---- Lines Customized modified from prefs.js ----
---- Lines Downloader.com removed from prefs.js ----
user_pref("extensions.bootstrappedAddons", "{\"putlockerdownloader@putlockerdownloader.com\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\KaMa\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4rdevquz.default\\\\extensions\\\\putlockerdownloader@putlockerdownloader.com.xpi\"},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.2.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\KaMa\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4rdevquz.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\"}}");
---- Lines Downloader.com modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"url_advisor@kaspersky.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Internet Security 2013\\\\FFExt\\\\url_advisor@kaspersky.com\",\"mtime\":1356076694954},\"virtual_keyboard@kaspersky.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Internet Security 2013\\\\FFExt\\\\virtual_keyboard@kaspersky.com\",\"mtime\":1356076694970},\"content_blocker@kaspersky.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Internet Security 2013\\\\FFExt\\\\content_blocker@kaspersky.com\",\"mtime\":1356076694939},\"anti_banner@kaspersky.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Internet Security 2013\\\\FFExt\\\\anti_banner@kaspersky.com\",\"mtime\":1356076694923},\"online_banking@kaspersky.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Kaspersky Lab\\\\Kaspersky Internet Security 2013\\\\FFExt\\\\online_banking@kaspersky.com\",\"mtime\":1356076694954}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1365749983051}}},{\"name\":\"app-profile\",\"addons\":{\"putlockerdownloader@putlockerdownloader.com\":{\"descriptor\":\"C:\\\\Users\\\\KaMa\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4rdevquz.default\\\\extensions\\\\putlockerdownloader@putlockerdownloader.com.xpi\",\"mtime\":1352218764000},\"{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\":{\"descriptor\":\"C:\\\\Users\\\\KaMa\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4rdevquz.default\\\\extensions\\\\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\",\"mtime\":1363946388430},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\KaMa\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4rdevquz.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1366580638921}}}]");
---- Lines SweetIM removed from prefs.js ----
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?barid={AF3EFE29-3986-11E2-AFA0-B888E308D4D6}&src=2&crg=3.1010000.10011&q=");
---- Lines SweetIM modified from prefs.js ----
---- Lines smartbar removed from prefs.js ----
user_pref("smartbar.machineId", "C6CUUGDIGM1CT/4IIQUGBR1VWU5COCGUYJH11PKEJ2Y5F+9GIB9J2KEPPPP1X+EBHGPYBN72FVEX3FFYZOZCYG");
---- Lines smartbar modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1306_.backup
==== Deleting Files \ Folders ======================
"C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default\searchplugins\conduit.xml" deleted
"C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default\extensions\putlockerdownloader@putlockerdownloader.com.xpi" deleted
"C:\END" deleted
"C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default\extensions\putlockerdownloader@putlockerdownloader.com.xpi" deleted
"C:\Users\KaMa\AppData\Roaming\OpenCandy" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\Users\KaMa\AppData\Local\PutLockerDownloader" deleted
"C:\Users\KaMa\AppData\Local\Software" deleted
"C:\Users\KaMa\AppData\LocalLow\smartdownloader" deleted
"C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default\jetpack" deleted
"C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default\CT3240727" deleted
"C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default\CT3240727" deleted
