Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum soll weg!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.07.2012, 16:33   #1
tio-pepe
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



Hallo zusammen
dies ist mein erstes Thema.
ich habe mir den Live Security Platinum Trojaner eingefangen und will ihn wieder los werden. bisher habe ich die portfolios von Malwarebytes, defogger und OXL erstellt.
Nachdem ich Malwarebytes meinen Rechner absuchen lies, habe ich wie angegeben noch nichts gelöscht, sondern warte auf Anweisungen...
Der Rechner funktioniert noch, nachdem ich den Poxyserver ausgeschaltet habe.
Ich arbeite auf Win 7.

Bin auf dem Computer so halb begabt (also begabt bin ich gar nicht, doch mit Anweisungen/ einer guten Anleitung bring ichs hin)

Dieser Live Security Platinum Trojaner muss weg!

Hier die Portfolios:

von Malwarebytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.10.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
--- :: --- [limitiert]

10.07.2012 21:00:50
mbam-log-2012-07-12 (16-06-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 321047
Laufzeit: 52 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Lameshield) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|B7E858A70001A94009AE5616B4EB2367 (Trojan.Lameshield) -> Daten: C:\ProgramData\B7E858A70001A94009AE5616B4EB2367\B7E858A70001A94009AE5616B4EB2367.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\B7E858A70001A94009AE5616B4EB2367\B7E858A70001A94009AE5616B4EB2367.exe (Trojan.Lameshield) -> Keine Aktion durchgeführt.
C:\Users\---\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Keine Aktion durchgeführt.

(Ende)

von defogger

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:04 on 12/07/2012 (benno)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

von OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.07.2012 16:09:08 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\---\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.85 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.36% Memory free
7.71 Gb Paging File | 5.56 Gb Available in Paging File | 72.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.85 Gb Total Space | 235.34 Gb Free Space | 83.20% Space Free | Partition Type: NTFS
 
Computer Name: --- | User Name: --- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.12 16:04:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\benno\Desktop\OTL.exe
PRC - [2012.05.09 20:19:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 20:19:05 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 20:19:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.11 03:39:56 | 000,057,344 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
PRC - [2011.08.09 03:44:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.08.09 03:44:54 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.07.22 01:23:04 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011.03.15 05:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.03.15 05:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.18 03:22:54 | 000,141,192 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Sleep Memory Optimizer\FFSService.exe -- (FFSOpzSvc)
SRV:64bit: - [2011.08.02 21:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.12 15:40:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.20 18:25:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 20:19:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 20:19:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.01 02:58:54 | 000,105,120 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.08.11 03:39:56 | 000,057,344 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2011.08.09 03:44:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.08.09 03:44:54 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.07.22 01:23:04 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011.07.07 02:24:24 | 000,184,320 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv) Intel(R)
SRV - [2011.06.21 22:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.03.15 05:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012.05.09 20:19:06 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 20:19:06 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.16 21:44:54 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.11.16 21:44:54 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.11.16 21:44:54 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 03:08:26 | 000,519,328 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.10.01 03:07:40 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.10.01 03:07:26 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.10.01 03:06:54 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.10.01 03:06:40 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.10.01 03:06:24 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.10.01 03:06:08 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.10.01 03:05:54 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.09.18 21:18:56 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.08.09 18:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.29 05:07:18 | 000,185,128 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.07.29 00:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.06.16 15:50:08 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv) Intel(R)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.15 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 18:25:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.07 12:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benno\AppData\Roaming\mozilla\Extensions
[2012.07.10 20:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benno\AppData\Roaming\mozilla\Firefox\Profiles\dhzw1u2t.default\extensions
[2012.06.20 18:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.20 18:25:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:25:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.20 18:25:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 18:25:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 18:25:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 18:25:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 18:25:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [B7E858A70001A94009AE5616B4EB2367] C:\ProgramData\B7E858A70001A94009AE5616B4EB2367\B7E858A70001A94009AE5616B4EB2367.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3825DFC8-5E1C-4708-AF5D-6F450F86417E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43434a4a-3ce8-11e1-92ca-f76ad3420c72}\Shell - "" = AutoRun
O33 - MountPoints2\{43434a4a-3ce8-11e1-92ca-f76ad3420c72}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.12 16:04:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\benno\Desktop\OTL.exe
[2012.07.12 15:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.07.10 21:00:03 | 000,000,000 | ---D | C] -- C:\Users\benno\AppData\Roaming\Malwarebytes
[2012.07.10 20:59:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.10 20:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.10 20:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.10 20:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.10 20:56:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.10 20:23:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.07.10 20:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.07.10 19:35:31 | 000,000,000 | ---D | C] -- C:\Users\benno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.10 19:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A70001A94009AE5616B4EB2367
[2012.06.23 17:41:18 | 000,000,000 | ---D | C] -- C:\Users\benno\AppData\Local\Macromedia
[2012.06.20 18:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.20 18:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.12 16:04:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\benno\Desktop\OTL.exe
[2012.07.12 16:04:25 | 000,000,000 | ---- | M] () -- C:\Users\benno\defogger_reenable
[2012.07.12 16:03:23 | 000,050,477 | ---- | M] () -- C:\Users\benno\Desktop\Defogger.exe
[2012.07.12 15:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.12 15:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.12 12:36:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.12 12:36:54 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.12 12:36:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.12 12:36:54 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.12 12:36:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.10 20:59:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.10 20:10:03 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 20:10:03 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 19:35:31 | 000,001,098 | ---- | M] () -- C:\Users\benno\Desktop\Live Security Platinum.lnk
[2012.07.08 18:14:08 | 000,173,063 | ---- | M] () -- C:\Users\benno\Desktop\Plakat Daten.pdf
[2012.06.22 12:52:51 | 001,104,000 | ---- | M] () -- C:\Users\benno\Desktop\ninos_cupcakes_flyer-2.pdf
[2012.06.13 08:19:01 | 000,428,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.12 16:04:25 | 000,000,000 | ---- | C] () -- C:\Users\benno\defogger_reenable
[2012.07.12 16:03:22 | 000,050,477 | ---- | C] () -- C:\Users\benno\Desktop\Defogger.exe
[2012.07.10 20:59:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.10 19:35:31 | 000,001,098 | ---- | C] () -- C:\Users\benno\Desktop\Live Security Platinum.lnk
[2012.07.08 18:14:07 | 000,173,063 | ---- | C] () -- C:\Users\benno\Desktop\Plakat Daten.pdf
[2012.06.22 12:52:51 | 001,104,000 | ---- | C] () -- C:\Users\benno\Desktop\ninos_cupcakes_flyer-2.pdf
[2011.11.16 21:47:21 | 000,000,266 | ---- | C] () -- C:\Windows\LaunApp.ini
[2011.11.16 21:40:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.16 21:40:11 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.16 21:40:11 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.16 21:40:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.16 21:40:09 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.16 21:39:07 | 000,000,100 | ---- | C] () -- C:\Windows\WISGAPas.ini
[2011.11.16 21:39:01 | 000,001,078 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2011.10.21 03:22:30 | 000,000,445 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2011.10.21 03:22:30 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini
[2011.10.21 03:22:30 | 000,000,229 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2011.06.01 09:25:28 | 000,961,536 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
 
========== LOP Check ==========
 
[2011.12.07 12:21:13 | 000,000,000 | ---D | M] -- C:\Users\benno\AppData\Roaming\PowerCinema
[2012.04.01 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\benno\AppData\Roaming\PPTRemote
[2011.12.07 11:51:02 | 000,000,000 | ---D | M] -- C:\Users\benno\AppData\Roaming\Screensaver
[2012.05.15 22:47:43 | 000,000,000 | ---D | M] -- C:\Users\benno\AppData\Roaming\Wuala
[2009.07.14 07:08:49 | 000,028,362 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.07.2012 16:09:08 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\---\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.85 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.36% Memory free
7.71 Gb Paging File | 5.56 Gb Available in Paging File | 72.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.85 Gb Total Space | 235.34 Gb Free Space | 83.20% Space Free | Partition Type: NTFS
 
