|
Plagegeister aller Art und deren Bekämpfung: Browser öffnen bei Klick auf Google Suchergebnis WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.03.2013, 10:16 | #1 |
| Browser öffnen bei Klick auf Google Suchergebnis Werbung Hallo, ich bin neu hier und habe folgendes Problem. Google Chrome hat bei mir vor ein paar Tagen angefangen, wenn ich auf ein Suchergebnis bei Google klicke, eine ganz andere Seite mit Werbung zu öffnen. Habe Chrome auch schon deinstalliert und wieder installiert, aber das hat nichts gebracht. Bin dann auf den Internet Explorer umgestiegen, der hat aber jetzt das gleiche Problem. Habe bei Google Beiträge zu dem Thema gefunden, eine Lösung jedoch nicht. Malwarebytes Anti Malware und Avira Antivir haben nichts gefunden. Bitte helft mir! |
18.03.2013, 13:16 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen bei Klick auf Google Suchergebnis Werbung Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
18.03.2013, 14:38 | #3 |
| Browser öffnen bei Klick auf Google Suchergebnis Werbung Danke für die nette Begrüßung!
__________________Hier mein Log-File:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.03.2013 13:29:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*******\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 37,02% Memory free 7,68 Gb Paging File | 4,78 Gb Available in Paging File | 62,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 347,41 Gb Free Space | 77,17% Space Free | Partition Type: NTFS Computer Name: JENS-PC | User Name: Jens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1633473102-3143036274-2133483798-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2189EDB9-8F95-4684-9F49-160EB5336486}" = rport=445 | protocol=6 | dir=out | app=system | "{25BB7DD0-7A70-4BF2-B930-07EFB527BE9F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{292A2A83-D710-4B3D-9AE2-49343D00B2AE}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\acer\wdagent\dcdhcpservice.exe | "{2ED5CB1D-10DC-4514-B6BF-650CAAC410AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{34D2FEC4-0160-492D-B1B7-853990B21397}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{43C1B296-7901-48B2-89E5-A3163B74D8B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{44003219-661E-4460-AE81-20AB17EABB5A}" = lport=139 | protocol=6 | dir=in | app=system | "{59450F22-4FCA-4AD2-B5DC-73FF639D548D}" = rport=138 | protocol=17 | dir=out | app=system | "{6F4B1A05-01FA-4CF2-9D27-81F7EA979B46}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{78FDEC45-BE6A-4C89-BBE1-4E1C02FEFDCA}" = rport=137 | protocol=17 | dir=out | app=system | "{7C89F483-45A9-4C6C-8223-B20AA66178DC}" = lport=137 | protocol=17 | dir=in | app=system | "{9444D459-8E03-45CC-9A5E-C448B650A70B}" = rport=139 | protocol=6 | dir=out | app=system | "{A37AA392-7B5C-4325-B6F7-232A55ED1907}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AF0363B4-A0B2-4C46-B22B-B0AACFE71861}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B7986081-A91C-4057-BD14-BCC99ABA69E0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BBA2E10C-1E8D-43BE-BE62-C548B7228642}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | "{D65F44A2-EA4C-444D-93D1-21D70F039CF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E4A04593-57BF-4AE0-A4F6-0634B23D905D}" = lport=445 | protocol=6 | dir=in | app=system | "{E8117589-59C6-4877-BB0A-9FEE3089D078}" = lport=138 | protocol=17 | dir=in | app=system | "{F9251A54-CC7C-4539-A559-ADA21D10AC26}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006B25EF-A281-4EDC-9E60-CA912422134F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{06E14BD7-BD0F-495D-B20F-6EBF1125213A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{075AAE26-52EF-44A9-854D-2842D8F14F94}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe | "{079EE06A-2BB4-4B9F-9DA0-B575EDA24FD8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{098874EB-9037-43C2-83BD-A922949BD9E3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{150BA5C5-60EB-4A80-83EF-BE592525FDDD}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe | "{157AE511-4A37-44DA-8E90-F7D6D65CBC2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{3A87A6C7-95B1-4327-B9FB-CA917492C8EB}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{3A8C357E-C0DD-40F9-9D2E-774EB74F2AB3}" = dir=in | app=c:\users\jens\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{5102085A-51F3-4385-8F20-4DB983B00E8F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{5B04A2E9-1D63-47BB-B557-EB67FF84EB77}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{6909C35B-93FD-4BA1-A9F2-5569457868D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{6D6D332F-7796-4468-9501-D55807A18064}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{6F068F53-1711-49CF-BADC-620406912259}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{6F331082-C15E-46DF-B184-54E61BE37D48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{740569E3-78CF-4EA1-9873-4FDD1E1A1520}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe | "{7E435F09-3953-4132-A3B2-9ED61CF502FF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{85404DFD-435A-4320-8E11-9CA84C5797A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{89876441-0BA2-4F4B-A726-DB97A883AE39}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{89B62519-EF55-406D-8646-110B70DB488E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{A07EF73D-DAAF-4FF8-ABC5-892AE21C5B62}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{A64CEC22-F541-4EBB-B4B3-D6E644799275}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AB29290D-23A8-4AEC-A380-76519E5A4636}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{AB7386A0-A00A-4328-B00E-4B35A5A6E60B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{DE81DEFF-C9B1-4587-BE7A-09711304ED07}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{E57BA022-A28C-485F-9354-30C2519E487B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{EA3FA8CF-5213-4A60-A71E-0B0AE0621C99}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{ECB0E6E3-B492-46B3-8858-8C669C04B111}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{F075918F-ADBA-4563-B96D-34BC189DB1A2}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{F32CA036-F23C-47CC-BB98-B8D89F777EAE}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{F47379F9-4316-44EF-8408-8A03B82D9F12}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F78B396B-AA4D-4092-86FD-7831C399189A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FBF6C1A0-DC34-4C11-80AD-D4FFDAA418A9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{FD66C35D-F27F-456A-9BD9-7469F5AC869F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "TCP Query User{97D8160E-9CCB-43B5-8232-BAA003680099}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{C5CF769F-09AC-4F0F-BF3D-D9AEA5C02486}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{D33C3929-2C19-440E-946D-F96BC0A04278}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | "TCP Query User{FCA32418-ED67-4733-B4BA-4B2E4542C176}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{2597B388-BEED-46DA-86D2-1AD5F64840E5}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | "UDP Query User{D5E74195-7177-4D76-8FB5-2EBECBADCCE9}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{E02D6002-8E8F-4E91-A72C-FC76E53D6C8E}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{F66B9BA3-16B4-415B-AF9C-3D90078F49D9}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64) "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{663A0073-D1FD-42B8-899F-AA5FA8359704}" = O&O DiskRecovery "{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}" = Acer Instant Update Service "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013 "{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013 "{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013 "{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013 "{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013 "{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013 "{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français "{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano "{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013 "{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013 "{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013 "{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013 "{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013 "{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013 "{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013 "{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013 "{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013 "{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.32 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.32 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013 "ProgDVB" = ProgDVB x64 "R for Windows 2.15.2_is1" = R for Windows 2.15.2 "VLC media player" = VLC media player 2.0.2 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation "{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM) "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D9167B2-87EB-4713-90B4-E46F2CAFE28D}" = Nero BurningROM 12 "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger "{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso "{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.2.0.10 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker "{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger "{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" = clear.fi SDK - MVP 2 "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer "{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" = clear.fi SDK- Movie 2 "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger "{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2 "{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger "5513-1208-7298-9440" = JDownloader 0.9 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "AI RoboForm" = RoboForm 7-8-3-5 (All Users) "AVerMedia A820 USB DVB-T" = AVerMedia A820 USB DVB-T 8.0.64.48 "Avira AntiVir Desktop" = Avira Free Antivirus "ClipGrab Toolbar" = ClipGrab Toolbar "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "FileZilla Client" = FileZilla Client 3.6.0.2 "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "Google Chrome" = Google Chrome "Identity Card" = Identity Card "ImgBurn" = ImgBurn "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso "InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "Kobo" = Kobo "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "RStudio" = RStudio "WildTangent acer Master Uninstall" = Acer Games "WinLiveSuite" = Windows Live Essentials "WTA-153a1457-5308-4827-9738-8b2b16051ef4" = Wedding Dash "WTA-195931dd-20d1-47cd-bb01-cb00f4fd9e8b" = Chuzzle Deluxe "WTA-30e1e6f4-e4d7-4366-9802-118b26afde7c" = Plants vs. Zombies - Game of the Year "WTA-3691f5e5-cbf1-4217-9925-3ec770e5f426" = Jewel Match 3 "WTA-41df7fd4-37ab-41bd-90be-25ffcb18f949" = Polar Bowler "WTA-4345a117-5bcf-4855-8130-4e3cdaf67525" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition "WTA-519733d8-ad78-4d99-b2ad-cd7062640015" = Torchlight "WTA-58cc2f03-9177-4ba0-884f-51fe7e2639d9" = John Deere Drive Green "WTA-59a81e83-44ec-4e87-927f-9481910220c0" = Slingo Deluxe "WTA-81f31e09-378e-4d77-ac8f-0df945312b71" = Bejeweled 3 "WTA-88179b81-e36f-48d1-9825-9c778a741298" = Final Drive: Nitro "WTA-9eec2977-f821-47ad-9f88-b45ca06fe1f7" = Zuma Deluxe "WTA-c8e3b5c7-4d0f-4d68-9323-6ef1a4892bf7" = Virtual Villagers 4 - The Tree of Life "WTA-d2ca568d-2367-4ba4-b5fc-9c9e327499f5" = Penguins! "WTA-d7439b07-96cf-417b-9708-d8647897fe41" = FATE "WTA-fa38e46e-d67c-41a4-b54f-07dc57a753f9" = Agatha Christie - Death on the Nile "WTA-fc5fc8b4-995d-4555-ade7-c40e61825a9f" = Insaniquarium Deluxe "xampp" = XAMPP 1.8.1 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1633473102-3143036274-2133483798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 5.4.0.1083 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.01.2013 17:56:29 | Computer Name = ******-PC | Source = Application Hang | ID = 1002 Description = Programm POWERPNT.EXE, Version 15.0.4420.1017 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 175c Startzeit: 01cde8691cd4e794 Endzeit: 12 Anwendungspfad: C:\Program Files\Microsoft Office\Office15\POWERPNT.EXE Berichts-ID: 10ef6936-545e-11e2-8b32-74e5436cb4b0 Error - 03.01.2013 07:07:52 | Computer Name = ******-PC | Source = WinMgmt | ID = 10 Description = Error - 03.01.2013 16:28:28 | Computer Name = ******-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll" in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig. Error - 04.01.2013 07:17:02 | Computer Name = Jens-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2013 07:17:53 | Computer Name = Jens-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: McSvHost.exe, Version: 2.6.259.0, Zeitstempel: 0x5040f1f9 Name des fehlerhaften Moduls: mcmscsub.dll, Version: 11.6.434.0, Zeitstempel: 0x5050b508 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000003f68a ID des fehlerhaften Prozesses: 0x81c Startzeit der fehlerhaften Anwendung: 0x01cdea6cd251034f Pfad der fehlerhaften Anwendung: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Pfad des fehlerhaften Moduls: c:\PROGRA~1\mcafee\msc\mcmscsub.dll Berichtskennung: 617ebc4b-5660-11e2-8a8a-74e5436cb4b0 Error - 04.01.2013 14:51:37 | Computer Name = Jens-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll" in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig. Error - 06.01.2013 14:06:18 | Computer Name = Jens-PC | Source = WinMgmt | ID = 10 Description = Error - 08.01.2013 06:02:57 | Computer Name = Jens-PC | Source = WinMgmt | ID = 10 Description = Error - 10.01.2013 12:35:34 | Computer Name = Jens-PC | Source = WinMgmt | ID = 10 Description = Error - 11.01.2013 05:19:09 | Computer Name = Jens-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 10.02.2013 07:33:32 | Computer Name = Jens-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "DNS-Client" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 11.02.2013 13:07:18 | Computer Name = Jens-PC | Source = bowser | ID = 8003 Description = Error - 11.02.2013 13:19:16 | Computer Name = Jens-PC | Source = bowser | ID = 8003 Description = Error - 12.02.2013 14:16:07 | Computer Name = Jens-PC | Source = bowser | ID = 8003 Description = Error - 12.02.2013 16:00:37 | Computer Name = Jens-PC | Source = bowser | ID = 8003 Description = Error - 21.02.2013 19:19:31 | Computer Name = Jens-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?21.?02.?2013 um 20:38:08 unerwartet heruntergefahren. Error - 24.02.2013 13:52:37 | Computer Name = Jens-PC | Source = bowser | ID = 8003 Description = Error - 07.03.2013 15:40:38 | Computer Name = Jens-PC | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.48 registriert werden. Der Computer mit IP-Adresse 192.168.178.37 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 07.03.2013 15:52:02 | Computer Name = Jens-PC | Source = bowser | ID = 8003 Description = Error - 10.03.2013 14:54:52 | Computer Name = Jens-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?09.?03.?2013 um 13:53:17 unerwartet heruntergefahren. < End of report > |
18.03.2013, 14:43 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen bei Klick auf Google Suchergebnis Werbung Was ist mit dem anderen Log, die extras sind nicht so wichtig die die otl.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2013, 14:44 | #5 |
| Browser öffnen bei Klick auf Google Suchergebnis Werbung Bei mir hat sich nur eine Datei geöffnet, ich lasse es nochmal durchlaufen! |
18.03.2013, 14:47 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen bei Klick auf Google Suchergebnis Werbung Die Logs solltest du eigentlich auf deinem Desktop sehen
__________________ --> Browser öffnen bei Klick auf Google Suchergebnis Werbung |
18.03.2013, 14:49 | #7 |