"C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default\smartbar" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\KaMa\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-04-09 21:28:03 C720BD3BDE2C9A1BFC4476F6D3A4B64D 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-04-09 21:28:03 507183B4FCB535A7A973427D1F367CA8 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2013-04-09 21:28:03 40169F9AE27BB73F2CB8C7D11A7A2AC2 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2013-04-09 21:28:03 2E56BA5BC215B2AED2B790D42D8C1739 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-04-09 21:28:02 FC5BBA40E667D20126D91BD6A790705B 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-04-09 21:28:02 CA78BA218B423C7F22B14906308B8B02 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-04-09 21:28:02 69EDE878C3891E7796D46B7E552330B1 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2013-04-09 21:28:02 4E7F83E1F6AEFA38E270EA7353D6911E 1104384 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-04-09 21:28:01 C5B6468422DB1C8AA36C32CBB0197E5E 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-04-09 21:28:01 9DE04A790F697432871E88BB77EEBCF5 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-04-09 21:28:01 7E6052699CAF18ADEDD846D44ECCE81F 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-04-09 21:28:01 26DB6CB9BC434ABA1169B3051E6AB4F2 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-04-09 21:28:00 9BDDA34DC4890169DE5BA21134B33EFB 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-04-09 21:28:00 4BE468D2EE9CC59CB8F666949CD37CD5 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-04-09 21:27:59 658EBC74BD38D16805648C4775F7FA82 12324352 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-04-09 21:27:58 DFE118C95C6571B87D1923DAB3FA0A77 9738752 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-04-09 20:28:26 F5562EFA9E4867D30EC2330B80FCB25C 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2013-04-09 20:28:26 52D33A22DE04BD9F40E1B1A28B46A95C 3217408 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2013-04-09 20:28:26 2A6BFDEDF2C57923E78F970BB15D7E7D 36864 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2013-04-09 20:28:15 88355CFE81D381F93C74716DAA803587 3968856 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-09 20:28:15 7F21DA4760CE9B4B1B12CBC58C2A642A 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2013-04-09 20:28:15 2DFAB8C3C394E95D262E1325BDA5DFE4 3913560 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-04-09 21:28:03 AC3FF334360EC9E25C9B794DC37399DC 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2013-04-09 21:28:03 5281583B59E5FDB6D55E33B0906D0BFC 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-04-09 21:28:02 D3A6792AED4841B4D055C7C80C815BB7 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-04-09 21:28:02 B54C6B8CBF6F556C9930110164EB63E4 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-04-09 21:28:02 737DF2559F880FEC73AA831C8AC8FC4A 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-04-09 21:28:02 566BDBDF479261EA6555B422573BCB95 237056 ----a-w- C:\Windows\Sysnative\url.dll
2013-04-09 21:28:02 2A0AD3BE38087708D03F4A1A80A1C655 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-04-09 21:28:02 15F628A67C9C88502107320E3206982F 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-04-09 21:28:01 A4F6142CABA82FB7293ECE5FF864B440 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-04-09 21:28:01 A13792C4E26F54181B9E9B5B0C958B22 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-04-09 21:28:01 A072A3C7FD6247F1446D26A6929BDFD7 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
2013-04-09 21:28:01 76D2D5929F5901392703C5F709AC277A 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-04-09 21:28:01 12F5FB993723BF607370C9B74EC32BF6 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-04-09 21:28:00 8D4DEA45FCDF9FCFD9E31232A07E6EF9 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-04-09 21:27:59 1154FEFC73880A2EF44295EF0DBDC59F 17817088 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-04-09 21:27:58 652B60C9C4D5391FF0970B9086702E8F 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-04-09 20:28:26 F4C640E85DB6450CB221E5224AA2AB51 3717632 ----a-w- C:\Windows\Sysnative\mstscax.dll
2013-04-09 20:28:26 CE4157E4B1E5041D252EF38EB61E9F0C 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2013-04-09 20:28:26 9F5C2F0CFEF95B4653E21443CDC0D587 158720 ----a-w- C:\Windows\Sysnative\aaclient.dll
2013-04-09 20:28:20 86F96630D28523F1C402C783F046DEF1 3153408 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-04-09 20:28:15 F0371DE302FFFF8F086661611BE60848 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2013-04-09 20:28:15 CEC1EDF4022DC4DCA40384DCEC672B0E 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2013-04-09 20:28:15 AC3232ED772403D38D64C18CD5A66FBD 5550424 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