Computer Name: --- | User Name: --- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E3ED4B-7469-4624-8C13-7020AC9B94E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0FAACEAA-4DCF-4A7B-BD17-8019028B90E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1198DDEF-13E0-4B50-935A-3E588B3082D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{12DE95F2-5827-44F4-B771-7CEAE126C724}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{173304C9-3942-4A6E-A357-DE7AED659740}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1F5C06FA-C8A2-4C9B-8842-13B163EA9577}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{26F1A783-D45B-4CE2-9DA6-29382EC2E995}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2813BCDF-1D13-4FF0-ACAA-1209FA1EB684}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3290243F-8474-4AD5-BFFF-5A62F9B21423}" = rport=137 | protocol=17 | dir=out | app=system | 
"{447D81F0-7320-4343-A029-3EFE61A8F702}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4799C33B-42A5-4699-AFDE-56A72DD6F577}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4FB47E6D-871A-4004-A5A1-91065288E933}" = lport=137 | protocol=17 | dir=in | app=system | 
"{56157147-A220-4657-AC05-6C59268C9801}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E2C985B-B629-46F9-BB12-A04DF8BC8439}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EE3A226-8FB3-4681-B72E-555DD73D0908}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83380DB2-0CA6-40BB-AC6F-07AECAACE47C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8A5895E3-C5C6-48B4-BA52-D33FF88B52DD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8F7AC5EE-2560-4413-9A17-B207C0B48DEB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{982AC51A-1619-4D33-955C-264D68C3CEA8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A11C986A-7F8B-42A6-BBE6-A7C64F085704}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA9BA5BC-7DA9-4747-AF2D-B5D4EFB4BB5B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AB4AAF35-DBCD-4441-BA49-55B792137EE7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BCAD0228-7353-44EC-800C-4AEF9AA21A37}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{D80C756C-E2DC-4F64-BC75-3A42B3DE66D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EA111ED5-3BBC-4D8A-B8C4-9F3997D56EE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FAA18069-E279-46F3-8C7A-AAB4B886BB5A}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052530BE-13AF-4516-AC61-C08B2EA8966D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0862FCE3-59F4-4E7B-9D4C-454EF19C78E3}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{0D887A6F-56E5-4646-9885-4380BD300C1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1950EB93-0731-443E-9D32-D750CE0BA611}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21FAC28F-D1D2-4207-80ED-76933E47B484}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{241A401F-4F16-4A92-B15B-737E73480312}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2EB6FBE8-4952-4A36-8B0D-4BF771821CF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F1832D1-39DE-4FEA-BE70-B340C5FB6239}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{30DA4F93-3415-4890-AE78-C3216A8608F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{31B82E49-B2C1-4A2F-BDAE-3EECD1823484}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{39464925-06FA-4843-8E54-87D0720A7E06}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{4152D220-6E71-4894-A95D-01B18C7A7BB4}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{53E626C2-9F41-4C9B-A314-2030E0729FBD}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{5EBC8AF0-0F27-4ED8-ADE6-7CCB7BFC4474}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{64227AC9-E90A-4D1B-BA92-F2FE1DA6368C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | 
"{655692DC-B5AE-468C-AF60-E3AE8ECC6AA2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{68DD3BF0-574D-4F3C-AE56-7E49306D81E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{6D2DEAD5-523B-4B9E-A030-7600C7A8E670}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{6D3544F9-686C-427B-89FA-8780E8EA6F59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E5612A0-0E82-42F4-8C28-9068FC3651D5}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe | 
"{719B5D13-2C29-4EE7-BBD0-BDDF77F07A07}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{800C8B68-F629-4FE3-A3EE-DFA5552AB2D7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{8EBA3F8A-6F29-4031-9266-F8A57083E641}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8EFD6716-4E44-45F3-BA27-6147068984C2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{913B91A0-1023-4A29-8191-7EFF2E5D25FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{965E755C-7CBE-4707-B695-ADDD43E2AB8E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9BDAD73F-4432-4CE1-9C12-48328A087E24}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{9EECD3B2-1424-44BF-AA63-5C129F819B98}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A2402A23-710E-4062-86AB-BB4EA68CFDE3}" = protocol=6 | dir=out | app=system | 
"{A4353607-B87D-457C-B440-A070444167A2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe | 
"{B4AB87E9-E1FB-44FA-A436-9C136DCA9BE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C0C39C5B-4A60-4568-8FD1-72421579F0CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB0F631D-87A0-41A7-B4AC-64A5BEB0796E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D1030DD8-A07B-40B0-8B1C-B6E11C48E6D6}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{DD7A9BBD-68F3-481B-89AC-A9F00D75910D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E32DB424-D66A-474E-A58E-5486482DB775}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E4CF844E-7115-41C1-AD78-5E07B46776B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7005B4A-B04C-48F0-9CA3-82F4F2278253}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{FF372546-B274-4DC7-A2A2-89E565C6A1B1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"TCP Query User{06A5B9C4-FD27-4E3A-A6B9-61A703A83207}C:\users\benno\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\benno\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{BDB4BC47-AA31-4742-8A49-5D37A9631923}C:\users\benno\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\benno\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{E1051B13-5774-41E6-A883-481D8BEC8A0D}C:\program files (x86)\ppt remote\pptremote.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ppt remote\pptremote.exe | 
"UDP Query User{525A1DBE-B8B9-4D06-A1DC-F919CAF36564}C:\users\benno\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\benno\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{5FC44BF9-3B03-46E9-9FB4-58DCAE6A0283}C:\users\benno\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\benno\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{A2276BCE-ECD1-4ADB-9631-F44EBBA3BD30}C:\program files (x86)\ppt remote\pptremote.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ppt remote\pptremote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A5B1102-B44C-4C53-A4B8-CEB12E2BC6E3}" = NCSS 2007
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34BE2594-1D20-4A2E-97A0-B9E2837520AE}" = Sleep Memory Optimizer
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C20A342-085D-4000-B69D-492F3BA4BF94}" = Qualcomm Atheros Fast Reconnect
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F3E556-83B1-47E5-A36B-560A521B999B}" = Acer Deep Sleep Settings
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{919B2CAA-1047-48E6-B7BF-C218796303E9}" = PPT Remote
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9602841E-ECE2-1019-AAEE-906A4DE25D6B}" = Intel(R) Identity Protection Technology 1.2.18.0
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F5A954ED-07FE-4DFB-8763-F4AD47D79218}_is1" = Presenter version 1.27
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NP_FR_2011" = FRITax 2011 11.3.43
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-10838680-99e2-4447-b5cf-52dd3bb764dd" = Penguins!
"WTA-26084216-2def-4738-8a5f-a12c4fc5edd8" = Plants vs. Zombies - Game of the Year
"WTA-4e6b1a9f-61db-4dcb-9b2a-2eeeaa9a84ef" = Crazy Chicken Kart 2
"WTA-53f87b29-355a-48d3-aa02-ce7b05318149" = Zuma Deluxe
"WTA-5eb62bd2-4457-4481-9bcf-db4a2626cb1e" = Insaniquarium Deluxe
"WTA-62284656-92ec-4f55-86ab-0d576599c49e" = Jewel Match 3
"WTA-63e90e66-b50f-41a6-8026-5861c8ed2825" = Slingo Deluxe
"WTA-6507983c-0a4d-4ff6-bd06-ea3f354858fb" = Bejeweled 2 Deluxe
"WTA-77833519-1dba-45b6-932c-331a027813df" = Chuzzle Deluxe
"WTA-7b60c165-9b81-47d1-9cf3-e73bb27ca57d" = John Deere Drive Green
"WTA-814b104c-d2c8-42c9-baf4-316a664bf19f" = Final Drive: Nitro
"WTA-892967b9-0231-40e6-8f99-ba570adf3c49" = Virtual Villagers 4 - The Tree of Life
"WTA-98191031-159c-44ec-91f8-ef05c9bfe93e" = Polar Bowler
"WTA-99701f78-b219-43cd-a336-ef88bd145260" = FATE
"WTA-a845e538-26d1-46c7-a196-c391127bac2c" = Torchlight
"WTA-c138e2bc-a9bf-4e71-b022-36ae8eeec7aa" = Wedding Dash
"WTA-c58b8996-038b-45b3-852d-8348a5786e1c" = Agatha Christie - Death on the Nile
"WTA-d1814e01-e0b2-4ed1-9724-74fd2fab31c1" = Jewel Quest Solitaire
"WTA-d46da7d1-9d3a-44ce-86a7-06320a162770" = Mystery of Mortlake Mansion
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Security Platinum" = Live Security Platinum
"Wuala" = Wuala
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2012 14:16:50 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 14:16:50 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 14:47:43 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 14:47:44 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 14:47:44 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 14:47:44 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 14:47:44 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 14:47:44 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 14:47:44 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 14:47:44 | Computer Name = --- | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ OSession Events ]
Error - 18.01.2012 16:52:56 | Computer Name = --- | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3139
seconds with 2940 seconds of active time. This session ended with a crash.
 
[ System Events ]
Error - 27.06.2012 02:53:49 | Computer Name = --- | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 28.06.2012 06:57:24 | Computer Name = --- | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 28.06.2012 08:37:33 | Computer Name = --- | Source = bowser | ID = 8003
Description = 
 
Error - 28.06.2012 08:38:33 | Computer Name = --- | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2012 07:50:06 | Computer Name = --- | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.06.2012 01:39:59 | Computer Name = --- | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 01.07.2012 03:50:51 | Computer Name = --- | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 01.07.2012 04:02:04 | Computer Name = --- | Source = bowser | ID = 8003
Description = 
 
Error - 01.07.2012 06:09:02 | Computer Name = --- | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 01.07.2012 06:09:13 | Computer Name = --- | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
 
< End of report >
         
--- --- ---


Scann von Avira Free Antivirus

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 12. Juli 2012 16:22

Es wird nach 3862821 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BENNO-PCPETIT

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 09.05.2012 18:19:05
AVSCAN.DLL : 12.3.0.15 66256 Bytes 09.05.2012 18:19:05
LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 18:19:06
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 18:19:06
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 19:57:22
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 19:57:01
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:06:56
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 20:38:10
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 07:50:58
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 07:50:58
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 07:50:58
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 07:50:58
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 07:50:58
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 07:50:58
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 07:50:58
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 07:50:58
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 07:50:58
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 09:07:45
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 12:17:22
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 21:40:09
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 20:50:12
VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 10:33:21
VBASE019.VDF : 7.11.35.236 2048 Bytes 12.07.2012 10:33:21
VBASE020.VDF : 7.11.35.237 2048 Bytes 12.07.2012 10:33:21
VBASE021.VDF : 7.11.35.238 2048 Bytes 12.07.2012 10:33:21
VBASE022.VDF : 7.11.35.239 2048 Bytes 12.07.2012 10:33:21
VBASE023.VDF : 7.11.35.240 2048 Bytes 12.07.2012 10:33:21
VBASE024.VDF : 7.11.35.241 2048 Bytes 12.07.2012 10:33:21
VBASE025.VDF : 7.11.35.242 2048 Bytes 12.07.2012 10:33:21
VBASE026.VDF : 7.11.35.243 2048 Bytes 12.07.2012 10:33:22
VBASE027.VDF : 7.11.35.244 2048 Bytes 12.07.2012 10:33:22
VBASE028.VDF : 7.11.35.245 2048 Bytes 12.07.2012 10:33:22
VBASE029.VDF : 7.11.35.246 2048 Bytes 12.07.2012 10:33:22
VBASE030.VDF : 7.11.35.247 2048 Bytes 12.07.2012 10:33:22
VBASE031.VDF : 7.11.35.248 2048 Bytes 12.07.2012 10:33:22
Engineversion : 8.2.10.110
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 17:36:55
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 06.07.2012 12:17:50
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 12:02:02
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 05:47:42
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.3.0.12 807286 Bytes 10.07.2012 17:36:55
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 29.06.2012 11:50:08
AEHEUR.DLL : 8.1.4.64 5009782 Bytes 06.07.2012 12:17:48
AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 11:50:07
AEGEN.DLL : 8.1.5.32 434548 Bytes 06.07.2012 12:17:28
AEEXP.DLL : 8.1.0.62 86389 Bytes 12.07.2012 10:33:22
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 17:36:55
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 17:36:54
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 18:19:05
AVPREF.DLL : 12.3.0.15 51920 Bytes 09.05.2012 18:19:05
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 18:19:06
AVARKT.DLL : 12.3.0.15 211408 Bytes 09.05.2012 18:19:05
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 18:19:05
SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 18:19:06
AVSMTP.DLL : 12.3.0.15 63440 Bytes 09.05.2012 18:19:05
NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 18:19:06
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 09.05.2012 18:19:05
RCTEXT.DLL : 12.3.0.15 98512 Bytes 09.05.2012 18:19:05

