Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA oder GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.12.2012, 19:12   #1
kalubka
 
BKA oder GVU Trojaner - Standard

BKA oder GVU Trojaner



Hi,

hatte eben gerade die Meldung das ich über Ukash was bezahlen soll weil bei mir verbotene Inhalte gefunden wurden oder was auch immer. Es war außerdem eine Cam an. Antivir war an, benutze Firefox aktuelleste Version. Bin da rausgegangen und habe nun Malwarebytes durchlaufen lassen mit folgenden Log:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
shr :: SHINY0DE [Administrator]

Schutz: Aktiviert

23.12.2012 18:58:56
mbam-log-2012-12-23 (18-58-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232753
Laufzeit: 4 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\shr\wgsdgsdgdsgsd.dll (Exploit.Drop.GS) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\shr\wgsdgsdgdsgsd.dll (Exploit.Drop.GS) -> Löschen bei Neustart.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\shr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hoffe jemand kann mir helfen.

Code:
ATTFilter
OTL logfile created on: 23.12.2012 20:36:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\shr\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,61 Gb Available Physical Memory | 71,43% Memory free
15,71 Gb Paging File | 13,38 Gb Available in Paging File | 85,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,07 Gb Total Space | 185,28 Gb Free Space | 32,05% Space Free | Partition Type: NTFS
 
Computer Name: SHINY0DE | User Name: shr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\shr\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Program Files (x86)\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CPUCooLServer) -- C:\Program Files (x86)\CPUCooL\CooLSRV.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (Windows7FirewallService) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ntiopnp) -- C:\Windows\SysNative\drivers\ntiopnp.sys ()
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\shr\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\components [2012.10.25 17:12:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\plugins
 
