Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: gvu trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.01.2013, 05:14   #1
gambit79
 
gvu trojaner - Standard

gvu trojaner



hallo trojaner-board team,
da ich mit der ganzen sache nicht gut auskenne frage ich um rat was ich tun kann.
ich habe avira free auf meinen leptop der aber nichst erkennt,und wenn ich diverse seiten über den i-net explorer öffne erscheint die gvu seite und es geht nix mehr.
hab den rechner runter gefahren und haben den vorgang abgebrochen darauf hin kann ich hin weiter nutzten,da die seite sich dann nicht weiter geöffnet hat.
ein kollege hat mir geraten malwarebytes Anti-Malware runter zu laden und den log hier zu posten.

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.29.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
gambit :: GAMBIT-PC [Administrator]

Schutz: Aktiviert

30.01.2013 02:38:15
MBAM-log-2013-01-30 (04-16-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377571
Laufzeit: 1 Stunde(n), 37 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> 4288 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 1
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 93
HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Daten: C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.MyWebSearch) -> Daten: "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Daten: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Keine Aktion durchgeführt.

Infizierte Dateien: 48
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Users\gambit\AppData\Local\Temp\r6G8stI.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\gambit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64sknlcr.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CREXT.DLL (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CrExtP64.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8TICKER.DLL (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Keine Aktion durchgeführt.

(Ende)
ich hoffe ihr könnt mir weiter helfen und bedanke mich schon mal in vorraus

Alt 30.01.2013, 12:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
gvu trojaner - Standard

gvu trojaner



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 30.01.2013, 14:26   #3
gambit79
 
gvu trojaner - Standard

gvu trojaner



hallo,leider hab ich keine weitern logs parat da avira schon lange nix mehr gefunden hat deshalb war ich auch verwundert.
ich hoffe ihr könnt mir mit den problem weiter helfen
und danke in vorraus
__________________

Alt 30.01.2013, 15:16   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
gvu trojaner - Standard

gvu trojaner



Was ist mit anderen Scannern? Noch weitere Funde, wenn ja Logs?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.01.2013, 20:10   #5
gambit79
 
gvu trojaner - Standard

gvu trojaner



ich habe leider keine weiteren scan und somit auch keine weitern logs zur verfühgung


Alt 31.01.2013, 11:13   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
gvu trojaner - Standard

gvu trojaner



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> gvu trojaner

Alt 01.02.2013, 01:08   #7
gambit79
 
gvu trojaner - Standard

gvu trojaner



hallo und danke für die ersten gut beschriebenden schritte
Code:
ATTFilter
OTL logfile created on: 01.02.2013 00:55:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gambit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 46,64% Memory free
7,71 Gb Paging File | 4,98 Gb Available in Paging File | 64,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,66 Gb Total Space | 354,15 Gb Free Space | 79,11% Space Free | Partition Type: NTFS
 
Computer Name: GAMBIT-PC | User Name: gambit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\gambit\Downloads\OTL (3).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME)
PRC - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McUicnt.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\BabylonChromeToolBar.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtSql4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll ()
MOD - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
MOD - C:\Users\gambit\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtGui4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtCore4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TelevisionFanaticService) -- C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1000\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=c4cd276c0000000000003859f9afd43c
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1000\..\SearchScopes\{52921192-8EF8-415D-ABBB-06A69A921690}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=05700C29-8B2F-46F8-B456-81E2A04DE2C4&apn_sauid=FDCBCE3A-2EC2-46A2-A1B5-C5846D053393
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=1&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}&q={searchTerms}&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=2&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <название компании>)
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=c4cd276c0000000000003859f9afd43c
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\SearchScopes\{52921192-8EF8-415D-ABBB-06A69A921690}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=05700C29-8B2F-46F8-B456-81E2A04DE2C4&apn_sauid=FDCBCE3A-2EC2-46A2-A1B5-C5846D053393
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6PQK2IHBkt&i=26
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}
IE - HKU\S-1-5-21-1812407401-753961026-586682449-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: 64ffxtbr@TelevisionFanatic.com:2.26.0.47254
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6PQK2IHBkt&&i=26&search="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb155?a=6PQK2IHBkt&i=26"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?st=2&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}"
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: 64ffxtbr@TelevisionFanatic.com:2.26.0.47254
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6PQK2IHBkt&&i=26&search="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb155?a=6PQK2IHBkt&i=26"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.18 19:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2012.07.15 22:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.18 19:29:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Users\gambit\AppData\Local\AddLyrics\FF\ [2013.01.28 01:37:01 | 000,000,000 | ---D | M]
 