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 12. Juli 2012 16:22

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'OTL.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ath_WlanAgent.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMutilps32.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\ProgramData\B7E858A70001A94009AE5616B4EB2367\B7E858A70001A94009AE5616B4EB2367.exe
[FUND] Ist das Trojanische Pferd TR/Winwebsec.A.845

Die Registry wurde durchsucht ( '1809' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
C:\ProgramData\B7E858A70001A94009AE5616B4EB2367\B7E858A70001A94009AE5616B4EB2367.exe
[FUND] Ist das Trojanische Pferd TR/Winwebsec.A.845
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{DA41358E-46A1-D80A-61D2-B3171838F31E}-B7E858A70001A94009AE5616B4EB2367.exe
[0] Archivtyp: HIDDEN
--> FIL\\\?\C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{DA41358E-46A1-D80A-61D2-B3171838F31E}-B7E858A70001A94009AE5616B4EB2367.exe
[FUND] Ist das Trojanische Pferd TR/Winwebsec.A.845
C:\ProgramData\Microsoft\WLSetup\CabLogs\Logs.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\ProgramData\Microsoft\WLSetup\CabLogs\Logs2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\benno\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\517af5ec-1599a3ab
[0] Archivtyp: ZIP
--> CL2.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ivinest.Gen
--> CL3.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723
C:\Users\benno\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\ca22e38-30085ebf
[0] Archivtyp: ZIP
--> CL2.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ivinest.Gen
--> CL3.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723

Beginne mit der Desinfektion:
Die Datei '\\?\C:\Users\benno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk' wurde ins Quarantäneverzeichnis verschoben.
C:\Users\---\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\ca22e38-30085ebf
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '569d43f7.qua' verschoben!
C:\Users\---\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\517af5ec-1599a3ab
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e0f6c81.qua' verschoben!
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{DA41358E-46A1-D80A-61D2-B3171838F31E}-B7E858A70001A94009AE5616B4EB2367.exe
[FUND] Ist das Trojanische Pferd TR/Winwebsec.A.845
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c5a3644.qua' verschoben!
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-617489431-2679651955-971805070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\B7E858A70001A94009AE5616B4EB2367> wurde erfolgreich entfernt.
C:\ProgramData\B7E858A70001A94009AE5616B4EB2367\B7E858A70001A94009AE5616B4EB2367.exe
[FUND] Ist das Trojanische Pferd TR/Winwebsec.A.845
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3f9554ab.qua' verschoben!
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-617489431-2679651955-971805070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\B7E858A70001A94009AE5616B4EB2367> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-617489431-2679651955-971805070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\B7E858A70001A94009AE5616B4EB2367> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-617489431-2679651955-971805070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Programs> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-617489431-2679651955-971805070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Programs> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-617489431-2679651955-971805070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-617489431-2679651955-971805070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu> wurde erfolgreich repariert.


Ende des Suchlaufs: Donnerstag, 12. Juli 2012 17:24
Benötigte Zeit: 59:37 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

24609 Verzeichnisse wurden überprüft
551803 Dateien wurden geprüft
7 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
4 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
551796 Dateien ohne Befall
3627 Archive wurden durchsucht
2 Warnungen
4 Hinweise
583584 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden


Danke für eure Anweisungen und Hilfe
tio-pepe

Alt 13.07.2012, 19:48   #2
markusg
/// Malware-holic
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\RunOnce: [B7E858A70001A94009AE5616B4EB2367] C:\ProgramData\B7E858A70001A94009AE5616B4EB2367\B7E858A70001A94009AE5616B4EB2367.exe ()
[2012.07.10 19:35:31 | 000,000,000 | ---D | C] -- C:\Users\benno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
 :Files
C:\ProgramData\B7E858A70001A94009AE5616B4EB2367
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
__________________

__________________

Alt 15.07.2012, 16:37   #3
tio-pepe
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



Hallo markusg

Danke für die tollen Anweisungen.
Nun habe ich alle Files im UpLoad channel hochgeladen. Gleichzeitig.
Ist das richtig so?
Auf dem Desktop hat es mir zwei Textdateien erstellt und daher habe ich beide hochgeladen. Ich wäre dir sehr dankbar, mir rückzumelden ob mein Rechner nun sauber ist oder ob es noch weitere Schritte braucht.

mit freundlichen Grüssen
tio-pepe
__________________

Alt 15.07.2012, 17:38   #4
markusg
/// Malware-holic
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.07.2012, 19:40   #5
tio-pepe
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



Hallo

Ich habe soeben das ComboFix Logfile hochgeladen.
Bis jetzt scheint alles tiptop zu funktionieren. Genial!
Danke schon im Voraus nochmals.
Wie gehts weiter?

freundliche Grüsse tio-pepe


Alt 15.07.2012, 20:36   #6
markusg
/// Malware-holic
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



logs bitte im forum posten.
__________________
--> Live Security Platinum soll weg!

Alt 15.07.2012, 21:24   #7
tio-pepe
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



Ok.
Weiss nicht ob ich jetzt das richtige gemacht habe, aber jedefalls hier ein weiterer versuch das combofix file zu uploaden.
sorry.

Code:
ATTFilter
ComboFix 12-07-14.01 - --- 15.07.2012  20:22:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.3946.2665 [GMT 2:00]
ausgeführt von:: c:\users\---\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\---\Desktop\Live Security Platinum.lnk
c:\windows\Temp\log.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-15 bis 2012-07-15  ))))))))))))))))))))))))))))))
.
.
2012-07-15 18:26 . 2012-07-15 18:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-15 15:11 . 2012-07-15 15:21	--------	d-----w-	C:\_OTL
2012-07-13 15:49 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A72AEF2-E830-4A16-B837-3997BA116FCC}\mpengine.dll
2012-07-12 13:49 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-12 13:46 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-11 09:59 . 2012-06-02 05:50	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-07-11 09:59 . 2012-06-02 05:48	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 09:59 . 2012-06-02 05:48	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 09:59 . 2012-06-02 05:45	340992	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 09:59 . 2012-06-02 05:44	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-11 09:59 . 2012-06-02 04:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-07-11 09:59 . 2012-06-02 04:40	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-07-11 09:59 . 2012-06-02 04:39	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-07-11 09:59 . 2012-06-02 04:34	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-07-10 19:00 . 2012-07-10 19:00	--------	d-----w-	c:\users\---\AppData\Roaming\Malwarebytes
2012-07-10 18:59 . 2012-07-10 18:59	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-10 18:59 . 2012-07-10 18:59	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-10 18:59 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-10 18:23 . 2012-07-10 18:56	--------	d-----w-	C:\sh4ldr
2012-07-10 18:23 . 2012-07-10 18:23	--------	d-----w-	c:\program files\Enigma Software Group
2012-07-10 18:22 . 2012-07-10 18:56	--------	d-----w-	c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-10 17:31 . 2012-07-12 15:24	--------	d-----w-	c:\programdata\B7E858A70001A94009AE5616B4EB2367
2012-06-23 15:41 . 2012-06-23 15:41	--------	d-----w-	c:\users\---\AppData\Local\Macromedia
2012-06-20 16:25 . 2012-06-20 16:25	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-06-20 16:25 . 2012-06-20 16:25	588728	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-20 16:25 . 2012-06-20 16:25	43960	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-20 16:25 . 2012-06-20 16:25	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-20 16:25 . 2012-06-20 16:25	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-20 16:25 . 2012-06-20 16:25	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-20 16:25 . 2012-06-20 16:25	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-20 16:25 . 2012-06-20 16:25	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-19 09:11 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 09:11 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 09:11 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 09:11 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 09:11 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-19 09:11 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 09:11 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 09:11 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 09:11 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 13:40 . 2012-04-05 08:56	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 13:40 . 2011-10-21 01:10	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 18:19 . 2011-12-07 09:57	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-09 18:19 . 2011-12-07 09:57	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-04 11:06 . 2012-06-12 17:27	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 17:27	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 17:27	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 17:27	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 17:26	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 17:27	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 17:27	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 17:27	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 07:28 . 2012-04-24 07:28	10240	----a-r-	c:\users\---\AppData\Roaming\Microsoft\Installer\{2A5B1102-B44C-4C53-A4B8-CEB12E2BC6E3}\IconCE750F702.exe
2012-04-24 07:28 . 2012-04-24 07:28	10240	----a-r-	c:\users\---\AppData\Roaming\Microsoft\Installer\{2A5B1102-B44C-4C53-A4B8-CEB12E2BC6E3}\Icon2A5B1102.exe
2012-04-24 05:37 . 2012-06-12 17:26	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 17:26	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 17:26	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 17:26	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 17:26	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 17:26	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{192BB7E1-E3E3-42B7-84DE-933957351276}"
[HKEY_CLASSES_ROOT\CLSID\{192BB7E1-E3E3-42B7-84DE-933957351276}]
2012-04-09 14:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-15 1081424]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-11-16 723560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-10-01 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-01 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-01 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-10-01 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-10-01 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-10-01 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-10-01 519328]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2011-07-07 184320]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 352144]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-11-16 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-11-16 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-11-16 62776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-10-01 105120]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-15 352336]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 FFSOpzSvc;Sleep memory optimizer;c:\program files\Sleep Memory Optimizer\FFSService.exe [2011-09-18 141192]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-07-21 212944]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-08-11 57344]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-10-01 30368]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-07-29 185128]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2011-06-16 26504]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-07-28 313448]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{192BB7E1-E3E3-42B7-84DE-933957351276}"
[HKEY_CLASSES_ROOT\CLSID\{192BB7E1-E3E3-42B7-84DE-933957351276}]
2012-04-09 14:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-16 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-16 416024]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-10-01 981664]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-01 799904]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\benno\AppData\Roaming\Mozilla\Firefox\Profiles\dhzw1u2t.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-15  20:28:25
ComboFix-quarantined-files.txt  2012-07-15 18:28
.
Vor Suchlauf: 14 Verzeichnis(se), 251'556'380'672 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 251'607'638'016 Bytes frei
.
- - End Of File - - 53B13F1C6FC54961A89B201488C14261
         

Alt 17.07.2012, 22:03   #8
markusg
/// Malware-holic
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.07.2012, 19:49   #9
tio-pepe
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



Hallo
tdsskiller wie befohlen heruntergeladen und gescannt.
alles ist gut gelaufen.
tdsskiller machte 2 funde, die ich geskipt habe.
hier nun das log, das erstellt wurde.
vielen dank für deine Hilfe
lieba gruess
tio-pepe