[2011.12.05 16:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shr\AppData\Roaming\mozilla\Extensions
[2012.12.16 10:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shr\AppData\Roaming\mozilla\Firefox\Profiles\ydftmt01.default\extensions
[2012.10.11 17:33:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\shr\AppData\Roaming\mozilla\Firefox\Profiles\ydftmt01.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.26 11:33:21 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\shr\AppData\Roaming\mozilla\Firefox\Profiles\ydftmt01.default\extensions\firefox@tvunetworks.com
[2012.12.16 10:16:15 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\shr\AppData\Roaming\mozilla\Firefox\Profiles\ydftmt01.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
[2012.12.11 14:17:13 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\shr\AppData\Roaming\mozilla\firefox\profiles\ydftmt01.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\shr\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\shr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\shr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\shr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Steam] C:\Games\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\shr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk = C:\Program Files (x86)\CPUCooL\CPUCooL.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\shr\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\shr\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0fd112ee-2c93-11e1-b382-dc0ea111cefd}\Shell - "" = AutoRun
O33 - MountPoints2\{0fd112ee-2c93-11e1-b382-dc0ea111cefd}\Shell\AutoRun\command - "" = F:\Resonance.exe
O33 - MountPoints2\{16fb662f-411c-11e2-971a-dc0ea111cefd}\Shell - "" = AutoRun
O33 - MountPoints2\{16fb662f-411c-11e2-971a-dc0ea111cefd}\Shell\AutoRun\command - "" = W:\setup.exe
O33 - MountPoints2\{1de01026-c75b-11e1-8c08-dc0ea111cefd}\Shell - "" = AutoRun
O33 - MountPoints2\{1de01026-c75b-11e1-8c08-dc0ea111cefd}\Shell\AutoRun\command - "" = W:\Setup.exe
O33 - MountPoints2\{298099d8-ecfd-11e1-93ea-dc0ea111cefd}\Shell - "" = AutoRun
O33 - MountPoints2\{298099d8-ecfd-11e1-93ea-dc0ea111cefd}\Shell\AutoRun\command - "" = W:\Resonance.exe
O33 - MountPoints2\{83e31d07-3d2a-11e2-96de-dc0ea111cefd}\Shell - "" = AutoRun
O33 - MountPoints2\{83e31d07-3d2a-11e2-96de-dc0ea111cefd}\Shell\AutoRun\command - "" = W:\autorun.exe
O33 - MountPoints2\{bdb78531-3ad2-11e2-aac7-dc0ea111cefd}\Shell - "" = AutoRun
O33 - MountPoints2\{bdb78531-3ad2-11e2-aac7-dc0ea111cefd}\Shell\AutoRun\command - "" = W:\Setup.exe
O33 - MountPoints2\{e7da9a98-bed5-11e1-abe8-dc0ea111cefd}\Shell - "" = AutoRun
O33 - MountPoints2\{e7da9a98-bed5-11e1-abe8-dc0ea111cefd}\Shell\AutoRun\command - "" = V:\Resonance.exe
O33 - MountPoints2\{e7da9a9c-bed5-11e1-abe8-dc0ea111cefd}\Shell - "" = AutoRun
O33 - MountPoints2\{e7da9a9c-bed5-11e1-abe8-dc0ea111cefd}\Shell\AutoRun\command - "" = W:\Resonance.exe
O33 - MountPoints2\{ec80d0a4-f7ed-11e1-8fae-dc0ea111cefd}\Shell - "" = AutoRun
O33 - MountPoints2\{ec80d0a4-f7ed-11e1-8fae-dc0ea111cefd}\Shell\AutoRun\command - "" = W:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.23 20:35:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shr\Desktop\OTL.exe
[2012.12.23 18:57:55 | 000,000,000 | ---D | C] -- C:\Users\shr\AppData\Roaming\Malwarebytes
[2012.12.23 18:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.23 18:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.23 18:57:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.23 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.21 14:44:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 14:44:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.21 14:44:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 14:44:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.12 20:42:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 20:42:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 20:42:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 20:42:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 20:42:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 20:42:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 20:42:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 20:42:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 20:42:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 20:42:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 20:42:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 20:42:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 20:42:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 20:42:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 20:42:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.12 10:35:09 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 10:35:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 10:35:08 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 10:35:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 10:35:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 10:35:08 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 10:35:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 10:35:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 10:35:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 10:35:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 10:35:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 10:35:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 10:35:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 10:35:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 10:35:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 10:35:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 10:35:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 10:35:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 10:35:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 10:35:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 10:35:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 10:35:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 10:35:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 10:35:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 10:35:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 10:35:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 10:35:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 10:35:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 10:35:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 10:35:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 10:35:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 10:35:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 10:35:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 10:35:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 10:35:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 10:35:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 10:35:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 10:35:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 10:35:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 10:35:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 10:34:58 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 10:34:58 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.03 12:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2012.11.29 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.11.29 14:57:14 | 000,000,000 | ---D | C] -- C:\Users\shr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012.11.29 14:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012.11.29 14:36:42 | 000,000,000 | ---D | C] -- C:\Users\shr\Desktop\fc3
[2012.11.29 13:49:25 | 000,000,000 | ---D | C] -- C:\Users\shr\Desktop\originale dateien