| Browser öffnen bei Klick auf Google Suchergebnis Werbung Hatte die OTL.exe in einem anderen Ordner, da war auch die OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.03.2013 13:29:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jens\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 37,02% Memory free 7,68 Gb Paging File | 4,78 Gb Available in Paging File | 62,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 347,41 Gb Free Space | 77,17% Space Free | Partition Type: NTFS Computer Name: JENS-PC | User Name: Jens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jens\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) PRC - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe () PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (DCDhcpService) -- C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe (Atheros Communication Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (AVerAF35) -- C:\Windows\SysNative\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbClip.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1633473102-3143036274-2133483798-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbClip.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001\..\SearchScopes,DefaultScope = {924E86DF-9BB0-4745-881F-F0F15D05A8E4} IE - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001\..\SearchScopes\{0F7D6C18-F40E-4D25-9806-179E61B10A85}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373&CUI=UN35139588042709129 IE - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001\..\SearchScopes\{924E86DF-9BB0-4745-881F-F0F15D05A8E4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms} IE - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Jens\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jens\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012.10.26 16:31:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 12:22:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 12:22:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.13 15:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\Extensions [2013.01.11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.79 (Enabled) = C:\Users\Jens\AppData\Local\Citrix\Plugins\79\npappdetector.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jens\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Adobe Acrobat \u2013 PDF-Datei erstellen = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\ CHR - Extension: AdBlock = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121014030046.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121014030047.dll File not found O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbClip.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbClip.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files (x86)\ClipGrab\prxtbClip.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe () O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1633473102-3143036274-2133483798-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001..\Run: [Facebook Update] C:\Users\Jens\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1633473102-3143036274-2133483798-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1633473102-3143036274-2133483798-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1633473102-3143036274-2133483798-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) O9:64bit: - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) O9:64bit: - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) O9:64bit: - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) O9:64bit: - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BFB32FD-6620-443F-8AE5-04D85ADE53C1}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E13A52B5-A376-423A-8D71-E19B973A83B1}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4dbdd8bf-647e-11e2-8b8c-74e5436cb4b0}\Shell - "" = AutoRun O33 - MountPoints2\{4dbdd8bf-647e-11e2-8b8c-74e5436cb4b0}\Shell\AutoRun\command - "" = E:\WIN\TV\setup.exe O33 - MountPoints2\{e3981394-1571-11e2-833c-4c72b9420049}\Shell - "" = AutoRun O33 - MountPoints2\{e3981394-1571-11e2-833c-4c72b9420049}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\WIN\TV\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 12:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.17 12:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.17 12:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\Deployment [2013.03.17 12:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\Apps [2013.03.17 10:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.17 10:12:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.16 13:59:51 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.16 13:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.16 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Malwarebytes [2013.03.16 13:09:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.16 13:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.16 13:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.16 13:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.16 13:08:56 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\Programs [2013.03.15 12:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jens\Desktop\Homepage