Code:
ATTFilter
20:33:32.0864 4288	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:33:32.0954 4288	============================================================
20:33:32.0954 4288	Current date / time: 2012/07/18 20:33:32.0954
20:33:32.0954 4288	SystemInfo:
20:33:32.0954 4288	
20:33:32.0954 4288	OS Version: 6.1.7601 ServicePack: 1.0
20:33:32.0954 4288	Product type: Workstation
20:33:32.0954 4288	ComputerName: ----
20:33:32.0954 4288	UserName: ----
20:33:32.0954 4288	Windows directory: C:\Windows
20:33:32.0954 4288	System windows directory: C:\Windows
20:33:32.0954 4288	Running under WOW64
20:33:32.0954 4288	Processor architecture: Intel x64
20:33:32.0954 4288	Number of processors: 4
20:33:32.0954 4288	Page size: 0x1000
20:33:32.0954 4288	Boot type: Normal boot
20:33:32.0954 4288	============================================================
20:33:33.0594 4288	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:33:33.0594 4288	Drive \Device\Harddisk1\DR1 - Size: 0x4A8F86000 (18.64 Gb), SectorSize: 0x200, Cylinders: 0x981, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:33:33.0594 4288	============================================================
20:33:33.0594 4288	\Device\Harddisk0\DR0:
20:33:33.0594 4288	MBR partitions:
20:33:33.0594 4288	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E46800, BlocksNum 0x32000
20:33:33.0594 4288	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E78800, BlocksNum 0x235B5800
20:33:33.0594 4288	\Device\Harddisk1\DR1:
20:33:33.0594 4288	MBR partitions:
20:33:33.0594 4288	============================================================
20:33:33.0624 4288	C: <-> \Device\Harddisk0\DR0\Partition1
20:33:33.0624 4288	============================================================
20:33:33.0624 4288	Initialize success
20:33:33.0624 4288	============================================================
20:34:15.0114 4544	============================================================
20:34:15.0114 4544	Scan started
20:34:15.0114 4544	Mode: Manual; SigCheck; TDLFS; 
20:34:15.0114 4544	============================================================
20:34:15.0624 4544	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:34:15.0754 4544	1394ohci - ok
20:34:15.0804 4544	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:34:15.0824 4544	ACPI - ok
20:34:15.0844 4544	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:34:15.0904 4544	AcpiPmi - ok
20:34:16.0014 4544	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:34:16.0044 4544	AdobeARMservice - ok
20:34:16.0184 4544	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:34:16.0214 4544	AdobeFlashPlayerUpdateSvc - ok
20:34:16.0294 4544	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:34:16.0324 4544	adp94xx - ok
20:34:16.0384 4544	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:34:16.0414 4544	adpahci - ok
20:34:16.0484 4544	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:34:16.0504 4544	adpu320 - ok
20:34:16.0524 4544	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:34:16.0684 4544	AeLookupSvc - ok
20:34:16.0754 4544	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:34:16.0814 4544	AFD - ok
20:34:16.0864 4544	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:34:16.0874 4544	agp440 - ok
20:34:16.0914 4544	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:34:16.0974 4544	ALG - ok
20:34:17.0004 4544	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:34:17.0014 4544	aliide - ok
20:34:17.0034 4544	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:34:17.0044 4544	amdide - ok
20:34:17.0054 4544	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:34:17.0094 4544	AmdK8 - ok
20:34:17.0124 4544	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:34:17.0164 4544	AmdPPM - ok
20:34:17.0214 4544	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:34:17.0224 4544	amdsata - ok
20:34:17.0264 4544	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:34:17.0284 4544	amdsbs - ok
20:34:17.0304 4544	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:34:17.0314 4544	amdxata - ok
20:34:17.0394 4544	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:34:17.0434 4544	AntiVirSchedulerService - ok
20:34:17.0474 4544	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:34:17.0484 4544	AntiVirService - ok
20:34:17.0544 4544	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:34:17.0714 4544	AppID - ok
20:34:17.0754 4544	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:34:17.0814 4544	AppIDSvc - ok
20:34:17.0854 4544	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:34:17.0904 4544	Appinfo - ok
20:34:17.0944 4544	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:34:17.0954 4544	arc - ok
20:34:17.0974 4544	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:34:17.0984 4544	arcsas - ok
20:34:18.0004 4544	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:34:18.0064 4544	AsyncMac - ok
20:34:18.0104 4544	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:34:18.0114 4544	atapi - ok
20:34:18.0144 4544	AthBTPort       (185f180536188c1a4ed605234721a5b9) C:\Windows\system32\DRIVERS\btath_flt.sys
20:34:18.0144 4544	AthBTPort - ok
20:34:18.0214 4544	AtherosSvc      (397748353925a6602a6097fa92af23bf) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:34:18.0224 4544	AtherosSvc - ok
20:34:18.0454 4544	athr            (16567ab05cd34f46d0dcbb129ca143c2) C:\Windows\system32\DRIVERS\athrx.sys
20:34:18.0544 4544	athr - ok
20:34:18.0724 4544	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:34:18.0794 4544	AudioEndpointBuilder - ok
20:34:18.0804 4544	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:34:18.0844 4544	AudioSrv - ok
20:34:18.0904 4544	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:34:18.0914 4544	avgntflt - ok
20:34:18.0954 4544	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:34:18.0964 4544	avipbb - ok
20:34:18.0974 4544	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:34:18.0984 4544	avkmgr - ok
20:34:19.0014 4544	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:34:19.0104 4544	AxInstSV - ok
20:34:19.0194 4544	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:34:19.0234 4544	b06bdrv - ok
20:34:19.0304 4544	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:34:19.0354 4544	b57nd60a - ok
20:34:19.0394 4544	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:34:19.0434 4544	BDESVC - ok
20:34:19.0464 4544	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:34:19.0524 4544	Beep - ok
20:34:19.0624 4544	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:34:19.0684 4544	BFE - ok
20:34:19.0774 4544	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:34:19.0874 4544	BITS - ok
20:34:19.0924 4544	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:34:19.0964 4544	blbdrive - ok
20:34:20.0004 4544	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:34:20.0044 4544	bowser - ok
20:34:20.0074 4544	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:34:20.0104 4544	BrFiltLo - ok
20:34:20.0114 4544	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:34:20.0134 4544	BrFiltUp - ok
20:34:20.0214 4544	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:34:20.0284 4544	BridgeMP - ok
20:34:20.0354 4544	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:34:20.0434 4544	Browser - ok
20:34:20.0474 4544	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:34:20.0504 4544	Brserid - ok
20:34:20.0534 4544	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:34:20.0564 4544	BrSerWdm - ok
20:34:20.0574 4544	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:34:20.0604 4544	BrUsbMdm - ok
20:34:20.0634 4544	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:34:20.0654 4544	BrUsbSer - ok
20:34:20.0704 4544	BTATH_A2DP      (b5d8c2e82f33e2385fa9f309b6356715) C:\Windows\system32\drivers\btath_a2dp.sys
20:34:20.0714 4544	BTATH_A2DP - ok
20:34:20.0754 4544	btath_avdt      (3118072d09daa1961a9f6549a4e8433a) C:\Windows\system32\drivers\btath_avdt.sys
20:34:20.0754 4544	btath_avdt - ok
20:34:20.0794 4544	BTATH_BUS       (e6b734a37ade36fe1a77035f4e484c8c) C:\Windows\system32\DRIVERS\btath_bus.sys
20:34:20.0804 4544	BTATH_BUS - ok
20:34:20.0844 4544	BTATH_HCRP      (fb3833e63ff602b69c2ff085846dcf43) C:\Windows\system32\DRIVERS\btath_hcrp.sys
20:34:20.0854 4544	BTATH_HCRP - ok
20:34:20.0854 4544	BTATH_LWFLT     (8008d892a2bda67eefbe25e14eb5dc83) C:\Windows\system32\DRIVERS\btath_lwflt.sys
20:34:20.0864 4544	BTATH_LWFLT - ok
20:34:20.0884 4544	BTATH_RCP       (abcd3c16ca850a7594ceb9ad5d966810) C:\Windows\system32\DRIVERS\btath_rcp.sys
20:34:20.0894 4544	BTATH_RCP - ok
20:34:20.0974 4544	BtFilter        (0c3825703b5e4adb5fb75a651e4682b7) C:\Windows\system32\DRIVERS\btfilter.sys
20:34:20.0984 4544	BtFilter - ok
20:34:21.0014 4544	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
20:34:21.0054 4544	BthEnum - ok
20:34:21.0094 4544	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:34:21.0124 4544	BTHMODEM - ok
20:34:21.0164 4544	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:34:21.0194 4544	BthPan - ok
20:34:21.0254 4544	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
20:34:21.0294 4544	BTHPORT - ok
20:34:21.0334 4544	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:34:21.0394 4544	bthserv - ok
20:34:21.0404 4544	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
20:34:21.0434 4544	BTHUSB - ok
20:34:21.0454 4544	catchme - ok
20:34:21.0544 4544	cbfs3           (555fa105c22b1616094edad1cbfb0551) C:\Windows\system32\drivers\cbfs3.sys
20:34:21.0574 4544	cbfs3 - ok
20:34:21.0614 4544	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:34:21.0684 4544	cdfs - ok
20:34:21.0734 4544	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:34:21.0754 4544	cdrom - ok
20:34:21.0784 4544	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:34:21.0834 4544	CertPropSvc - ok
20:34:21.0854 4544	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:34:21.0924 4544	circlass - ok
20:34:21.0984 4544	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:34:22.0004 4544	CLFS - ok
20:34:22.0084 4544	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:34:22.0114 4544	clr_optimization_v2.0.50727_32 - ok
20:34:22.0164 4544	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:34:22.0184 4544	clr_optimization_v2.0.50727_64 - ok
20:34:22.0244 4544	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:34:22.0264 4544	clr_optimization_v4.0.30319_32 - ok
20:34:22.0324 4544	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:34:22.0334 4544	clr_optimization_v4.0.30319_64 - ok
20:34:22.0364 4544	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:34:22.0394 4544	CmBatt - ok
20:34:22.0414 4544	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:34:22.0424 4544	cmdide - ok
20:34:22.0504 4544	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:34:22.0544 4544	CNG - ok
20:34:22.0584 4544	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:34:22.0594 4544	Compbatt - ok
20:34:22.0624 4544	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:34:22.0654 4544	CompositeBus - ok
20:34:22.0664 4544	COMSysApp - ok
20:34:22.0694 4544	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:34:22.0704 4544	crcdisk - ok
20:34:22.0754 4544	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:34:22.0784 4544	CryptSvc - ok
20:34:22.0814 4544	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
20:34:22.0824 4544	CVirtA - ok
20:34:23.0014 4544	CVPND           (98c413e1a2fb6e5a4c101c25b3d0b275) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
20:34:23.0084 4544	CVPND - ok
20:34:23.0244 4544	CVPNDRVA        (79af0e203d089af442a3f70ed00a37fb) C:\Windows\system32\Drivers\CVPNDRVA.sys
20:34:23.0274 4544	CVPNDRVA - ok
20:34:23.0334 4544	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:34:23.0414 4544	DcomLaunch - ok
20:34:23.0484 4544	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:34:23.0554 4544	defragsvc - ok
20:34:23.0594 4544	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:34:23.0644 4544	DfsC - ok
20:34:23.0694 4544	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:34:23.0734 4544	Dhcp - ok
20:34:23.0764 4544	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:34:23.0814 4544	discache - ok
20:34:23.0854 4544	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:34:23.0864 4544	Disk - ok
20:34:23.0914 4544	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
20:34:23.0914 4544	DNE - ok
20:34:23.0974 4544	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:34:24.0044 4544	Dnscache - ok
20:34:24.0084 4544	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:34:24.0154 4544	dot3svc - ok
20:34:24.0214 4544	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:34:24.0274 4544	DPS - ok
20:34:24.0314 4544	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:34:24.0354 4544	drmkaud - ok
20:34:24.0664 4544	DsiWMIService   (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:34:24.0714 4544	DsiWMIService - ok
20:34:25.0064 4544	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:34:25.0134 4544	DXGKrnl - ok
20:34:25.0174 4544	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:34:25.0244 4544	EapHost - ok
20:34:25.0444 4544	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:34:25.0514 4544	ebdrv - ok
20:34:25.0624 4544	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:34:25.0684 4544	EFS - ok
20:34:25.0774 4544	EgisTec Ticket Service (5332ec2ba1c112bd4bb1f38127848fef) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
20:34:25.0784 4544	EgisTec Ticket Service - ok
20:34:25.0874 4544	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:34:25.0924 4544	ehRecvr - ok
20:34:25.0954 4544	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:34:25.0984 4544	ehSched - ok
20:34:26.0094 4544	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:34:26.0114 4544	elxstor - ok
20:34:26.0244 4544	ePowerSvc       (48425c93b6f36529707206e4fa680cf3) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:34:26.0264 4544	ePowerSvc - ok
20:34:26.0404 4544	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:34:26.0434 4544	ErrDev - ok
20:34:26.0494 4544	esgiguard - ok
20:34:26.0544 4544	ETD             (d6a2b740bfe34e0e89894203affc09be) C:\Windows\system32\DRIVERS\ETD.sys
20:34:26.0564 4544	ETD - ok
20:34:26.0614 4544	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:34:26.0664 4544	EventSystem - ok
20:34:26.0714 4544	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:34:26.0764 4544	exfat - ok
20:34:26.0784 4544	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:34:26.0854 4544	fastfat - ok
20:34:26.0924 4544	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:34:26.0984 4544	Fax - ok
20:34:27.0024 4544	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:34:27.0054 4544	fdc - ok
20:34:27.0084 4544	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:34:27.0174 4544	fdPHost - ok
20:34:27.0184 4544	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:34:27.0224 4544	FDResPub - ok
20:34:27.0304 4544	FFSOpzSvc       (e4bb551e0848822b4564df128cf492c6) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
20:34:27.0324 4544	FFSOpzSvc - ok
20:34:27.0334 4544	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:34:27.0354 4544	FileInfo - ok
20:34:27.0364 4544	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:34:27.0424 4544	Filetrace - ok
20:34:27.0464 4544	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:34:27.0484 4544	flpydisk - ok
20:34:27.0514 4544	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:34:27.0534 4544	FltMgr - ok
20:34:27.0624 4544	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:34:27.0694 4544	FontCache - ok
20:34:27.0764 4544	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:34:27.0774 4544	FontCache3.0.0.0 - ok
20:34:27.0814 4544	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:34:27.0844 4544	FsDepends - ok
20:34:27.0874 4544	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:34:27.0884 4544	Fs_Rec - ok
20:34:27.0934 4544	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:34:27.0944 4544	fvevol - ok
20:34:27.0964 4544	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:34:27.0974 4544	gagp30kx - ok
20:34:28.0064 4544	GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:34:28.0084 4544	GamesAppService - ok
20:34:28.0174 4544	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:34:28.0224 4544	gpsvc - ok
20:34:28.0304 4544	GREGService     (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
20:34:28.0314 4544	GREGService - ok
20:34:28.0364 4544	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:34:28.0404 4544	hcw85cir - ok