[2012.07.15 23:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gambit\AppData\Roaming\mozilla\Extensions
[2012.11.25 19:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions
[2012.08.30 01:13:27 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.22 07:50:02 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.11.25 19:59:57 | 000,000,000 | ---D | M] (Layouts Express) -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
[2012.07.15 22:59:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.08.09 22:30:50 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions\64ffxtbr@TelevisionFanatic.com
[2012.08.30 01:13:55 | 000,000,000 | ---D | M] (ICQ Sparberater) -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions\ciuvo-extension@icq.de
[2012.09.18 19:28:10 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions\ffxtlbr@incredibar.com
[2012.05.22 07:46:20 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions\plugin@yontoo.com
[2012.08.30 01:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gambit\AppData\Roaming\mozilla\Firefox\Profiles\icso66en.default\extensions\ciuvo-extension@icq.de\chrome
[2012.05.22 07:49:58 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\gambit\AppData\Roaming\mozilla\firefox\profiles\icso66en.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.07.24 09:58:26 | 000,002,396 | ---- | M] () -- C:\Users\gambit\AppData\Roaming\mozilla\firefox\profiles\icso66en.default\searchplugins\askcom.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\gambit\AppData\Roaming\mozilla\firefox\profiles\icso66en.default\searchplugins\icqplugin.xml
[2012.07.16 00:48:58 | 000,009,628 | ---- | M] () -- C:\Users\gambit\AppData\Roaming\mozilla\firefox\profiles\icso66en.default\searchplugins\my-web-search.xml
[2012.09.18 19:27:30 | 000,002,203 | ---- | M] () -- C:\Users\gambit\AppData\Roaming\mozilla\firefox\profiles\icso66en.default\searchplugins\MyStart Search.xml
[2012.07.15 22:59:57 | 000,002,519 | ---- | M] () -- C:\Users\gambit\AppData\Roaming\mozilla\firefox\profiles\icso66en.default\searchplugins\Search_Results.xml
[2013.01.20 19:03:11 | 000,004,002 | ---- | M] () -- C:\Users\gambit\AppData\Roaming\mozilla\firefox\profiles\icso66en.default\searchplugins\sweetim.xml
[2012.11.26 17:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.12 01:28:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.22 07:46:24 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.07.15 22:59:57 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://home.sweetim.com/?st=2&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}
CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://home.sweetim.com/?st=2&barid={1BD85B53-1D4C-40D5-AE6D-E63857664296}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\BabylonChromeToolBar.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\npbrowserext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: PriceGong = C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\
CHR - Extension: YouTube = C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Babylon Toolbar = C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\
CHR - Extension: Web Assistant = C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\
CHR - Extension: AddLyrics = C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.3_0\
CHR - Extension: Google Mail = C:\Users\gambit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (AddLyrics) - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Users\gambit\AppData\Local\AddLyrics\AddLyrics.dll (AddLyrics)
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MrFroggy Class) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <название компании>)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll (MindSpark)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - 10 - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - Locked - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1812407401-753961026-586682449-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1812407401-753961026-586682449-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1812407401-753961026-586682449-1000..\Run: [Personal ID] C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE (coolspot AG, Düsseldorf)
O4 - HKU\S-1-5-21-1812407401-753961026-586682449-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1812407401-753961026-586682449-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1812407401-753961026-586682449-1001..\Run: [Personal ID] C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE (coolspot AG, Düsseldorf)
O4 - HKU\S-1-5-21-1812407401-753961026-586682449-1001..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1812407401-753961026-586682449-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\gambit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1812407401-753961026-586682449-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Change your facebook look - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\MinibarButton.dll (TODO: <Company name>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9828B42F-5951-44FB-9F65-7AAABE667E15}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\Its8G6r.bat) - C:\ProgramData\Its8G6r.bat ()
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05504977-e558-11e1-88d4-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{05504977-e558-11e1-88d4-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{05504992-e558-11e1-88d4-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{05504992-e558-11e1-88d4-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{055049fb-e558-11e1-88d4-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{055049fb-e558-11e1-88d4-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{05504a0b-e558-11e1-88d4-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{05504a0b-e558-11e1-88d4-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{05504a21-e558-11e1-88d4-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{05504a21-e558-11e1-88d4-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{05504a2f-e558-11e1-88d4-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{05504a2f-e558-11e1-88d4-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{05504a3e-e558-11e1-88d4-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{05504a3e-e558-11e1-88d4-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{29e83e51-1635-11e2-8c94-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{29e83e51-1635-11e2-8c94-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{29e83e61-1635-11e2-8c94-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{29e83e61-1635-11e2-8c94-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{952e39d0-161f-11e2-bbf1-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{952e39d0-161f-11e2-bbf1-001e101f79c9}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{952e39f8-161f-11e2-bbf1-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{952e39f8-161f-11e2-bbf1-001e101f79c9}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{952e3a07-161f-11e2-bbf1-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{952e3a07-161f-11e2-bbf1-001e101f79c9}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{952e3a17-161f-11e2-bbf1-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{952e3a17-161f-11e2-bbf1-001e101f79c9}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{952e3a25-161f-11e2-bbf1-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{952e3a25-161f-11e2-bbf1-001e101f79c9}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{952e3a37-161f-11e2-bbf1-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{952e3a37-161f-11e2-bbf1-001e101f79c9}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{b6ad8f5b-eac8-11e1-8e1a-3859f9afd43c}\Shell - "" = AutoRun