Hegering [2013.03.15 09:42:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.15 09:42:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.15 09:42:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.15 09:42:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.15 09:42:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.15 09:42:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.15 09:42:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.15 09:42:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.15 09:42:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.15 09:42:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.15 09:42:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.15 09:42:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.15 09:42:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.15 09:42:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.15 09:42:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.15 09:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.15 09:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.15 09:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 12:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.11 15:09:37 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\{D9164197-49F5-4A8A-91F0-508867A4B986} [2013.03.11 15:09:37 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\{D87D7EB7-A581-4032-B2D2-9B8F1B9AEB2B} [2013.03.11 14:52:55 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\FileZilla [2013.03.11 14:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013.03.11 14:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2013.03.10 21:40:44 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Avira [2013.03.10 21:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.10 21:35:15 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.10 21:35:15 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.10 21:35:15 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.10 21:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.10 21:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.03.10 20:43:09 | 000,000,000 | ---D | C] -- C:\Users\Jens\Desktop\Homepage [2013.03.07 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.03.07 13:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.03.07 13:05:48 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Notepad++ [2013.03.07 13:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2013.03.06 20:33:02 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2013.03.06 20:32:48 | 000,000,000 | ---D | C] -- C:\xampp [2013.02.28 09:49:24 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 09:49:24 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 09:49:24 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 09:49:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 09:49:22 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 09:49:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 09:49:17 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 09:49:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 09:49:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 09:49:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 09:49:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 09:49:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 09:49:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 09:49:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 09:49:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 09:49:16 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 09:49:16 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 09:49:15 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 09:49:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 09:49:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 09:49:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 09:49:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 09:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 09:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 09:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 09:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 09:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 09:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 09:49:14 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 09:49:14 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 09:49:14 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 09:49:14 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 09:49:14 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 09:49:14 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 09:49:14 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 09:49:13 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 09:49:13 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 09:49:13 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 09:49:12 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 09:49:12 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 09:49:12 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.24 15:31:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.24 15:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.24 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2013.03.18 