20:34:28.0464 4544	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:34:28.0504 4544	HdAudAddService - ok
20:34:28.0554 4544	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:34:28.0584 4544	HDAudBus - ok
20:34:28.0614 4544	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:34:28.0644 4544	HidBatt - ok
20:34:28.0664 4544	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:34:28.0694 4544	HidBth - ok
20:34:28.0734 4544	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:34:28.0754 4544	HidIr - ok
20:34:28.0784 4544	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:34:28.0824 4544	hidserv - ok
20:34:28.0874 4544	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:34:28.0894 4544	HidUsb - ok
20:34:28.0934 4544	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:34:28.0994 4544	hkmsvc - ok
20:34:29.0034 4544	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:34:29.0084 4544	HomeGroupListener - ok
20:34:29.0124 4544	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:34:29.0144 4544	HomeGroupProvider - ok
20:34:29.0174 4544	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:34:29.0184 4544	HpSAMD - ok
20:34:29.0274 4544	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:34:29.0334 4544	HTTP - ok
20:34:29.0354 4544	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:34:29.0364 4544	hwpolicy - ok
20:34:29.0414 4544	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:34:29.0434 4544	i8042prt - ok
20:34:29.0504 4544	iaStor          (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
20:34:29.0524 4544	iaStor - ok
20:34:29.0564 4544	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:34:29.0584 4544	iaStorV - ok
20:34:29.0714 4544	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:34:29.0754 4544	idsvc - ok
20:34:30.0674 4544	igfx            (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:34:31.0044 4544	igfx - ok
20:34:31.0174 4544	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:34:31.0194 4544	iirsp - ok
20:34:31.0274 4544	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:34:31.0344 4544	IKEEXT - ok
20:34:31.0364 4544	IntcAzAudAddService - ok
20:34:31.0414 4544	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:34:31.0454 4544	IntcDAud - ok
20:34:31.0484 4544	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:34:31.0494 4544	intelide - ok
20:34:31.0524 4544	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:34:31.0554 4544	intelppm - ok
20:34:31.0594 4544	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:34:31.0644 4544	IPBusEnum - ok
20:34:31.0694 4544	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:34:31.0734 4544	IpFilterDriver - ok
20:34:31.0814 4544	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:34:31.0894 4544	iphlpsvc - ok
20:34:31.0914 4544	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:34:31.0934 4544	IPMIDRV - ok
20:34:31.0964 4544	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:34:32.0004 4544	IPNAT - ok
20:34:32.0044 4544	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:34:32.0064 4544	IRENUM - ok
20:34:32.0104 4544	irstrtdv        (6dc22bdaa595be00f19696e72f2f3312) C:\Windows\system32\DRIVERS\irstrtdv.sys
20:34:32.0114 4544	irstrtdv - ok
20:34:32.0224 4544	irstrtsv        (9877087146e094d790bb03eca0fbc445) C:\Windows\SysWOW64\irstrtsv.exe
20:34:32.0244 4544	irstrtsv ( UnsignedFile.Multi.Generic ) - warning
20:34:32.0244 4544	irstrtsv - detected UnsignedFile.Multi.Generic (1)
20:34:32.0284 4544	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:34:32.0304 4544	isapnp - ok
20:34:32.0374 4544	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:34:32.0394 4544	iScsiPrt - ok
20:34:32.0554 4544	jhi_service     (8112496f91a80d9eee8442d61cdf07d7) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
20:34:32.0574 4544	jhi_service - ok
20:34:32.0604 4544	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:34:32.0624 4544	kbdclass - ok
20:34:32.0654 4544	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:34:32.0684 4544	kbdhid - ok
20:34:32.0724 4544	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:34:32.0734 4544	KeyIso - ok
20:34:32.0774 4544	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:34:32.0784 4544	KSecDD - ok
20:34:32.0834 4544	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:34:32.0844 4544	KSecPkg - ok
20:34:32.0864 4544	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:34:32.0914 4544	ksthunk - ok
20:34:32.0974 4544	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:34:33.0034 4544	KtmRm - ok
20:34:33.0074 4544	L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
20:34:33.0104 4544	L1E - ok
20:34:33.0164 4544	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:34:33.0214 4544	LanmanServer - ok
20:34:33.0264 4544	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:34:33.0304 4544	LanmanWorkstation - ok
20:34:33.0414 4544	Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:34:33.0444 4544	Live Updater Service - ok
20:34:33.0474 4544	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:34:33.0524 4544	lltdio - ok
20:34:33.0574 4544	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:34:33.0634 4544	lltdsvc - ok
20:34:33.0654 4544	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:34:33.0704 4544	lmhosts - ok
20:34:33.0824 4544	LMS             (386fc27b5a07bffd387ce0581ba8c061) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:34:33.0854 4544	LMS - ok
20:34:33.0904 4544	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:34:33.0914 4544	LSI_FC - ok
20:34:33.0924 4544	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:34:33.0934 4544	LSI_SAS - ok
20:34:33.0944 4544	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:34:33.0954 4544	LSI_SAS2 - ok
20:34:33.0974 4544	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:34:33.0994 4544	LSI_SCSI - ok
20:34:34.0014 4544	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:34:34.0064 4544	luafv - ok
20:34:34.0094 4544	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:34:34.0134 4544	Mcx2Svc - ok
20:34:34.0154 4544	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:34:34.0164 4544	megasas - ok
20:34:34.0224 4544	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:34:34.0244 4544	MegaSR - ok
20:34:34.0284 4544	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:34:34.0304 4544	MEIx64 - ok
20:34:34.0814 4544	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:34:34.0834 4544	Microsoft Office Groove Audit Service - ok
20:34:34.0874 4544	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:34:34.0944 4544	MMCSS - ok
20:34:34.0964 4544	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:34:35.0014 4544	Modem - ok
20:34:35.0044 4544	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:34:35.0064 4544	monitor - ok
20:34:35.0104 4544	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:34:35.0124 4544	mouclass - ok
20:34:35.0154 4544	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:34:35.0184 4544	mouhid - ok
20:34:35.0224 4544	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:34:35.0234 4544	mountmgr - ok
20:34:35.0304 4544	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:34:35.0324 4544	MozillaMaintenance - ok
20:34:35.0364 4544	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:34:35.0374 4544	mpio - ok
20:34:35.0394 4544	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:34:35.0434 4544	mpsdrv - ok
20:34:35.0504 4544	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:34:35.0584 4544	MpsSvc - ok
20:34:35.0614 4544	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:34:35.0664 4544	MRxDAV - ok
20:34:35.0694 4544	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:34:35.0724 4544	mrxsmb - ok
20:34:35.0764 4544	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:34:35.0784 4544	mrxsmb10 - ok
20:34:35.0804 4544	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:34:35.0814 4544	mrxsmb20 - ok
20:34:35.0834 4544	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:34:35.0844 4544	msahci - ok
20:34:35.0874 4544	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:34:35.0884 4544	msdsm - ok
20:34:35.0924 4544	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:34:35.0954 4544	MSDTC - ok
20:34:35.0974 4544	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:34:36.0024 4544	Msfs - ok
20:34:36.0054 4544	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:34:36.0104 4544	mshidkmdf - ok
20:34:36.0124 4544	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:34:36.0134 4544	msisadrv - ok
20:34:36.0184 4544	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:34:36.0234 4544	MSiSCSI - ok
20:34:36.0234 4544	msiserver - ok
20:34:36.0284 4544	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:34:36.0374 4544	MSKSSRV - ok
20:34:36.0434 4544	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:34:36.0534 4544	MSPCLOCK - ok
20:34:36.0594 4544	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:34:36.0684 4544	MSPQM - ok
20:34:36.0834 4544	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:34:36.0864 4544	MsRPC - ok
20:34:36.0884 4544	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:34:36.0904 4544	mssmbios - ok
20:34:36.0954 4544	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:34:37.0024 4544	MSTEE - ok
20:34:37.0024 4544	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:34:37.0044 4544	MTConfig - ok
20:34:37.0084 4544	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:34:37.0104 4544	Mup - ok
20:34:37.0134 4544	mwlPSDFilter    (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:34:37.0144 4544	mwlPSDFilter - ok
20:34:37.0164 4544	mwlPSDNServ     (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:34:37.0174 4544	mwlPSDNServ - ok
20:34:37.0194 4544	mwlPSDVDisk     (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:34:37.0194 4544	mwlPSDVDisk - ok
20:34:37.0254 4544	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:34:37.0304 4544	napagent - ok
20:34:37.0374 4544	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:34:37.0414 4544	NativeWifiP - ok
20:34:37.0524 4544	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
20:34:37.0554 4544	NDIS - ok
20:34:37.0574 4544	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:34:37.0634 4544	NdisCap - ok
20:34:37.0654 4544	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:34:37.0694 4544	NdisTapi - ok
20:34:37.0714 4544	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:34:37.0764 4544	Ndisuio - ok
20:34:37.0804 4544	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:34:37.0854 4544	NdisWan - ok
20:34:37.0884 4544	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:34:37.0934 4544	NDProxy - ok
20:34:37.0964 4544	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:34:38.0014 4544	NetBIOS - ok
20:34:38.0054 4544	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:34:38.0084 4544	NetBT - ok
20:34:38.0124 4544	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:34:38.0134 4544	Netlogon - ok
20:34:38.0204 4544	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:34:38.0254 4544	Netman - ok
20:34:38.0294 4544	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:34:38.0374 4544	netprofm - ok
20:34:38.0624 4544	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:34:38.0644 4544	NetTcpPortSharing - ok
20:34:38.0784 4544	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:34:38.0814 4544	nfrd960 - ok
20:34:39.0174 4544	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:34:39.0264 4544	NlaSvc - ok
20:34:39.0544 4544	NOBU            (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
20:34:39.0604 4544	NOBU - ok
20:34:39.0734 4544	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:34:39.0774 4544	Npfs - ok
20:34:39.0804 4544	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:34:39.0844 4544	nsi - ok
20:34:39.0864 4544	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:34:39.0914 4544	nsiproxy - ok
20:34:40.0064 4544	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:34:40.0124 4544	Ntfs - ok
20:34:40.0204 4544	NTI IScheduleSvc (1873214666f6f0a883742df91fbc48c9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
20:34:40.0224 4544	NTI IScheduleSvc - ok
20:34:40.0364 4544	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
20:34:40.0384 4544	NTIDrvr - ok
20:34:40.0414 4544	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:34:40.0474 4544	Null - ok
20:34:40.0534 4544	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:34:40.0544 4544	nvraid - ok
20:34:40.0584 4544	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:34:40.0614 4544	nvstor - ok
20:34:40.0664 4544	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:34:40.0674 4544	nv_agp - ok
20:34:40.0774 4544	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:34:40.0794 4544	odserv - ok
20:34:40.0814 4544	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:34:40.0844 4544	ohci1394 - ok
20:34:40.0894 4544	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:34:40.0904 4544	ose - ok
20:34:40.0954 4544	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:34:40.0994 4544	p2pimsvc - ok
20:34:41.0044 4544	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:34:41.0064 4544	p2psvc - ok
20:34:41.0104 4544	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:34:41.0114 4544	Parport - ok
20:34:41.0144 4544	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:34:41.0154 4544	partmgr - ok
20:34:41.0184 4544	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:34:41.0224 4544	PcaSvc - ok
20:34:41.0254 4544	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:34:41.0264 4544	pci - ok
20:34:41.0284 4544	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:34:41.0294 4544	pciide - ok
20:34:41.0324 4544	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:34:41.0344 4544	pcmcia - ok
20:34:41.0364 4544	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:34:41.0374 4544	pcw - ok
20:34:41.0434 4544	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:34:41.0544 4544	PEAUTH - ok
20:34:41.0624 4544	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:34:41.0654 4544	PerfHost - ok
20:34:41.0774 4544	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:34:41.0864 4544	pla - ok
20:34:41.0944 4544	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:34:42.0004 4544	PlugPlay - ok
20:34:42.0024 4544	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:34:42.0054 4544	PNRPAutoReg - ok
20:34:42.0114 4544	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:34:42.0134 4544	PNRPsvc - ok
20:34:42.0194 4544	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:34:42.0254 4544	PolicyAgent - ok
20:34:42.0284 4544	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:34:42.0344 4544	Power - ok
20:34:42.0394 4544	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:34:42.0444 4544	PptpMiniport - ok
20:34:42.0474 4544	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:34:42.0494 4544	Processor - ok
20:34:42.0534 4544	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:34:42.0584 4544	ProfSvc - ok
20:34:42.0604 4544	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:34:42.0614 4544	ProtectedStorage - ok
20:34:42.0674 4544	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:34:42.0714 4544	Psched - ok
20:34:42.0834 4544	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:34:42.0874 4544	ql2300 - ok
20:34:43.0014 4544	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:34:43.0044 4544	ql40xx - ok
20:34:43.0084 4544	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:34:43.0114 4544	QWAVE - ok
20:34:43.0134 4544	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:34:43.0164 4544	QWAVEdrv - ok
20:34:43.0184 4544	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:34:43.0234 4544	RasAcd - ok
20:34:43.0284 4544	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:34:43.0334 4544	RasAgileVpn - ok
20:34:43.0364 4544	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:34:43.0414 4544	RasAuto - ok
20:34:43.0464 4544	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:34:43.0494 4544	Rasl2tp - ok
20:34:43.0534 4544	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:34:43.0594 4544	RasMan - ok
20:34:43.0624 4544	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:34:43.0664 4544	RasPppoe - ok
20:34:43.0684 4544	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:34:43.0734 4544	RasSstp - ok
20:34:43.0774 4544	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:34:43.0824 4544	rdbss - ok
20:34:43.0844 4544	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:34:43.0864 4544	rdpbus - ok