[2012.11.29 13:48:20 | 000,000,000 | ---D | C] -- C:\Users\shr\AppData\Local\Ubisoft Game Launcher
[2012.11.29 12:17:48 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.11.29 12:17:48 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.11.29 12:17:47 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.11.29 12:17:47 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.11.29 12:17:46 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.11.29 12:17:45 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.11.29 12:17:45 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.11.29 12:17:45 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.11.29 12:17:43 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.11.29 12:17:43 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.10.25 17:12:53 | 000,157,272 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\webapp-uninstaller.exe
[2012.10.25 17:12:53 | 000,096,224 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\webapprt-stub.exe
[2012.10.25 17:12:53 | 000,073,696 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\breakpadinjector.dll
[2012.06.13 17:48:18 | 002,559,968 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\gkmedias.dll
[2012.06.13 17:48:18 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr100.dll
[2012.06.13 17:48:18 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp100.dll
[2012.06.13 17:48:18 | 000,192,600 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\maintenanceservice_installer.exe
[2012.06.13 17:48:18 | 000,124,384 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozglue.dll
[2012.06.13 17:48:18 | 000,115,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\maintenanceservice.exe
[2011.12.05 16:42:05 | 014,676,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2011.12.05 16:42:05 | 000,270,816 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
[2011.12.05 16:42:05 | 000,155,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2011.12.05 16:42:05 | 000,145,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2011.12.05 16:42:05 | 000,019,424 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2011.12.05 16:42:04 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_43.dll
[2011.12.05 16:42:04 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_43.dll
[2011.12.05 16:42:04 | 000,917,984 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2011.12.05 16:42:04 | 000,817,120 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011.12.05 16:42:04 | 000,638,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2011.12.05 16:42:04 | 000,416,224 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011.12.05 16:42:04 | 000,370,656 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2011.12.05 16:42:04 | 000,258,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2011.12.05 16:42:04 | 000,172,000 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2011.12.05 16:42:04 | 000,116,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2011.12.05 16:42:04 | 000,096,224 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2011.12.05 16:42:04 | 000,092,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2011.12.05 16:42:04 | 000,091,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2011.12.05 16:42:04 | 000,080,864 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011.12.05 16:42:04 | 000,021,472 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2011.12.05 16:42:04 | 000,020,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2011.12.05 16:42:04 | 000,018,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[2011.12.05 16:42:04 | 000,016,864 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011.12.05 16:42:04 | 000,015,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.23 20:35:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shr\Desktop\OTL.exe
[2012.12.23 20:24:00 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 20:24:00 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 20:16:48 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.23 20:15:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.23 20:15:53 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.23 19:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.23 19:54:25 | 001,613,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.23 19:54:25 | 000,697,156 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.23 19:54:25 | 000,652,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.23 19:54:25 | 000,148,420 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.23 19:54:25 | 000,121,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.23 19:52:39 | 000,007,607 | ---- | M] () -- C:\Users\shr\AppData\Local\Resmon.ResmonCfg
[2012.12.23 19:45:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.23 18:57:28 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.21 17:20:00 | 000,291,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.19 12:52:25 | 000,009,054 | ---- | M] () -- C:\Users\shr\Documents\Krokodil.rtf
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.13 21:35:11 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.11 20:55:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 20:55:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.23 19:52:39 | 000,007,607 | ---- | C] () -- C:\Users\shr\AppData\Local\Resmon.ResmonCfg
[2012.12.23 18:57:28 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.19 10:49:57 | 000,009,054 | ---- | C] () -- C:\Users\shr\Documents\Krokodil.rtf
[2012.10.30 09:50:19 | 000,000,057 | ---- | C] () -- C:\Program Files (x86)\updates.xml
[2012.10.30 09:50:19 | 000,000,057 | ---- | C] () -- C:\Program Files (x86)\active-update.xml
[2012.10.29 11:03:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.09.28 16:21:07 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.07.20 12:12:49 | 000,000,128 | ---- | C] () -- C:\Windows\wininit.ini
[2012.06.13 17:48:18 | 000,000,132 | ---- | C] () -- C:\Program Files (x86)\update-settings.ini
[2012.02.26 11:39:32 | 008,789,401 | ---- | C] () -- C:\Program Files (x86)\omni.ja
[2012.02.22 13:47:02 | 000,003,584 | ---- | C] () -- C:\Users\shr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.30 22:51:28 | 001,591,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.05 16:49:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.12.05 16:42:05 | 000,001,041 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2011.12.05 16:42:05 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2011.12.05 16:42:04 | 002,294,240 | ---- | C] () -- C:\Program Files (x86)\mozjs.dll
[2011.12.05 16:42:04 | 000,035,818 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011.12.05 16:42:04 | 000,027,454 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2011.12.05 16:42:04 | 000,004,284 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2011.12.05 16:42:04 | 000,001,723 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011.12.05 16:42:04 | 000,000,706 | ---- | C] () -- C:\Program Files (x86)\crashreporter-override.ini
[2011.12.05 16:42:04 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2011.12.05 16:42:04 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2011.12.05 16:42:04 | 000,000,463 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2011.12.05 16:42:04 | 000,000,183 | ---- | C] () -- C:\Program Files (x86)\dependentlibs.list
[2011.12.05 16:42:04 | 000,000,142 | ---- | C] () -- C:\Program Files (x86)\platform.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.12 08:37:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.12 08:37:07 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.12 08:37:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.12 08:37:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.12 08:37:03 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Geändert von kalubka (23.12.2012 um 19:23 Uhr)