O33 - MountPoints2\{b6ad8f5b-eac8-11e1-8e1a-3859f9afd43c}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{b6ad8ffc-eac8-11e1-8e1a-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{b6ad8ffc-eac8-11e1-8e1a-001e101fe5e1}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{b6ad900c-eac8-11e1-8e1a-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{b6ad900c-eac8-11e1-8e1a-001e101fe5e1}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{b6ad901b-eac8-11e1-8e1a-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{b6ad901b-eac8-11e1-8e1a-001e101fe5e1}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.30 20:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.30 02:37:35 | 000,000,000 | ---D | C] -- C:\Users\gambit\AppData\Roaming\Malwarebytes
[2013.01.30 02:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.30 02:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.30 02:37:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.30 02:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.30 02:37:13 | 000,000,000 | ---D | C] -- C:\Users\gambit\AppData\Local\Programs
[2013.01.30 02:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2013.01.30 02:30:54 | 000,000,000 | ---D | C] -- C:\rei
[2013.01.30 02:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013.01.28 01:37:01 | 000,000,000 | ---D | C] -- C:\Users\gambit\AppData\Local\AddLyrics
[2013.01.09 06:51:50 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 06:51:50 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 06:51:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 06:51:46 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.09 06:51:44 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.09 06:51:44 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.09 06:51:44 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.09 06:51:44 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.09 06:51:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.09 06:51:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.09 06:51:44 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.09 06:51:44 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.09 06:51:44 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.09 06:51:44 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.09 06:51:44 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.09 06:51:44 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.09 06:51:44 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.09 06:51:44 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.09 06:51:44 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.09 06:51:44 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.09 06:51:44 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.09 06:51:44 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.09 06:51:44 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.09 06:51:44 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.09 06:51:44 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.09 06:51:44 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.09 06:51:44 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.09 06:51:44 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.09 06:51:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.09 06:51:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.09 06:51:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.09 06:51:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.09 06:51:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.09 06:51:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.09 06:51:44 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.09 06:51:44 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.09 06:51:17 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.09 06:51:17 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.09 06:51:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.09 06:51:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.09 06:51:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.09 06:51:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.09 06:51:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 06:51:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.09 06:51:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 06:51:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.09 06:51:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 06:51:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 06:51:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 06:51:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 06:51:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 06:51:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 06:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 06:51:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 06:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 06:51:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.09 06:51:02 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.01 00:53:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.01 00:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.01 00:42:49 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.01 00:40:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 02:26:55 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\AddLyrics update.job
[2013.01.30 20:13:05 | 000,002,050 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.30 20:13:02 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.30 20:12:16 | 000,000,162 | ---- | M] () -- C:\Windows\reimage.ini
[2013.01.30 02:37:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.30 02:30:54 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.01.30 02:24:37 | 095,023,320 | ---- | M] () -- C:\ProgramData\Its8G6r.pad
[2013.01.30 02:22:58 | 000,003,224 | ---- | M] () -- C:\ProgramData\Its8G6r.js
[2013.01.30 02:22:58 | 000,001,077 | ---- | M] () -- C:\Users\gambit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.30 02:22:58 | 000,000,153 | ---- | M] () -- C:\ProgramData\Its8G6r.reg
[2013.01.30 02:22:58 | 000,000,080 | ---- | M] () -- C:\ProgramData\Its8G6r.bat
[2013.01.28 04:43:04 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 04:43:04 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 04:35:12 | 430,203,799 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.28 04:35:10 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.28 01:37:50 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.10 03:27:10 | 000,291,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 03:06:32 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.10 03:06:32 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.10 03:06:32 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.10 03:06:32 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.10 03:06:32 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.09 05:53:14 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 05:53:14 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.01.30 02:37:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.30 02:30:55 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2013.01.30 02:30:54 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.01.30 02:22:58 | 000,003,224 | ---- | C] () -- C:\ProgramData\Its8G6r.js
[2013.01.30 02:22:58 | 000,001,077 | ---- | C] () -- C:\Users\gambit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.30 02:22:58 | 000,000,153 | ---- | C] () -- C:\ProgramData\Its8G6r.reg
[2013.01.30 02:22:58 | 000,000,080 | ---- | C] () -- C:\ProgramData\Its8G6r.bat
[2013.01.30 02:22:56 | 095,023,320 | ---- | C] () -- C:\ProgramData\Its8G6r.pad
[2013.01.28 04:35:12 | 430,203,799 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.28 01:37:02 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\AddLyrics update.job
[2012.03.10 16:03:09 | 000,001,136 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011.08.12 08:37:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.12 08:37:07 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.12 08:37:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.12 08:37:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.12 08:37:03 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Geändert von gambit79 (01.02.2013 um 01:20 Uhr)