20:34:43.0874 4544	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:34:43.0904 4544	RDPCDD - ok
20:34:43.0944 4544	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:34:43.0994 4544	RDPENCDD - ok
20:34:44.0014 4544	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:34:44.0044 4544	RDPREFMP - ok
20:34:44.0084 4544	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:34:44.0114 4544	RDPWD - ok
20:34:44.0154 4544	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:34:44.0164 4544	rdyboost - ok
20:34:44.0194 4544	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:34:44.0234 4544	RemoteAccess - ok
20:34:44.0284 4544	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:34:44.0344 4544	RemoteRegistry - ok
20:34:44.0384 4544	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:34:44.0414 4544	RFCOMM - ok
20:34:44.0454 4544	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:34:44.0544 4544	RpcEptMapper - ok
20:34:44.0574 4544	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:34:44.0594 4544	RpcLocator - ok
20:34:44.0644 4544	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:34:44.0684 4544	RpcSs - ok
20:34:44.0724 4544	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:34:44.0764 4544	rspndr - ok
20:34:44.0814 4544	RSUSBVSTOR      (36fca0c67bcdc0da047f5f36743b5cb9) C:\Windows\System32\Drivers\RtsUVStor.sys
20:34:44.0824 4544	RSUSBVSTOR - ok
20:34:44.0924 4544	RS_Service      (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
20:34:44.0944 4544	RS_Service - ok
20:34:44.0974 4544	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:34:44.0984 4544	SamSs - ok
20:34:45.0004 4544	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:34:45.0014 4544	sbp2port - ok
20:34:45.0054 4544	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:34:45.0104 4544	SCardSvr - ok
20:34:45.0144 4544	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:34:45.0184 4544	scfilter - ok
20:34:45.0294 4544	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:34:45.0374 4544	Schedule - ok
20:34:45.0394 4544	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:34:45.0424 4544	SCPolicySvc - ok
20:34:45.0464 4544	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:34:45.0504 4544	SDRSVC - ok
20:34:45.0564 4544	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:34:45.0634 4544	secdrv - ok
20:34:45.0664 4544	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:34:45.0694 4544	seclogon - ok
20:34:45.0714 4544	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:34:45.0764 4544	SENS - ok
20:34:45.0794 4544	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:34:45.0834 4544	SensrSvc - ok
20:34:45.0854 4544	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:34:45.0884 4544	Serenum - ok
20:34:45.0924 4544	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:34:45.0944 4544	Serial - ok
20:34:45.0954 4544	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:34:45.0974 4544	sermouse - ok
20:34:46.0014 4544	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:34:46.0064 4544	SessionEnv - ok
20:34:46.0094 4544	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:34:46.0124 4544	sffdisk - ok
20:34:46.0124 4544	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:34:46.0154 4544	sffp_mmc - ok
20:34:46.0154 4544	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:34:46.0174 4544	sffp_sd - ok
20:34:46.0194 4544	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:34:46.0214 4544	sfloppy - ok
20:34:46.0314 4544	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:34:46.0414 4544	SharedAccess - ok
20:34:46.0474 4544	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:34:46.0534 4544	ShellHWDetection - ok
20:34:46.0554 4544	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:34:46.0574 4544	SiSRaid2 - ok
20:34:46.0594 4544	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:34:46.0604 4544	SiSRaid4 - ok
20:34:46.0644 4544	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:34:46.0694 4544	Smb - ok
20:34:46.0724 4544	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:34:46.0754 4544	SNMPTRAP - ok
20:34:46.0794 4544	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:34:46.0804 4544	spldr - ok
20:34:46.0874 4544	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:34:46.0934 4544	Spooler - ok
20:34:47.0184 4544	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:34:47.0284 4544	sppsvc - ok
20:34:47.0434 4544	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:34:47.0514 4544	sppuinotify - ok
20:34:47.0584 4544	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:34:47.0634 4544	srv - ok
20:34:47.0694 4544	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:34:47.0714 4544	srv2 - ok
20:34:47.0744 4544	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:34:47.0764 4544	srvnet - ok
20:34:47.0814 4544	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:34:47.0884 4544	SSDPSRV - ok
20:34:47.0894 4544	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:34:47.0934 4544	SstpSvc - ok
20:34:47.0974 4544	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:34:47.0984 4544	stexstor - ok
20:34:48.0064 4544	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:34:48.0114 4544	stisvc - ok
20:34:48.0134 4544	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:34:48.0144 4544	swenum - ok
20:34:48.0214 4544	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:34:48.0264 4544	swprv - ok
20:34:48.0424 4544	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:34:48.0474 4544	SysMain - ok
20:34:48.0594 4544	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:34:48.0634 4544	TabletInputService - ok
20:34:48.0654 4544	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:34:48.0704 4544	TapiSrv - ok
20:34:48.0714 4544	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:34:48.0774 4544	TBS - ok
20:34:48.0974 4544	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:34:49.0024 4544	Tcpip - ok
20:34:49.0294 4544	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:34:49.0334 4544	TCPIP6 - ok
20:34:49.0484 4544	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:34:49.0554 4544	tcpipreg - ok
20:34:49.0574 4544	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:34:49.0604 4544	TDPIPE - ok
20:34:49.0634 4544	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:34:49.0644 4544	TDTCP - ok
20:34:49.0674 4544	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:34:49.0714 4544	tdx - ok
20:34:49.0724 4544	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:34:49.0744 4544	TermDD - ok
20:34:49.0804 4544	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:34:49.0864 4544	TermService - ok
20:34:49.0884 4544	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:34:49.0914 4544	Themes - ok
20:34:49.0954 4544	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:34:49.0984 4544	THREADORDER - ok
20:34:50.0014 4544	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:34:50.0064 4544	TrkWks - ok
20:34:50.0124 4544	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:34:50.0164 4544	TrustedInstaller - ok
20:34:50.0184 4544	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:34:50.0224 4544	tssecsrv - ok
20:34:50.0264 4544	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:34:50.0314 4544	TsUsbFlt - ok
20:34:50.0344 4544	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:34:50.0364 4544	TsUsbGD - ok
20:34:50.0404 4544	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:34:50.0454 4544	tunnel - ok
20:34:50.0494 4544	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:34:50.0504 4544	uagp35 - ok
20:34:50.0524 4544	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
20:34:50.0534 4544	UBHelper - ok
20:34:50.0564 4544	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:34:50.0624 4544	udfs - ok
20:34:50.0654 4544	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:34:50.0664 4544	UI0Detect - ok
20:34:50.0714 4544	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:34:50.0724 4544	uliagpkx - ok
20:34:50.0754 4544	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:34:50.0784 4544	umbus - ok
20:34:50.0824 4544	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:34:50.0854 4544	UmPass - ok
20:34:51.0114 4544	UNS             (b1719e9b50c48512fb51a0cc94db5879) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:34:51.0164 4544	UNS - ok
20:34:51.0314 4544	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:34:51.0394 4544	upnphost - ok
20:34:51.0444 4544	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:34:51.0484 4544	usbccgp - ok
20:34:51.0514 4544	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:34:51.0524 4544	usbcir - ok
20:34:51.0554 4544	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:34:51.0574 4544	usbehci - ok
20:34:51.0634 4544	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
20:34:51.0664 4544	usbhub - ok
20:34:51.0674 4544	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:34:51.0704 4544	usbohci - ok
20:34:51.0734 4544	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:34:51.0764 4544	usbprint - ok
20:34:51.0794 4544	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:34:51.0814 4544	usbscan - ok
20:34:51.0844 4544	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:34:51.0894 4544	USBSTOR - ok
20:34:51.0924 4544	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:34:51.0944 4544	usbuhci - ok
20:34:51.0984 4544	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:34:52.0024 4544	usbvideo - ok
20:34:52.0054 4544	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:34:52.0104 4544	UxSms - ok
20:34:52.0124 4544	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:34:52.0134 4544	VaultSvc - ok
20:34:52.0174 4544	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:34:52.0184 4544	vdrvroot - ok
20:34:52.0254 4544	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:34:52.0354 4544	vds - ok
20:34:52.0394 4544	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:34:52.0414 4544	vga - ok
20:34:52.0434 4544	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:34:52.0484 4544	VgaSave - ok
20:34:52.0524 4544	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:34:52.0534 4544	vhdmp - ok
20:34:52.0554 4544	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:34:52.0564 4544	viaide - ok
20:34:52.0594 4544	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:34:52.0604 4544	volmgr - ok
20:34:52.0644 4544	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:34:52.0664 4544	volmgrx - ok
20:34:52.0704 4544	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:34:52.0724 4544	volsnap - ok
20:34:52.0754 4544	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:34:52.0764 4544	vsmraid - ok
20:34:52.0894 4544	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:34:52.0964 4544	VSS - ok
20:34:53.0104 4544	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:34:53.0144 4544	vwifibus - ok
20:34:53.0174 4544	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:34:53.0214 4544	vwififlt - ok
20:34:53.0254 4544	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:34:53.0274 4544	vwifimp - ok
20:34:53.0324 4544	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:34:53.0394 4544	W32Time - ok
20:34:53.0404 4544	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:34:53.0434 4544	WacomPen - ok
20:34:53.0494 4544	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:34:53.0544 4544	WANARP - ok
20:34:53.0554 4544	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:34:53.0584 4544	Wanarpv6 - ok
20:34:53.0714 4544	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:34:53.0754 4544	WatAdminSvc - ok
20:34:53.0884 4544	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:34:53.0974 4544	wbengine - ok
20:34:54.0094 4544	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:34:54.0144 4544	WbioSrvc - ok
20:34:54.0164 4544	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:34:54.0214 4544	wcncsvc - ok
20:34:54.0234 4544	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:34:54.0264 4544	WcsPlugInService - ok
20:34:54.0314 4544	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:34:54.0324 4544	Wd - ok
20:34:54.0414 4544	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:34:54.0444 4544	Wdf01000 - ok
20:34:54.0474 4544	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:34:54.0564 4544	WdiServiceHost - ok
20:34:54.0574 4544	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:34:54.0594 4544	WdiSystemHost - ok
20:34:54.0644 4544	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:34:54.0674 4544	WebClient - ok
20:34:54.0714 4544	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:34:54.0764 4544	Wecsvc - ok
20:34:54.0814 4544	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:34:54.0844 4544	wercplsupport - ok
20:34:54.0854 4544	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:34:54.0894 4544	WerSvc - ok
20:34:54.0934 4544	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:34:54.0974 4544	WfpLwf - ok
20:34:54.0994 4544	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:34:55.0014 4544	WIMMount - ok
20:34:55.0044 4544	WinDefend - ok
20:34:55.0044 4544	WinHttpAutoProxySvc - ok
20:34:55.0114 4544	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:34:55.0154 4544	Winmgmt - ok
20:34:55.0334 4544	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:34:55.0404 4544	WinRM - ok
20:34:55.0564 4544	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:34:55.0614 4544	WinUsb - ok
20:34:55.0704 4544	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:34:55.0754 4544	Wlansvc - ok
20:34:55.0854 4544	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:34:55.0884 4544	wlcrasvc - ok
20:34:56.0094 4544	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:34:56.0144 4544	wlidsvc - ok
20:34:56.0284 4544	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:34:56.0334 4544	WmiAcpi - ok
20:34:56.0384 4544	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:34:56.0424 4544	wmiApSrv - ok
20:34:56.0474 4544	WMPNetworkSvc - ok
20:34:56.0494 4544	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:34:56.0534 4544	WPCSvc - ok
20:34:56.0564 4544	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:34:56.0594 4544	WPDBusEnum - ok
20:34:56.0624 4544	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:34:56.0664 4544	ws2ifsl - ok
20:34:56.0694 4544	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:34:56.0724 4544	wscsvc - ok
20:34:56.0724 4544	WSearch - ok
20:34:56.0924 4544	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:34:56.0984 4544	wuauserv - ok
20:34:57.0124 4544	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:34:57.0184 4544	WudfPf - ok
20:34:57.0224 4544	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:34:57.0274 4544	WUDFRd - ok
20:34:57.0304 4544	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:34:57.0344 4544	wudfsvc - ok
20:34:57.0364 4544	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:34:57.0404 4544	WwanSvc - ok
20:34:57.0494 4544	ZAtheros Wlan Agent (6db01688fdbf299f426eeb01ddec684a) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
20:34:57.0514 4544	ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - warning
20:34:57.0514 4544	ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic (1)
20:34:57.0574 4544	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:34:58.0004 4544	\Device\Harddisk0\DR0 - ok
20:34:58.0004 4544	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:34:58.0044 4544	\Device\Harddisk1\DR1 - ok
20:34:58.0074 4544	Boot (0x1200)   (057f92b016cb5a685a45c37b0db442f3) \Device\Harddisk0\DR0\Partition0
20:34:58.0084 4544	\Device\Harddisk0\DR0\Partition0 - ok
20:34:58.0094 4544	Boot (0x1200)   (0d0515a5070f424e3806e689495615fc) \Device\Harddisk0\DR0\Partition1
20:34:58.0094 4544	\Device\Harddisk0\DR0\Partition1 - ok
20:34:58.0094 4544	============================================================
20:34:58.0094 4544	Scan finished
20:34:58.0094 4544	============================================================
20:34:58.0114 5572	Detected object count: 2
20:34:58.0114 5572	Actual detected object count: 2
20:35:06.0504 5572	irstrtsv ( UnsignedFile.Multi.Generic ) - skipped by user
20:35:06.0504 5572	irstrtsv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:35:06.0504 5572	ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - skipped by user
20:35:06.0504 5572	ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 19.07.2012, 16:05   #10
markusg
/// Malware-holic
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