13:24:04 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.18 13:24:04 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.18 13:24:04 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.18 13:24:04 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.18 13:24:04 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.18 13:23:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.18 13:23:46 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2013.03.18 12:42:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.18 12:42:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.18 11:52:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1633473102-3143036274-2133483798-1001UA.job [2013.03.18 09:46:33 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 09:46:33 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 09:44:40 | 000,015,364 | ---- | M] () -- C:\Users\Jens\Desktop\cafe platzer.JPG [2013.03.18 09:42:36 | 000,176,144 | ---- | M] () -- C:\Users\Jens\Desktop\Logo Café Platzer.jpg [2013.03.18 09:39:02 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\OGYFO.job [2013.03.18 09:38:39 | 3094,102,016 | -HS- | M] () -- C:\hiberfil.sys [2013.03.17 20:52:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1633473102-3143036274-2133483798-1001Core.job [2013.03.17 12:39:52 | 000,002,263 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.16 13:59:36 | 000,001,406 | ---- | M] () -- C:\Users\Jens\Desktop\Free YouTube to MP3 Converter.lnk [2013.03.16 13:09:05 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 12:48:02 | 000,322,553 | ---- | M] () -- C:\Users\Jens\Desktop\Screenshot Homepage.JPG [2013.03.10 21:28:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.10 21:28:59 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.10 21:28:58 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.07 14:04:06 | 000,000,132 | ---- | M] () -- C:\Users\Jens\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.03.06 00:45:51 | 000,148,480 | RHS- | M] () -- C:\Windows\SysWow64\winrsmgrc.dll [2013.02.20 19:35:11 | 005,076,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.18 09:44:39 | 000,015,364 | ---- | C] () -- C:\Users\Jens\Desktop\cafe platzer.JPG [2013.03.18 09:42:36 | 000,176,144 | ---- | C] () -- C:\Users\Jens\Desktop\Logo Café Platzer.jpg [2013.03.17 12:39:52 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.17 12:37:49 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.17 12:37:49 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.16 13:59:36 | 000,001,406 | ---- | C] () -- C:\Users\Jens\Desktop\Free YouTube to MP3 Converter.lnk [2013.03.16 13:09:05 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 12:33:00 | 000,322,553 | ---- | C] () -- C:\Users\Jens\Desktop\Screenshot Homepage.JPG [2013.03.07 11:31:38 | 000,000,132 | ---- | C] () -- C:\Users\Jens\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.03.06 00:45:51 | 000,148,480 | RHS- | C] () -- C:\Windows\SysWow64\winrsmgrc.dll [2013.03.06 00:45:51 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\OGYFO.job [2013.01.23 14:24:15 | 000,012,574 | ---- | C] () -- C:\ProgramData\mxnhytee.feu [2013.01.23 14:05:04 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll [2013.01.23 14:05:04 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys [2013.01.23 14:04:59 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll [2013.01.23 14:04:59 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll [2013.01.23 14:04:59 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll [2013.01.23 14:04:59 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll [2013.01.23 14:04:59 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll [2013.01.23 14:04:59 | 000,225,280 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll [2013.01.23 14:04:59 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll [2012.10.22 16:01:12 | 000,000,278 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.10.22 15:54:25 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.10.13 16:19:22 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.14 09:32:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.09.14 09:32:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.04.20 11:40:15 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.04.20 11:40:03 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.04.20 11:40:01 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.04.20 11:40:01 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.12.08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
18.03.2013, 14:50 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen bei Klick auf Google Suchergebnis Werbung Rootkitscan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2013, 18:45 | #9 |