Alt 23.12.2012, 20:52   #2
kalubka
 
BKA oder GVU Trojaner - Standard

BKA oder GVU Trojaner



OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 23.12.2012 20:36:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\shr\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,61 Gb Available Physical Memory | 71,43% Memory free
15,71 Gb Paging File | 13,38 Gb Available in Paging File | 85,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,07 Gb Total Space | 185,28 Gb Free Space | 32,05% Space Free | Partition Type: NTFS
 
Computer Name: SHINY0DE | User Name: shr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14C5742C-BF4C-4731-812B-14F870F6F9A2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{160E949E-3EDD-4707-81A2-5E98EEDAC093}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D63F307-FDD0-41FF-895B-0D6C0CE93C6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C68F2C7-D240-4184-A0EE-AFB4DB33D650}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{634DB389-A3DD-41EB-8A6C-58DCAEF2D233}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{763ADBCC-0134-40BA-93CB-391CB8FB989A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9032447A-552D-4227-ABE8-8C170F750282}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{C00A6551-561C-4267-9EBF-C5AE0180798F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C0DE20F1-3440-46BD-9197-A8685EB04C4B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C51822D4-754A-4F98-9E92-4C35EEDFE5DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D388CD80-4C85-4DC7-A15D-9CBE1582F2AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF0BC0A8-D263-4299-ACCC-A7415D169AAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A9EC8D-4115-4E09-A60E-7A24E8B3DA40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{06B97807-F142-4AC7-8F0B-D55A1E625C93}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0C721183-6C6E-469C-84DD-AFF9881E5C3F}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{0CBD9B49-1595-45AC-86A9-853FBCED9F60}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{0EFE4BF7-2313-490F-8D9A-145B116AF688}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F0089B2-90D7-462A-8FA6-1926449D9075}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\universe sandbox\universe sandbox.exe | 
"{0FAE22F7-9295-425B-9CA9-C4F108C2D362}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0FCFAF12-B357-467F-899F-BD586E00937B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1170909F-FA44-4BF8-84A0-BFC9126DD288}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{125A0FAE-DDB1-49BF-94F2-0D620B6C426D}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\football manager 2012\fm.exe | 
"{175644EE-99BB-457A-8011-319169DBC9EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{192505C3-A6CD-4157-9D75-97AB211B1A81}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1BA52068-3F14-4417-B3C7-B6B5D66F0570}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\alan wake\alanwake.exe | 
"{1C649991-AE1F-472B-9B31-7363D94307FE}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\rayman origins demo\rayman origins.exe | 
"{1CB219B2-AEC9-4C69-8627-AC22D8E2D063}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"{1CEC7F39-5DC8-4F22-A94F-5ACDDDD63C7C}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | 
"{1FC58E36-0341-42BE-88C8-D130CD75F251}" = protocol=17 | dir=in | app=c:\games\nba2k12\nba2k12.exe | 
"{21685F7B-0B60-4C34-86D6-E1B06215FF43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21E66A5A-E038-4D07-8E54-51F159BBCD1E}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{237A590A-0181-45D0-BAF4-6D5F92C480F5}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe | 
"{2BAE12C0-F2AE-4CAF-AF8B-823BD40A1342}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe | 
"{2C35A55D-C750-410A-88F8-60F5608FF4D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2CC6F85E-CEFD-44F2-A551-BE4BD27E1BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"{2EFFE734-167A-4A75-BC16-83582BF96B53}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{351110A1-6E0A-4864-9090-476F1B7E3ABB}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{354BCCF0-082A-4FF4-9D4A-A6A75044A02C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe | 
"{366CEF91-63A3-4912-BCD2-D4D79D0FA5FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3924A227-7BDD-4987-A98F-6F9FEACB19EA}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"{3AAFB6EB-D49C-4D8E-AC1D-C8FC225DC336}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{3F91F5BD-99AD-44BA-AA81-9E62D7F77E70}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\launcher.exe | 
"{4080E16E-1E76-4968-B921-5DF209A535C7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{43379B58-172A-4C88-8081-F148054D2A1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4788C9C9-7980-4F4C-866A-FFACA638BAF5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{47A15A71-42E6-4C25-B3A8-6A18FD6099E9}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{486DFB77-3FE5-4E73-801C-3ECE3DEA8BC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{498A69C3-D3DA-4227-9844-B1ACF40E30B9}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe | 
"{52B44E92-80F0-4190-82EC-BF9F99006EFA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{543D2F0C-6F88-4319-9B87-01E48BD30E32}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{564A854A-DDE3-4FD4-B893-0DCC7B3D4353}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5F80D4CC-974B-4415-B6C0-084F324C29FF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{6124C560-1F1F-4401-A2C5-5A2B9DD380E8}" = protocol=6 | dir=out | app=system | 
"{61DFEEDA-F579-4317-9CB2-3CEF069EE0A2}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{62C9326E-7C66-45EF-8634-51416F99F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{678AFF85-81AD-4F30-B5C4-7676099C37E8}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\football manager 2012\fm.exe | 