Alt 01.02.2013, 01:22   #8
gambit79
 
gvu trojaner - Standard

gvu trojaner



Code:
ATTFilter
OTL Extras logfile created on: 01.02.2013 00:55:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gambit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 46,64% Memory free
7,71 Gb Paging File | 4,98 Gb Available in Paging File | 64,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,66 Gb Total Space | 354,15 Gb Free Space | 79,11% Space Free | Partition Type: NTFS
 
Computer Name: GAMBIT-PC | User Name: gambit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14C5742C-BF4C-4731-812B-14F870F6F9A2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{21A74313-C607-42E7-B610-FE2EF49EBD83}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{21D7E2FB-8167-429B-9E16-C15FAC861CA9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{263595B6-2E96-46E2-9684-5BD837EEF65C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{281B023A-2EAD-4D9C-8DC7-906595E41167}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3A6E03C0-B51F-4A07-9D29-04B26851831A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52EC6F2C-870C-4F76-BF26-141A4FEA4866}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DAC7329-8C8B-45A8-8427-4598AE3E79B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{680C007F-64A6-4DB4-8CC6-8AAEAC942A07}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7278316C-D03A-4FD3-8643-6B26AF28309D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7BB61700-3EBA-4731-A7E0-0C82BFAE7B2F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{863C8DAB-689A-452B-BB8A-21AED6629AFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E339ECB-365F-4C53-925C-0E6F5BD334C2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8E7A086E-171B-49E1-B0CD-0F6D23A83B35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9152701C-A71B-4457-BE4A-B4B87583EAF5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9FD3DDDF-5969-4130-ABAF-975CF877C4D7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ADA436DA-9765-42C8-8278-5A97EBCE9AD1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B151F10B-6A2A-4F72-B4BE-5C6C8AC4A96E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B4CC2D3A-037E-4DF9-BC80-1A768B15E505}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0DE20F1-3440-46BD-9197-A8685EB04C4B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DC4707DA-5856-41B9-9940-9FAECBE28277}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E024F20E-A433-44BF-94AA-66EB7DEF78F4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EA826435-9B93-4AA0-9DFD-56A303174794}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013059A2-83C7-4BB9-BF15-EA4F17E1D549}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{052AF79C-6DC8-4FC3-A025-4C4D485378C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0C617F89-E8EB-4BF8-8038-7FEF3C6C98FC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{1170909F-FA44-4BF8-84A0-BFC9126DD288}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{132E7793-5162-49B5-8385-894D69B2235E}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{1671413B-85E7-4B15-BE12-DA7449EE3487}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{199A1FA3-1CE4-4D22-94E1-489E225517D6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{1B5162FF-B7AA-4A07-A380-BA6562353AB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D2B373C-E72B-46FC-99C2-DB43040D994D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{226D54BD-7FA7-48B4-AC7E-187124964033}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{23FD0144-AB1C-4CC7-BBC7-E06AE9407ADE}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{2604F1C7-D82B-4396-B8E6-E44FF0B14814}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{26AA963C-9C9A-4CAA-A516-EB48499159E9}" = protocol=6 | dir=out | app=system | 
"{275C08F0-43D2-4B85-A092-9EB8AB974D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{2AB54DBE-9AE2-430E-A953-8E2DAE4D67F0}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe | 
"{2B7207C3-C181-4D19-ADE3-F06F4CEB8664}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{2DF41493-CC02-4553-9A22-DE66F4BA49A8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{34B1CEF0-D475-4E31-B009-F71D1E1EE6BE}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{36B20DB8-0094-406F-A65A-68F3300B419E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{382E8104-69EA-4296-8308-A2BC27605DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{3C228AA5-A6CD-4D87-B8D3-8A1D4AD70412}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3C906F58-9311-41BD-B7B6-F16BC61292C1}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe | 