sehr gut
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.07.2012, 14:08   #11
tio-pepe
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



hallo
hier die Liste mit meinen Programmen.
sind zum Glück nicht viele.
vielen Dank und Gruss
tio-pepe

Code:
ATTFilter
Acer Backup Manager	NTI Corporation	20.10.2011	336MB	3.0.0.99 - notwendig
Acer Crystal Eye Webcam	CyberLink Corp.	16.11.2011	41.3MB	1.5.2108.00 - notwendig
Acer Deep Sleep Settings	Acer Incorporated	16.11.2011		1.00.3008 - unbekannt
Acer ePower Management	Acer Incorporated	16.11.2011		6.00.3008 - unbekannt
Acer eRecovery Management	Acer Incorporated	16.11.2011		5.00.3504 - unbekannt
Acer Games	WildTangent	21.10.2011		1.0.2.5 - unnötig
Acer Registration	Acer Incorporated	16.11.2011		1.04.3504 - unbekannt
Acer ScreenSaver	Acer Incorporated	16.11.2011		1.1.0902.2011 - unbekannt
Acer Updater	Acer Incorporated	20.10.2011		1.02.3500 - unbekannt
Acer VCM	Acer Incorporated	16.11.2011		4.05.3501 - unbekannt
Adobe AIR	Adobe Systems Incorporated	21.10.2011		2.7.1.19610 - notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.07.2012	6.00MB	11.3.300.265 - notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.07.2012	6.00MB	11.3.300.265 - notwendig
Adobe Reader X (10.1.3) MUI	Adobe Systems Incorporated	11.04.2012	479MB	10.1.3
Atheros Bluetooth Suite (64)	Atheros	16.11.2011	119MB	7.04.000.98 - unbekannt
Avira Free Antivirus	Avira	09.05.2012	105MB	12.0.0.1125 - notwendig
CCleaner	Piriform	22.06.2012		3.20 - notwendig
Cisco Systems VPN Client 5.0.07.0440		12.01.2012	10.6MB	- notwendig
clear.fi	CyberLink Corp.	16.11.2011	167MB	1.0.2024.00 - unnötig
clear.fi Client	Acer Incorporated	16.11.2011		1.00.3500 - unnötig
ETDWare PS/2-X64 10.0.6.3_WHQL	ELAN Microelectronic Corp.	16.11.2011		10.0.6.3 - unbekannnt
Evernote v. 4.5.1	Evernote Corp.	20.10.2011	151MB	4.5.1.5451 - unbekannt
FRITax 2011 11.3.43	Ringler Informatik AG	11.03.2012		11.3.43 - notwendig
Identity Card	Acer Incorporated	16.11.2011		1.00.3501 - unbekannt
Intel(R) Control Center	Intel Corporation	15.07.2012		1.2.1.1007 - unbekannt
Intel(R) Identity Protection Technology 1.2.18.0	Intel Corporation	16.11.2011	2.45MB	1.2.18.0 - unbekannt
Intel(R) Management Engine Components	Intel Corporation	15.07.2012		7.0.0.1144 - unbekannt
Intel(R) Processor Graphics	Intel Corporation	15.07.2012		8.15.10.2476 - notwendig
Intel(R) Rapid Start Technology	Intel Corporation	16.11.2011		1.0.0.1008 - notwendig
Intel(R) Rapid Storage Technology	Intel Corporation	20.07.2012		10.6.0.1002 - notwendig
Java(TM) 6 Update 31	Oracle	12.03.2012	95.1MB	6.0.310 - unbekannt
Launch Manager	Acer Inc.	16.11.2011		5.1.4 - unbekannt
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	10.07.2012	18.0MB	1.61.0.1400 - notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	10.12.2011	38.8MB	4.0.30319 - unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	10.12.2011	2.93MB	4.0.30319 - unbekannt
Microsoft Office 2010	Microsoft Corporation	16.11.2011	6.31MB	14.0.4763.1000 - unbkannt
Microsoft Office Enterprise 2007	Microsoft Corporation	19.02.2012		12.0.6612.1000 - unbekannt
Microsoft Office File Validation Add-In	Microsoft Corporation	13.03.2012	7.95MB	14.0.5130.5003 - unbekannt
Microsoft Office Live Add-in 1.5	Microsoft Corporation	12.07.2012	508KB	2.0.4024.1 - unbekannt
Microsoft Silverlight	Microsoft Corporation	15.05.2012	100MB	5.1.10411.0 - unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	20.10.2011	1.69MB	3.1.0000 - unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	25.01.2012	252KB	8.0.50727.4053 - unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.11.2011	290KB	8.0.56336 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	16.11.2011	788KB	9.0.30729 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	12.12.2011	788KB	9.0.30729.6161 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	20.10.2011	240KB	9.0.30729 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	20.10.2011	596KB	9.0.30729.4148 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	12.12.2011	600KB	9.0.30729.6161 - unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	12.12.2011	16.5MB	10.0.40219 - unbekannt
Mozilla Firefox 12.0 (x86 de)	Mozilla	20.06.2012	36.2MB	12.0 - notwendig
Mozilla Maintenance Service	Mozilla	20.06.2012	214KB	12.0 - notwendig
MyWinLocker Suite	Egis Technology Inc.	16.11.2011	2.63MB	4.0.14.19 - unbekannt
NCSS 2007	NCSS, LLC	24.04.2012	148MB	07.1.21 - notwendig
newsXpresso	esobi Inc.	20.10.2011	7.34MB	1.0.0.40 - unbekannt
Norton Online Backup	Symantec Corporation	20.10.2011	6.19MB	2.1.17869 - unnötig
PPT Remote	pptremotecontrol.com	01.04.2012	2.73MB	3.30.0000 - unnötig
Presenter version 1.27	Ratisbonsoft	12.03.2012	2.19MB	1.27 - unnötig
Qualcomm Atheros Fast Reconnect	QualComm Atheros	16.11.2011		1.0 - unbekannt
Realtek USB 2.0 Reader Driver	Realtek Semiconductor Corp.	20.10.2011		6.1.7601.39013 - unbekannt
Skype™ 5.5	Skype Technologies S.A.	20.10.2011	17.0MB	5.5.117 - notwendig
Sleep Memory Optimizer	Acer Incorporated	16.11.2011		1.00.3004 - unbekannt
Welcome Center	Acer Incorporated	16.11.2011		1.02.3504 - unbekannt
Windows Live Essentials	Microsoft Corporation	20.10.2011		15.4.3538.0513 - unbekannt
Wuala	LaCie	04.02.2012		1.0.380.0 - notwendig
Wuala CBFS	LaCie	15.05.2012		3.2.107.0 - notwendig
Wuala OverlayIcons	LaCie	15.05.2012		1.0.0.2 - notwendig
         