"{6816560D-3D76-4F6D-81F1-CD7286394D32}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{684D8AE9-C031-4902-BAFE-40DC3F8637A4}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{6B4DA3AD-8D97-496A-9CA9-315CA82206D3}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{6BA7FCB4-BD70-4BAE-BD0E-8C854DDC8718}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6C0155BC-46D0-4950-B2E6-7B1992E15CA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E0BC457-6B22-4331-967F-3C387D7E4D96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{708E77B2-4F6C-477B-8E92-26CEA254568B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{72224359-F2E2-4B13-9251-F6044F6FDC06}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\alan wake\alanwake.exe | 
"{793E0377-46B4-4401-8C99-90DE0346094B}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{797363EB-F633-49BF-817B-CE3F09D3169E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A47E069-7671-40CD-9DC3-E68F53EFCFC9}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{7B976547-6A8E-4EAA-AD2B-AD35B60E14EE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{7D6A6218-61E4-49B5-A77E-5D551F40E65D}" = protocol=6 | dir=in | app=c:\games\nba2k12\nba2k12.exe | 
"{7DF64685-BDDC-4430-8B34-FB964572AFC7}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{8370F694-AE9E-4649-B060-7DE79D0D77FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83A3DA8A-6694-4E20-B394-2B98F8060772}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{843DD327-611D-4F39-AA68-F8760BF0175A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe | 
"{87799D08-6965-4D2C-B482-A52BB5D2A24F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8A7BDD5A-D873-4C7A-B222-CB7E4CDCA75A}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"{8B38F007-D400-4074-9BD6-4E8B373CFD97}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | 
"{8D117281-4ECC-4D19-9A59-9498F7049ABB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{90CEBB4B-FB10-4CC4-BD58-29B3A435838F}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{9193F2D8-5172-4878-A0B4-E41DBD15C9E5}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\universe sandbox\universe sandbox.exe | 
"{9BBFCFB8-3C7C-4F19-BA56-8C64A5C5EB9F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{9E3A3634-43B4-4CDF-A683-1253C56B5FF4}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | 
"{A1C340D1-D6FE-4F2E-B24E-84E19B5F3334}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A836F4D0-ADC1-4B39-8D5D-0D5CFD7C017E}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{AE02748F-F3F5-4297-92AF-3EB66A83D19C}" = protocol=17 | dir=in | app=c:\games\pro evolution soccer 2012\pes2012.exe | 
"{AFBDCDE6-A65C-4520-8530-55BFD4329137}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{B1688845-653D-403F-AC97-6BF140AD14C8}" = protocol=6 | dir=in | app=c:\games\pro evolution soccer 2012\pes2012.exe | 
"{B254F88D-9A91-458A-A9D3-F86D7D04E072}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{B256396C-C8A8-4130-A17F-6D3B2F672687}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\launcher.exe | 
"{B8DF9F94-87DE-4E6B-9D17-5080DE4EA594}" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"{B9E3450B-155B-45EB-B74D-EFD6162975B2}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{BAFFC327-8D1B-4D9D-86F9-EEA26DAEECD1}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{C2D09D39-AFF3-4BBA-AFC6-CE45AC21634D}" = protocol=6 | dir=in | app=c:\games\fallout 3\fallout3.exe | 
"{CCEADC12-5FE7-49DC-B8CF-E0198187DA25}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{CF34E1F5-1158-4367-90CB-9052DAD78800}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{D0E33C8D-142B-4214-9089-1543B5596BA5}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{D4418EC2-57AF-41FB-A4D8-115CDD53A4B0}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe | 
"{D8793EF8-B554-4D44-8902-432762F4DFA1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D93DEC05-6D4F-42EB-93AB-926EEA581701}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\rayman origins demo\rayman origins.exe | 
"{DD576DA3-9ED9-487B-9471-58060E7CE130}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E50BEAA5-85C4-49D9-9D2A-0CD192D4ECF8}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{EBF1BCA1-FD69-497D-83F1-34DAA4D0E580}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE0D43EB-582B-4C7F-9226-352C34003926}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{F825AE0F-72C6-4FFA-AA17-7EBA4E409C55}" = protocol=17 | dir=in | app=c:\games\fallout 3\fallout3.exe | 
"{FA5FB0D2-6DB2-405F-A4B9-5D74A43BCB89}" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{065E8AD7-8F49-466A-BF71-95C04459979F}C:\games\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"TCP Query User{3469E530-706C-4C45-ADC5-C6F91A09FF27}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"TCP Query User{65EB3EBC-B5BB-42E0-A1FE-21BB22546469}C:\games\pro evolution soccer 2013\pes2013_100.exe" = protocol=6 | dir=in | app=c:\games\pro evolution soccer 2013\pes2013_100.exe | 
"TCP Query User{6C56B32E-79D1-4FD9-89D4-5A1258692997}C:\games\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"TCP Query User{762336CC-2DB8-4760-AA90-0BDF3753C045}C:\games\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\games\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{A0740FD4-41C4-40BE-A86F-9351CD709BCB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{B5746C24-B9DD-4B4C-BAC4-2FFACD034884}C:\games\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\games\pro evolution soccer 2013\pes2013.exe | 
"TCP Query User{B6948338-9584-4446-B87E-E2E6CA064958}C:\games\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\games\fallout 3\fallout3.exe | 