"{4080E16E-1E76-4968-B921-5DF209A535C7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{4C09FCAF-712C-4051-905C-C59702D72ED4}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{4D158CE9-B21D-47C3-8D24-59B7F83D7E8D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{52A9F2C9-7BD2-4D4F-8F10-E1B625595E42}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{541D2C3B-B98C-464A-9A56-09CC306FFA5B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{58834AEE-D359-457A-ADB6-1B4149FDDA18}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{5B37F865-284A-49DB-95D2-7A7D55D35F82}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{663725A2-F97F-404F-80BA-F570A317D7B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E24D48D-3293-44A4-AE2A-D8B49A247D99}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{7F16E3C4-1150-4C93-99F3-884AA6942541}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{856337E3-28A4-49C6-B16E-7018BD4F69AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8646FF98-6016-47D0-B2EB-5574F894E07D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{8773B69C-3BEC-4A7B-9985-3DEB9E591266}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{8902A0CE-3A53-4C85-B442-708FF009303D}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{89BB2C18-2740-4BB0-ABD9-8759BDD1E024}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8D117281-4ECC-4D19-9A59-9498F7049ABB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8EBE6C3B-37C9-40AF-A48B-60DCE02F2817}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{906DC307-6EC4-4E74-96D7-DE58A5879EC4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{955BDE20-D873-452B-882A-7605324FAD86}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{981215AC-3DEB-4FF3-AF6B-ADEF39326236}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{9B0D38EF-29AC-4B90-984B-103E1D88AE05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C3A8A3D-CC34-4976-91DE-A1587DFF328D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{9F691B1E-6F15-4B94-AF2A-91B696226B06}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{A261B396-8EF1-402C-9C8B-8543C2D81207}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{A2E1D357-38F2-4B8F-9CC6-2E29CC64CA5D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A71633A6-688C-42C4-979E-526AEDD3A94F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{AB26E3DB-12A0-471B-B188-A673AF0640FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC49297D-D872-4D9E-B307-3F70A22D37F6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{B1231E2B-2D4A-4A13-B38C-AE5B9B7F58F4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{B1E64E59-007E-47D1-8D58-746710E94BD9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B4AAD3B1-DA55-4611-BFCA-C48B47B3C5FF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{B8145689-B7E1-44E6-9DA1-36477D2CFCD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C45F46BD-7E50-4C08-92B5-175C1F25D792}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CAAD5499-1D9C-4EA0-AA4E-4846B65AC0DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CAD75B0A-829E-43D4-819E-417CBD90CF8F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{CFC5ABC3-242C-4D8A-A5E4-063067B4E3EB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5759F20-D917-4332-9E45-0AF09AA885CB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{D6C063FD-B64E-4E4F-8856-5D4F5BB8C3FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8793EF8-B554-4D44-8902-432762F4DFA1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DBC0B8D2-F5D8-4C4A-80DD-9499B4D77635}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{DE7F62FA-25A0-404B-AD1D-9A7473713157}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{E2AE4838-5645-4AFB-AECD-71C2A05EE7E0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{EC026E00-0652-47D6-83F6-F60B2203BD94}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{ED089816-B20D-404E-9937-E7AA27B1151A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EEFB518B-0631-431A-85D8-B628394EB6AB}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | 