Alt 25.07.2012, 20:38   #12
markusg
/// Malware-holic
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
clear.fi beide
Evernote
Norton
PPT
Presenter
Windows Live

öffne CCleaner analysieren starten.
öffne otl, cleanup testen wie der pc läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2012, 17:56   #13
tio-pepe
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



hallo
soeben habe ich alles wie beschrieben erledigt.
der pc läuft bis jetzt gut.
was muss ich weiter machen? oder ist die kur zuende?
danke für deine hilfe...
freundliche Grüsse tio-pepe

Alt 30.07.2012, 18:20   #14
markusg
/// Malware-holic
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



den pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.72

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.08.2012, 10:47   #15
tio-pepe
 
Live Security Platinum soll weg! - Standard

Live Security Platinum soll weg!



Danke für die Anweisungen. Bis jetzt bin ich noch nicht durch mit durcharbeiten.
Ich bin stehen geblieben beim Browser.
Ich werde chrome nicht verwenden, sondern Mozilla.
ändert sich somit etwas an der Anleitung?
mit freundlichen Grüssen
tio-pepe

Und ich habe mir nun die 30 Tage Testversion von Emsisoft geholt...

Antwort

Themen zu Live Security Platinum soll weg!
antivir, autorun, avira, bho, computer, desktop, enigma, error, fehler, firefox, flash player, heuristiks/extra, heuristiks/shuriken, home, install.exe, juli 2012, launch, live security platinum, logfile, microsoft office word, mozilla, notification, nt.dll, office 2007, programm, realtek, rechner reinigen entfernen, registry, rundll, scan, searchscopes, security, senden, software, svchost.exe, symantec, trojaner, usb 2.0, verweise, warnung, wildtangent games



Ähnliche Themen: Live Security Platinum soll weg!


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (31)
  3. Live Security Platinum
    Log-Analyse und Auswertung - 28.09.2012 (8)
  4. Live Security Platinum 3.6.1
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (3)
  5. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (5)
  6. Live Security Platinum
    Log-Analyse und Auswertung - 12.09.2012 (2)
  7. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  8. Live Security Platinum
    Diskussionsforum - 27.08.2012 (4)
  9. Live security platinum eingefangen-wie soll ich vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (30)
  10. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (23)
  11. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (6)
  12. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  13. Live Security Platinum
    Log-Analyse und Auswertung - 30.07.2012 (1)
  14. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (1)
  15. live security platinum
    Log-Analyse und Auswertung - 17.07.2012 (3)
  16. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. Live Security Platinum
    Log-Analyse und Auswertung - 28.06.2012 (3)

Zum Thema Live Security Platinum soll weg! - Hallo zusammen dies ist mein erstes Thema. ich habe mir den Live Security Platinum Trojaner eingefangen und will ihn wieder los werden. bisher habe ich die portfolios von Malwarebytes, defogger - Live Security Platinum soll weg!...
Archiv
Du betrachtest: Live Security Platinum soll weg! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.