"TCP Query User{BE058920-4A15-4CC1-A65E-EDBBAFEEB8FB}C:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"TCP Query User{BF194FF9-D0AC-46A2-8BCC-7D3F70E7B664}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{CACC62CB-23B7-4F50-8796-16B90A5415FB}C:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{CD745E9A-7049-4492-8F86-44753DCF4CAB}C:\games\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{D2C72403-7CD9-4AF3-AE6B-DBC43A8CE366}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{D68D135F-4449-402F-9026-C40B2E9F4B94}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{DFD5BEEA-13F8-4DDC-89C4-31A97480872F}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{0C5FFE88-599B-42CF-889C-EED57B832B4D}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"UDP Query User{1D412C7D-EBBB-4D1A-8014-EE749D214EBD}C:\games\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{420D6C49-4805-40FB-904E-3168A121DBAE}C:\games\pro evolution soccer 2013\pes2013_100.exe" = protocol=17 | dir=in | app=c:\games\pro evolution soccer 2013\pes2013_100.exe | 
"UDP Query User{5A984C80-E092-405B-B6EE-2808A34195F9}C:\games\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\games\pro evolution soccer 2013\pes2013.exe | 
"UDP Query User{6F7EA0F8-5A64-470E-B004-EF98FFD76ABD}C:\games\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\games\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{7546C744-0CFC-40F7-B2B7-2DACB9775FE0}C:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{99EBC994-0BDF-45A4-A9A1-8697A8EB6D9F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{9F0DB161-C947-4D3C-9656-BC1B5E4FC563}C:\games\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"UDP Query User{A2A6D5CC-1003-4138-B63F-932049238BCC}C:\games\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"UDP Query User{A3622EC3-7CB0-4177-82DA-65B91EB4C1CB}C:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"UDP Query User{C286F7D0-E6ED-453F-8B1E-6CD27DC2EAE0}C:\games\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\games\fallout 3\fallout3.exe | 
"UDP Query User{E076A405-F3FD-424C-BE0A-6F6D5AE35C1D}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{F6FE0636-735B-4496-AFF9-AED5B7027095}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{FB9B4A3A-5284-42F3-996C-C6EF8309E61F}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{FDD53F89-49EF-44EF-9CC9-1F1AAC619F86}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.1.13.71
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"5513-1208-7298-9440" = JDownloader 0.9
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"CPUCooL" = CPUCooL (remove only)
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"PakkISO_is1" = PakkISO 0.4
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"SopCast" = SopCast 3.4.8
"StarBurn_is1" = StarBurn Version 13 (Build 0x20110818)
"Steam App 108710" = Alan Wake
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 202170" = Sleeping Dogs™
"Steam App 202750" = Alan Wake's American Nightmare
"Steam App 207510" = Rayman Origins Demo
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 20930" = The Witcher 2: Bonus Content
"Steam App 22600" = Worms Reloaded
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 49520" = Borderlands 2
"Steam App 71270" = Football Manager 2012
"Steam App 72200" = Universe Sandbox
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uplay" = Uplay
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"WildTangent acer Master Uninstall" = Acer Games
"WinCDEmu" = WinCDEmu
"WinLiveSuite" = Windows Live Essentials
"WTA-02c85175-dcd4-422b-b33c-71376782d4dd" = Zuma Deluxe
"WTA-0b742bcf-3f0d-4be3-9e25-75e0ebaadcca" = Agatha Christie - Death on the Nile
"WTA-27c4d837-4ad9-408a-8d96-622b6a35a0e9" = Wedding Dash
"WTA-3c8aff20-e97d-4164-ab66-d0511a9e2726" = Final Drive: Nitro
"WTA-43adc6cc-50f0-4889-85de-786ec05ff8cc" = Bejeweled 2 Deluxe
"WTA-576432ee-60eb-44e1-a52d-631d672f2221" = Crazy Chicken Kart 2
"WTA-679bac0c-e3c6-48a6-a9da-1dcd75758150" = Penguins!
"WTA-71bec76c-2a09-4cee-86ef-d16f3604c01d" = Jewel Quest Solitaire
"WTA-830c9b41-5c06-40f5-8170-fc7b513ab969" = Chuzzle Deluxe
"WTA-8cc93bdd-687c-490b-b324-276e552120a0" = Mystery of Mortlake Mansion
"WTA-933a567e-1aff-4491-a887-3211c7b98985" = Virtual Villagers 4 - The Tree of Life
"WTA-a08fb39c-42dd-48a7-9a1b-0cc37c620c1d" = John Deere Drive Green
"WTA-abe001cd-21f5-426b-a1dc-47c984ae3481" = Plants vs. Zombies - Game of the Year
"WTA-b636ee01-0d4a-45f1-bdfe-7ee8fae3064f" = Insaniquarium Deluxe
"WTA-ba248c03-dc26-48a9-a770-5163bca78384" = Slingo Deluxe
"WTA-d97957be-86e9-4dff-8d8c-7abb4133f80f" = Torchlight
"WTA-e09c5ec0-96b4-4b9e-a343-581693307de2" = Jewel Match 3
"WTA-e8c3c157-6cd0-4e57-8fe7-22472d979f14" = Polar Bowler
"WTA-f5926444-0308-4f7c-8193-018cff0e090f" = FATE
"Yesterday (en)" = Yesterday (English)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.07.2012 03:37:36 | Computer Name = shiny0de | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.07.2012 04:26:28 | Computer Name = shiny0de | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 20.07.2012 06:30:11 | Computer Name = shiny0de | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.07.2012 06:30:13 | Computer Name = shiny0de | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CooLSrv.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ed0cb16  Name des fehlerhaften Moduls: CooLSrv.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ed0cb16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001ec91  ID des fehlerhaften Prozesses:
 0x6d8  Startzeit der fehlerhaften Anwendung: 0x01cd666290ed6fc7  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\CPUCooL\CooLSrv.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\CPUCooL\CooLSrv.exe  Berichtskennung: e305d53f-d255-11e1-9239-dc0ea111cefd
 