"{F2156927-ACB3-41C6-BC56-851866BB0451}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{F5621ABD-BF9E-4F7B-9AF4-BA468B4011C3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F9CA0B83-C698-44D5-B022-AD4AC0402AFF}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{F9E011E7-F480-4DFF-BC04-B172CABDF1A5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{FB9F05EA-A37E-4837-9110-55A23EBB7A2C}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{FE7A2C30-DB70-43FF-B0FA-CE71C946CF35}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{2CDF6989-CEAB-4C0C-A3F1-99D71A104C58}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{607554ED-A992-44B8-ADF1-988C7E494A05}C:\program files (x86)\secretcity 3dchat\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secretcity 3dchat\utherverse vww client\utherverse.exe | 
"TCP Query User{7FE30C86-3326-4AA7-A590-944F55F022FB}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{88D9798F-E7BF-4988-BD23-816D2306E4F0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{A4164B20-A09F-4CFA-A61A-1BD1B57423E4}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{D7E52B4B-98A3-4273-8043-D0092CAFC41F}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{8D9084B8-B72F-4497-BF9B-9BB2C860CAC9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{9ABB9E71-6733-48C7-8542-CB795DC35093}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{A2AC7C81-D0D2-4DBF-AB15-FBAE5D3398AC}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{B2EF8EE4-314E-47D2-93A4-A32B02122A43}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{CD47A681-3187-493A-891E-1B882721C21E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{EE76787E-B40C-4B4C-B996-4399817CE743}C:\program files (x86)\secretcity 3dchat\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secretcity 3dchat\utherverse vww client\utherverse.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Reimage Repair" = Reimage Repair
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WNLT" = Web Optimizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4183178B-4D4E-48A7-9257-454BA90A760E}" = SweetPacks Toolbar for Internet Explorer 4.6
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"addlyrics@addlyrics.net" = AddLyrics
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"FilesFrog Update Checker" = FilesFrog Update Checker
"Google Chrome" = Google Chrome
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"iLivid" = iLivid
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LayoutsExpress" = LayoutsExpress
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"PriceGong" = PriceGong 2.6.4
"PricePeep" = PricePeep for Internet Explorer
"Searchqu Toolbar" = Searchqu Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"VLC media player" = VLC media player 2.0.2
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WTA-02c85175-dcd4-422b-b33c-71376782d4dd" = Zuma Deluxe
"WTA-0b742bcf-3f0d-4be3-9e25-75e0ebaadcca" = Agatha Christie - Death on the Nile
"WTA-27c4d837-4ad9-408a-8d96-622b6a35a0e9" = Wedding Dash
"WTA-3c8aff20-e97d-4164-ab66-d0511a9e2726" = Final Drive: Nitro
"WTA-43adc6cc-50f0-4889-85de-786ec05ff8cc" = Bejeweled 2 Deluxe
"WTA-576432ee-60eb-44e1-a52d-631d672f2221" = Crazy Chicken Kart 2
"WTA-679bac0c-e3c6-48a6-a9da-1dcd75758150" = Penguins!
"WTA-71bec76c-2a09-4cee-86ef-d16f3604c01d" = Jewel Quest Solitaire
"WTA-830c9b41-5c06-40f5-8170-fc7b513ab969" = Chuzzle Deluxe
"WTA-8cc93bdd-687c-490b-b324-276e552120a0" = Mystery of Mortlake Mansion
"WTA-933a567e-1aff-4491-a887-3211c7b98985" = Virtual Villagers 4 - The Tree of Life
"WTA-a08fb39c-42dd-48a7-9a1b-0cc37c620c1d" = John Deere Drive Green
"WTA-abe001cd-21f5-426b-a1dc-47c984ae3481" = Plants vs. Zombies - Game of the Year
"WTA-b636ee01-0d4a-45f1-bdfe-7ee8fae3064f" = Insaniquarium Deluxe
"WTA-ba248c03-dc26-48a9-a770-5163bca78384" = Slingo Deluxe
"WTA-d97957be-86e9-4dff-8d8c-7abb4133f80f" = Torchlight
"WTA-e09c5ec0-96b4-4b9e-a343-581693307de2" = Jewel Match 3
"WTA-e8c3c157-6cd0-4e57-8fe7-22472d979f14" = Polar Bowler
"WTA-f5926444-0308-4f7c-8193-018cff0e090f" = FATE
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1812407401-753961026-586682449-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"FLV Player" = FLV Player
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1812407401-753961026-586682449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"FLV Player" = FLV Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.09.2012 02:27:10 | Computer Name = gambit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrustedInstaller.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7989b  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x860  Startzeit der fehlerhaften Anwendung: 0x01cd93d44c13a00d
Pfad
 der fehlerhaften Anwendung: C:\Windows\servicing\TrustedInstaller.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 8b52c75b-ffc7-11e1-be74-001e101fb681
 