====== C:\Windows\Sysnative\drivers =====
2013-04-09 20:28:21 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
2013-04-09 20:28:20 B8965FB53551B5455630A4B804D0791F 1655656 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\KaMa\AppData\Roaming ======
2013-04-04 17:23:30 -------- d-----w- C:\users\KaMa\AppData\Local\CrashDumps
====== C:\Users\KaMa ======
2013-04-21 23:46:36 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\KaMa\defogger_reenable
====== C: exe-files ==
2013-04-22 00:02:34 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\KaMa\Downloads\gmer_2.1.19163.exe
2013-04-21 23:48:08 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\KaMa\Downloads\OTL.exe
2013-04-21 23:45:43 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\KaMa\Downloads\Defogger.exe
2013-04-20 09:54:35 82BC3F100378692DBE60BC2422BEC084 327632 ----a-w- C:\ProgramData\NVIDIA\Updatus\Download\35BF\updatus.15579932_RUNASUSER.exe
2013-04-18 18:25:34 7BDCD3C6EB59E3471B51117FF7602F37 21608 ----a-w- C:\ProgramData\Acer\Acer Updater\UnzipTemp\130107831347705658\FixpackDataCollector.exe
2013-04-18 18:25:26 B657A7AFD70F07DF27557C7FAE9468F1 20480 ----a-w- C:\ProgramData\Acer\Acer Updater\UnzipTemp\130107831260189504\ALUSNCheck.exe
2013-04-18 18:25:26 7BDCD3C6EB59E3471B51117FF7602F37 21608 ----a-w- C:\ProgramData\Acer\Acer Updater\UnzipTemp\130107831260189504\FixpackDataCollector.exe
2013-04-18 18:25:26 08A27B869AB7173B4B2C9FC4DF29FB27 7680 ----a-w- C:\ProgramData\Acer\Acer Updater\UnzipTemp\130107831260189504\AcerCloudCheckTool.exe
2013-04-17 07:30:45 320FF1A4EF751F5E6151F80678A9B6FF 325064 ----a-w- C:\ProgramData\NVIDIA\Updatus\Download\3489\updatus.15557433_RUNASUSER.exe
=== C: other files ==
2013-04-21 21:43:58 07607A3CB349EECCFC7768B5F4F2AAAE 817280 ----a-w- C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2013-04-18 18:25:34 B8A40FC5FF191827F83D1F8D09A48812 1288 ----a-w- C:\ProgramData\Acer\Acer Updater\UnzipTemp\130107831347705658\chkBrcmSDVersion_x86.vbs
2013-04-18 18:25:34 89041A0E138DFF5F8D63B732848CC03B 1288 ----a-w- C:\ProgramData\Acer\Acer Updater\UnzipTemp\130107831347705658\chkBrcmSDVersion_x64.vbs
2013-04-18 18:25:34 52BBC6CE9239A45E337376437F32EE3E 934 ----a-w- C:\ProgramData\Acer\Acer Updater\UnzipTemp\130107831347705658\FpCheck.bat
2013-04-18 18:25:26 0CA83A37AFF61BBA3C0ABC233FE04376 980 ----a-w- C:\ProgramData\Acer\Acer Updater\UnzipTemp\130107831260189504\FpCheck.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2682898738-2091506369-1392661487-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
[HKEY_USERS\S-1-5-21-2682898738-2091506369-1392661487-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"ScrSav"="C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"
"Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
"PDFPrint"="C:\Program Files (x86)\PDF24\pdf24.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
"Broadcom Wireless Manager UI"="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe"
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"InstantUpdate"="C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe"
"CNAP2 Launcher"="C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
==== Startup Folders ======================
2012-06-16 21:09:51 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12.03.2013 21:24]
==== Firefox Extensions ======================
ProfilePath: C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default
- IE Tab 2 FF 3.6 - %ProfilePath%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
47299371607DC2FB234444EEACB1639E - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