Error - 20.07.2012 06:39:48 | Computer Name = shiny0de | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.07.2012 06:39:56 | Computer Name = shiny0de | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CooLSrv.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ed0cb16  Name des fehlerhaften Moduls: CooLSrv.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ed0cb16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001ec91  ID des fehlerhaften Prozesses:
 0x740  Startzeit der fehlerhaften Anwendung: 0x01cd6663f5a66cd6  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\CPUCooL\CooLSrv.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\CPUCooL\CooLSrv.exe  Berichtskennung: 3ed23d97-d257-11e1-9d33-9439e562be77
 
Error - 20.07.2012 06:44:59 | Computer Name = shiny0de | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CooLSrv.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ed0cb16  Name des fehlerhaften Moduls: CooLSrv.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ed0cb16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001ec91  ID des fehlerhaften Prozesses:
 0x6e8  Startzeit der fehlerhaften Anwendung: 0x01cd6664a36dd8fb  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\CPUCooL\CooLSrv.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\CPUCooL\CooLSrv.exe  Berichtskennung: f317fd4e-d257-11e1-85fa-dc0ea111cefd
 
Error - 20.07.2012 06:45:01 | Computer Name = shiny0de | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.07.2012 06:49:04 | Computer Name = shiny0de | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.07.2012 06:49:17 | Computer Name = shiny0de | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CooLSrv.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ed0cb16  Name des fehlerhaften Moduls: CooLSrv.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ed0cb16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001ec91  ID des fehlerhaften Prozesses:
 0x698  Startzeit der fehlerhaften Anwendung: 0x01cd66653b29244e  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\CPUCooL\CooLSrv.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\CPUCooL\CooLSrv.exe  Berichtskennung: 8d45fe4b-d258-11e1-bf01-dc0ea111cefd
 