Error - 16.09.2012 13:08:05 | Computer Name = gambit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.17641,
 Zeitstempel: 0x4e03fdaa  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x1b54  Startzeit der fehlerhaften Anwendung: 0x01cd942dd5a4b26c
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\conhost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 14219d1f-0021-11e2-be74-001e101fb681
 
Error - 18.09.2012 16:15:00 | Computer Name = gambit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79d2c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x1a90  Startzeit der fehlerhaften Anwendung: 0x01cd95da47966713
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 85b91bfe-01cd-11e2-be74-001e101fb681
 
Error - 19.09.2012 11:49:47 | Computer Name = gambit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchProtocolHost.exe, Version: 
7.0.7601.17610, Zeitstempel: 0x4dc0d006  Name des fehlerhaften Moduls: ntdll.dll, 
Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000009970a  ID des fehlerhaften Prozesses: 0x658  Startzeit der fehlerhaften
 Anwendung: 0x01cd967e650a7cac  Pfad der fehlerhaften Anwendung: C:\Windows\system32\SearchProtocolHost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a350abc0-0271-11e2-be74-001e101fb681
 
Error - 19.09.2012 12:56:30 | Computer Name = gambit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: MSHTML.dll, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecfb0e  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00313bc9  ID des fehlerhaften
 Prozesses: 0x1ba4  Startzeit der fehlerhaften Anwendung: 0x01cd9686dcdae9b3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\MSHTML.dll  Berichtskennung: f4f03551-027a-11e2-be74-001e101fb681
 
Error - 22.09.2012 08:13:21 | Computer Name = gambit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce796f7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x189c  Startzeit der fehlerhaften Anwendung: 0x01cd98bba6d9b799
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e61f479f-04ae-11e2-be74-001e101fb681
 
Error - 22.09.2012 17:14:04 | Computer Name = gambit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: Flash32_11_3_300_271.ocx, 
Version: 11.3.300.271, Zeitstempel: 0x5026ff3f  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001a6b82  ID des fehlerhaften Prozesses: 0x1d40  Startzeit der fehlerhaften Anwendung:
 0x01cd96888caddf99  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx
Berichtskennung:
 6fca574d-04fa-11e2-be74-001e101fb681
 
Error - 22.09.2012 18:15:02 | Computer Name = gambit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79d2c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x1a70  Startzeit der fehlerhaften Anwendung: 0x01cd990fb4c57ed6
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f3c2e13d-0502-11e2-be74-001e101fb681
 
Error - 23.09.2012 01:20:40 | Computer Name = gambit-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.09.2012 01:20:41 | Computer Name = gambit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ipoint.exe, Version: 8.20.468.0, 
Zeitstempel: 0x4e320bb3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xf28  Startzeit der fehlerhaften Anwendung: 0x01cd994b24c5240f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Microsoft IntelliPoint\ipoint.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6a855080-053e-11e2-94ee-b870f4edde70
 
[ System Events ]
Error - 01.12.2012 08:03:47 | Computer Name = gambit-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.12.2012 08:03:47 | Computer Name = gambit-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.12.2012 08:03:48 | Computer Name = gambit-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.12.2012 08:03:49 | Computer Name = gambit-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 04.12.2012 05:23:55 | Computer Name = gambit-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.12.2012 19:52:30 | Computer Name = gambit-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?12.?2012 um 00:51:24 unerwartet heruntergefahren.
 
Error - 07.12.2012 23:35:19 | Computer Name = gambit-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?12.?2012 um 04:27:30 unerwartet heruntergefahren.
 
Error - 09.12.2012 11:07:36 | Computer Name = gambit-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?12.?2012 um 16:01:39 unerwartet heruntergefahren.
 
Error - 12.12.2012 19:55:00 | Computer Name = gambit-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?12.?2012 um 00:49:23 unerwartet heruntergefahren.
 
Error - 13.12.2012 11:12:55 | Computer Name = gambit-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?12.?2012 um 12:15:55 unerwartet heruntergefahren.
 