apfdadfinodckpcehhdhjlgiphgnbfci - C:\Program Files (x86)\PutLockerDownloader\putlockerdownloader10.crx[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[18.08.2012 00:37]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx[18.08.2012 00:37]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx[18.08.2012 00:37]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx[18.08.2012 00:37]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[18.08.2012 00:37]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={AF3EFE29-3986-11E2-AFA0-B888E308D4D6}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={AF3EFE29-3986-11E2-AFA0-B888E308D4D6}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2682898738-2091506369-1392661487-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-2682898738-2091506369-1392661487-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-2682898738-2091506369-1392661487-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-2682898738-2091506369-1392661487-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2682898738-2091506369-1392661487-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KaMa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\KaMa\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KaMa\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KaMa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\KaMa\AppData\Local\Mozilla\Firefox\Profiles\4rdevquz.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\KaMa\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\KaMa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\users\KaMa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\57RK7V7K\www.das-bad.de" not found
"C:\users\KaMa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\57RK7V7K\zynga1-a.akamaihd.net" not found
|
|
23.04.2013, 12:47
| #4 |
| /// Malwareteam / Visitor | CouponDropDown entfernen Es sieht so aus ob wir das meiste bereits gelöscht hätten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
24.04.2013, 09:13
| #5 |
| | CouponDropDown entfernen Klingt ja schonmal gut. Hier ist die adwcleaner LogDatei: Code:
ATTFilter # AdwCleaner v2.202 - Datei am 24/04/2013 um 10:09:16 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : KaMa - KAMA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\KaMa\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PutLockerDownloader
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\KaMa\AppData\Roaming\Mozilla\Firefox\Profiles\4rdevquz.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2675 octets] - [24/04/2013 10:09:16]
########## EOF - C:\AdwCleaner[S1].txt - [2735 octets] ##########
Edit: Scheint zu funktionieren. Habe bis jetzt keine wahllos unterstrichenen Wörter mehr gefunden. Wie kann ich nun aber verhindern, so etwas wieder zu bekommen? Geändert von Matzl (24.04.2013 um 09:22 Uhr) |
|
24.04.2013, 10:56
| #6 | |
| /// Malwareteam / Visitor | CouponDropDown entfernenZitat:
Immer darauf achten wenn man ein sogenannten "free download" anwenden will Downloade Dir bitte  SecurityCheck und:
|
|
25.04.2013, 07:31
| #7 |
| | CouponDropDown entfernen OK,dabei bin ich garnicht so der downloader. Naja solange es so ne hilfsbereite community gibt wie hier mach ich mir keine großen Sorgen. Hier ist dann auch die checkup.txt Code:
ATTFilter Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
25.04.2013, 07:51
| #8 |
| /// Malwareteam / Visitor | CouponDropDown entfernen Adobe Reader braucht eine Update: Adobe - Adobe Reader herunterladen - Alle Versionen (McAfee Security Scan Plus abwählen  ) |
|
26.04.2013, 10:15
| #9 |
| | CouponDropDown entfernen Soll wohl heißen das ansonsten soweit erstmal alles wieder in Ordnung ist. Dann mal vielen vielen Dank für die Hilfe. Wenn ich wieder mal was habe melde ich mich und werde euch auf jedenfall weiterempfehlen.Mfg Marcus |
|
26.04.2013, 11:48
| #10 |
| /// Malwareteam / Visitor | CouponDropDown entfernen Ich freue mich zu hören dass alles wieder in ordnung ist Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Abschließend noch Tipps zu folgenden Themen:
 Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet  ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Grüße Smeenk |
|
| Themen zu CouponDropDown entfernen |
| autorun, bho, canon, checkliste, cloud, computern, ebanking, entfernen, error, fehler, firefox, flash player, format, google, home, install.exe, internet security 2013, kaspersky, kaspersky internet security 2013, launch, logfile, microsoft office starter 2010, mozilla, msiexec.exe, ntdll.dll, nvpciflt.sys, plug-in, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, tastatur, usb, visual studio, warnung, wenig ahnung, wildtangent games, windows, wscript.exe |
Linear-Darstellung