[ System Events ]
Error - 21.12.2012 19:49:26 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 22.12.2012 06:46:55 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 22.12.2012 12:21:56 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 22.12.2012 18:45:10 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 23.12.2012 06:09:58 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 23.12.2012 08:39:53 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 23.12.2012 13:38:56 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 23.12.2012 14:17:20 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 23.12.2012 14:49:26 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 23.12.2012 15:17:22 | Computer Name = shiny0de | Source = Service Control Manager | ID = 7034
Description = Dienst "CPUCooLServer Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
 
< End of report >
         
__________________


Alt 26.12.2012, 13:15   #3
t'john
/// Helfer-Team
 
BKA oder GVU Trojaner - Standard

BKA oder GVU Trojaner





Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


danach:


Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
__________________

Alt 24.02.2013, 11:20   #4
t'john
/// Helfer-Team
 
BKA oder GVU Trojaner - Standard

BKA oder GVU Trojaner



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu BKA oder GVU Trojaner
administrator, anti-malware, antivir, appdata, autostart, bingbar, bka oder gvu, dateien, dsgsdgdsgdsgw.pad, erfolgreich, explorer, firefox, folge, folgende, gelöscht, gen, launch, log, löschen, malwarebytes, meldung, microsoft, nvidia update, nvpciflt.sys, plug-in, quarantäne, roaming, runctf.lnk, service, speicher, startup, test, trojaner, version., wgsdgsdgdsgsd.dll, wildtangent games, wscript.exe




Ähnliche Themen: BKA oder GVU Trojaner


  1. viren befall ?? oder malware oder unerwuenschte software ?? oder ....
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (6)
  2. Unsicher ob GVU-Trojaner (oder ähnliches) noch auf dem Rechner ist oder ob dieser entfernt wurde.
    Mülltonne - 29.01.2015 (0)
  3. Avira Scan, Trojaner TR/Crypt.ZPACK.50636 gefunden, Fehlalarm oder echter Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (17)
  4. Spam-Trojaner oder Mailkontenmissbrauch oder keins von beiden?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (18)
  5. BSI Mitteilung über Sperrung der Daten! (bekannter Trojaner) Alles läuft weiterhin problemlos. Trojaner ja oder nein?
    Log-Analyse und Auswertung - 27.10.2013 (5)
  6. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  7. Trojaner oder Virus oder sonst was schädliches ?
    Log-Analyse und Auswertung - 09.12.2012 (28)
  8. Malware oder Viren oder Trojaner Schutz..Begriffverwirrung
    Antiviren-, Firewall- und andere Schutzprogramme - 12.07.2012 (1)
  9. EXP\JAVA.NIABIL.GEN Exploit oder Trojaner oder beides - Lösung ?
    Log-Analyse und Auswertung - 29.02.2012 (1)
  10. Hab einen Trojaner oder wurm oder nen virus weis aber nicht was für einen
    Log-Analyse und Auswertung - 30.11.2011 (2)
  11. Virus oder Trojaner? Browser reagieren nicht oder verzögert.
    Log-Analyse und Auswertung - 20.10.2010 (26)
  12. Trojaner oder was ?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2009 (3)
  13. ist es Stalking oder ein Trojaner oder was
    Plagegeister aller Art und deren Bekämpfung - 26.08.2008 (5)
  14. Ich hab folgende trojaner oder adware oder was auch immer gefunden!
    Log-Analyse und Auswertung - 23.07.2006 (15)
  15. Trojaner oder was??!!!
    Log-Analyse und Auswertung - 27.12.2004 (1)
  16. spyware oder trojaner)(oder beides???) :-O
    Log-Analyse und Auswertung - 23.10.2004 (9)
  17. Trojaner oder was ist es?
    Plagegeister aller Art und deren Bekämpfung - 23.03.2004 (6)

Zum Thema BKA oder GVU Trojaner - Hi, hatte eben gerade die Meldung das ich über Ukash was bezahlen soll weil bei mir verbotene Inhalte gefunden wurden oder was auch immer. Es war außerdem eine Cam an. - BKA oder GVU Trojaner...
Archiv
Du betrachtest: BKA oder GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.