 
< End of report >
         
es haben nur leider nicht beide logs in eine antwort gepasst sorry

Alt 01.02.2013, 11:36   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
gvu trojaner - Standard

gvu trojaner



Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.02.2013, 21:22   #10
gambit79
 
gvu trojaner - Standard

gvu trojaner



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-05 21:12:22
-----------------------------
21:12:22.129    OS Version: Windows x64 6.1.7601 Service Pack 1
21:12:22.129    Number of processors: 4 586 0x2A07
21:12:22.130    ComputerName: GAMBIT-PC  UserName: gambit
21:12:23.443    Initialize success
21:15:32.011    AVAST engine defs: 13020500
21:16:41.509    The log file has been saved successfully to "C:\Users\gambit\Desktop\aswMBR.txt"
         
gmer hat ist wie erwartet nicht funksoniert
hier der aswMBR log

Alt 06.02.2013, 10:59   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
gvu trojaner - Standard

gvu trojaner



Log von aswMBR ist unvollständig.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.02.2013, 00:25   #12
gambit79
 
gvu trojaner - Standard

gvu trojaner



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-05 21:12:22
-----------------------------
21:12:22.129    OS Version: Windows x64 6.1.7601 Service Pack 1
21:12:22.129    Number of processors: 4 586 0x2A07
21:12:22.130    ComputerName: GAMBIT-PC  UserName: gambit
21:12:23.443    Initialize success
21:15:32.011    AVAST engine defs: 13020500
21:16:41.509    The log file has been saved successfully to "C:\Users\gambit\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-07 00:16:52
-----------------------------
00:16:52.367    OS Version: Windows x64 6.1.7601 Service Pack 1
00:16:52.367    Number of processors: 4 586 0x2A07
00:16:52.367    ComputerName: GAMBIT-PC  UserName: gambit
00:17:01.977    Initialze error C000010E - driver not loaded
00:17:01.992    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
00:18:16.965    AVAST engine defs: 13020601
00:18:39.741    The log file has been saved successfully to "C:\Users\gambit\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-07 00:16:52
-----------------------------
00:16:52.367    OS Version: Windows x64 6.1.7601 Service Pack 1
00:16:52.367    Number of processors: 4 586 0x2A07
00:16:52.367    ComputerName: GAMBIT-PC  UserName: gambit
00:17:01.977    Initialze error C000010E - driver not loaded
00:17:01.992    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
00:18:16.965    AVAST engine defs: 13020601
00:18:39.741    The log file has been saved successfully to "C:\Users\gambit\Desktop\aswMBR.txt"
00:27:45.271    Service scanning
00:28:10.057    Modules scanning
00:28:10.067    Disk 0 trace - called modules:
00:28:10.074    
00:28:11.278    AVAST engine scan C:\Windows
00:28:13.756    AVAST engine scan C:\Windows\system32
00:31:37.176    AVAST engine scan C:\Windows\system32\drivers
00:31:50.207    AVAST engine scan C:\Users\gambit
00:39:33.399    AVAST engine scan C:\ProgramData
00:40:43.362    Scan finished successfully
00:51:13.387    The log file has been saved successfully to "C:\Users\gambit\Desktop\aswMBR.txt"
         
sorry,hier noch mal der log

Geändert von gambit79 (07.02.2013 um 00:54 Uhr)

Alt 07.02.2013, 00:44   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
gvu trojaner - Standard

gvu trojaner



Hm versteh ich so nicht
Probier aswMBR bitte im abgesicherten Modus mit Netzwerktreibern nochmal aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.02.2013, 03:43   #14
gambit79
 
gvu trojaner - Standard

gvu trojaner



hallo,
nu hab ich vollgendes problem,wo ich den abgesichten modus gestartet hab wurde er durch den vierus gespeert.
beim normalen erneuten hochfahren nun auch.
hab also jetzt keinen zugrief auf den rechner mehr

Alt 07.02.2013, 10:46   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
gvu trojaner - Standard

gvu trojaner



Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu gvu trojaner
abgebrochen, administrator, anti-malware, appdata, autostart, avira, browser, dateien, diverse, diverse seiten, explorer, firefox, frage, free, helper, log, malwarebytes, microsoft, monitor, rechner, roaming, seite, seiten, software, temp, trojaner, trojaner-board



Zum Thema gvu trojaner - hallo trojaner-board team, da ich mit der ganzen sache nicht gut auskenne frage ich um rat was ich tun kann. ich habe avira free auf meinen leptop der aber nichst - gvu trojaner...
Archiv
Du betrachtest: gvu trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.