| Browser öffnen bei Klick auf Google Suchergebnis Werbung So, also Malwarebytes Anti Rocket hat nichts gefunden, deshalb ist wohl auch der Logfile überflüssig. Hier die Gmer.txt: GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-18 18:15:49 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 465,76GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Jens\AppData\Local\Temp\kwldypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 00000000771afab8 5 bytes JMP 00000001037f5c14 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076328b7a 5 bytes JMP 00000001037fb2db .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\GDI32.dll!GetGlyphIndicesW 0000000076329963 5 bytes JMP 00000001037fb768 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\GDI32.dll!TextOutW 000000007632d41c 5 bytes JMP 00000001037fada7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007632dce4 5 bytes JMP 00000001037fb1f7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\GDI32.dll!TextOutA 000000007632eda3 5 bytes JMP 00000001037facdb .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\GDI32.dll!GetGlyphIndicesA 0000000076348dbd 5 bytes JMP 00000001037fb69b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\USER32.dll!DrawTextExW 000000007670149e 5 bytes JMP 00000001037fb110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\USER32.dll!DrawTextW 00000000767025cf 5 bytes JMP 00000001037faf4e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\USER32.dll!DrawTextA 000000007670aea1 5 bytes JMP 00000001037fae73 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\USER32.dll!DrawTextExA 000000007670aed8 5 bytes JMP 00000001037fb029 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007671cfca 5 bytes JMP 00000001037f9b64 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000076738e57 5 bytes JMP 00000001037fabc4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074973918 5 bytes JMP 00000001037fab0a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000074974296 5 bytes JMP 00000001037f9688 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074974406 5 bytes JMP 00000001037fa7b9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000074974889 5 bytes JMP 00000001037f9768 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!recv 0000000074976b0e 5 bytes JMP 00000001037fa6f7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!send 0000000074976f01 5 bytes JMP 00000001037fa63e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000074977089 1 byte JMP 00000001037fa88d .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!WSARecv + 2 000000007497708b 3 bytes {JMP 0xffffffff8ee83804} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000074977489 5 bytes JMP 00000001037fa9d4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!WSAAsyncGetHostByName 000000007498726a 5 bytes JMP 00000001037f9a85 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074987673 5 bytes JMP 00000001037f95c7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6996] C:\Windows\syswow64\WININET.dll!InternetCrackUrlW 0000000076013059 5 bytes JMP 00000001037fba2e ? C:\Windows\system32\mssprxy.dll [6996] entry point in ".rdata" section 000000006f3071e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000771af991 7 bytes {MOV EDX, 0xc4f628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000771afbd5 7 bytes {MOV EDX, 0xc4f668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000771afc05 7 bytes {MOV EDX, 0xc4f5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000771afc1d 7 bytes {MOV EDX, 0xc4f528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000771afc35 7 bytes {MOV EDX, 0xc4f728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000771afc65 7 bytes {MOV EDX, 0xc4f768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000771afce5 7 bytes {MOV EDX, 0xc4f6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000771afcfd 7 bytes {MOV EDX, 0xc4f6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000771afd49 7 bytes {MOV EDX, 0xc4f468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000771afe41 7 bytes {MOV EDX, 0xc4f4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771b0099 7 bytes {MOV EDX, 0xc4f428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771b10a5 7 bytes {MOV EDX, 0xc4f5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000771b111d 7 bytes {MOV EDX, 0xc4f568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000771b1321 7 bytes {MOV EDX, 0xc4f4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000771af991 7 bytes {MOV EDX, 0x296228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000771afbd5 7 bytes {MOV EDX, 0x296268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000771afc05 7 bytes {MOV EDX, 0x2961a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000771afc1d 7 bytes {MOV EDX, 0x296128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000771afc35 7 bytes {MOV EDX, 0x296328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000771afc65 7 bytes {MOV EDX, 0x296368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000771afce5 7 bytes {MOV EDX, 0x2962e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000771afcfd 7 bytes {MOV EDX, 0x2962a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000771afd49 7 bytes {MOV EDX, 0x296068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000771afe41 7 bytes {MOV EDX, 0x2960a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771b0099 7 bytes {MOV EDX, 0x296028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771b10a5 7 bytes {MOV EDX, 0x2961e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000771b111d 7 bytes {MOV EDX, 0x296168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000771b1321 7 bytes {MOV EDX, 0x2960e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000771af991 7 bytes {MOV EDX, 0x4b4a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000771afbd5 7 bytes {MOV EDX, 0x4b4a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000771afc05 7 bytes {MOV EDX, 0x4b49a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000771afc1d 7 bytes {MOV EDX, 0x4b4928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000771afc35 7 bytes {MOV EDX, 0x4b4b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000771afc65 7 bytes {MOV EDX, 0x4b4b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000771afce5 7 bytes {MOV EDX, 0x4b4ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000771afcfd 7 bytes {MOV EDX, 0x4b4aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000771afd49 7 bytes {MOV EDX, 0x4b4868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000771afe41 7 bytes {MOV EDX, 0x4b48a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771b0099 7 bytes {MOV EDX, 0x4b4828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771b10a5 7 bytes {MOV EDX, 0x4b49e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000771b111d 7 bytes {MOV EDX, 0x4b4968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000771b1321 7 bytes {MOV EDX, 0x4b48e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000771af991 7 bytes {MOV EDX, 0x282a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000771afbd5 7 bytes {MOV EDX, 0x282a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000771afc05 7 bytes {MOV EDX, 0x2829a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000771afc1d 7 bytes {MOV EDX, 0x282928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000771afc35 7 bytes {MOV EDX, 0x282b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000771afc65 7 bytes {MOV EDX, 0x282b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000771afce5 7 bytes {MOV EDX, 0x282ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000771afcfd 7 bytes {MOV EDX, 0x282aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000771afd49 7 bytes {MOV EDX, 0x282868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000771afe41 7 bytes {MOV EDX, 0x2828a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771b0099 7 bytes {MOV EDX, 0x282828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771b10a5 7 bytes {MOV EDX, 0x2829e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000771b111d 7 bytes {MOV EDX, 0x282968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000771b1321 7 bytes {MOV EDX, 0x2828e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074961465 2 bytes [96, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749614bb 2 bytes [96, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\WLANExt.exe [1424:1476] 00000000009b86e4 Thread C:\Windows\system32\WLANExt.exe [1424:1480] 00000000009b86e4 Thread C:\Windows\SysWOW64\rundll32.exe [1676:1948] 000000000015f5a0 Thread C:\Windows\SysWOW64\rundll32.exe [1676:1952] 0000000000173a80 Thread C:\Windows\SysWOW64\rundll32.exe [1676:2192] 0000000000173a10 Thread C:\Windows\SysWOW64\rundll32.exe [1676:5576] 00000000004680a3 Thread C:\Windows\SysWOW64\rundll32.exe [1676:5592] 0000000000465235 Thread C:\Windows\SysWOW64\rundll32.exe [1676:5596] 0000000000465755 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e5436cb4b0 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e5436cb4b0@d0dfc7e500aa 0xEE 0x6F 0xD5 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e5436cb4b0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e5436cb4b0@d0dfc7e500aa 0xEE 0x6F 0xD5 0xB5 ... ---- EOF - GMER 2.1 ---- |
18.03.2013, 23:24 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen bei Klick auf Google Suchergebnis WerbungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
19.03.2013, 10:46 | #11 |
| Browser öffnen bei Klick auf Google Suchergebnis Werbung Okay, tut mir Leid, hier: Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.18.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jens :: JENS-PC [limited] 18.03.2013 18:36:20 mbar-log-2013-03-18 (18-36-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30996 Time elapsed: 16 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Vielen Dank vorab für die Hilfe! |
19.03.2013, 12:36 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen bei Klick auf Google Suchergebnis WerbungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
19.03.2013, 14:08 | #13 |
| Browser öffnen bei Klick auf Google Suchergebnis Werbung Hier nochmal als Administrator ausgeführt: Malwarebytes Anti-Rootkit BETA 1.01.0.1021 Malwarebytes : Free Anti-Malware download Database version: v2013.03.19.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jens :: JENS-PC [administrator] 19.03.2013 13:56:25 mbar-log-2013-03-19 (13-56-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 31066 Time elapsed: 17 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
19.03.2013, 14:44 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen bei Klick auf Google Suchergebnis Werbung aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Browser öffnen bei Klick auf Google Suchergebnis Werbung |
advertising, andere, anti, antivir, avira, avira antivir, beiträge, browser, chrome, deinstalliert, explorer, folge, folgendes, google, helft, interne, internet, internet explorer, klick, klicke, lösung, neu, nichts, seite, thema, werbung, wrbung, öffnen |