Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.05.2013, 13:30   #1
vtopy
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Verehrte Meister des Trojanerboards -

mein Laptop hat sich den bekannten Bundestrojaner geholt - plötzlich wurde der Bildschirm weiß, es tauchte die Grafik der angeblichen Polizeibehörden auf, inklusive Zahlungsaufforderung und Webcam-Bild.

Danach habe ich - und dafür entschuldige ich mich vorweg - nicht gleich den Weg hierher gefunden, sondern zunächst selbst etwas unternommen.
Ich habe den Laptop neu gestartet, wodurch die gefakte Anzeige verschwand. Auf dem Laufwerk C fiel mir sofort eine Anwendung mit kryptischem Buchstabensalat-Namen und ohne Eigenschaften auf, die in eben der Minute installiert wurde, als der Trojaner zuschlug. Diese habe ich gelöscht. Außerdem habe ich einen Scan mit Maleware-Bytes gemacht: Auch hier wurde eine Ransomeware-Datei freigelegt & eliminiert.

Anschließend bin ich auf die Threads in Eurem Forum gestoßen, die mir die Komplexität des Trojaners klargemacht haben - weshalb ich mich nun an Euch wende.

Vielen Dank im Voraus!!

OTL:
Code:
ATTFilter
OTL logfile created on: 28.05.2013 13:37:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 47,55% Memory free
7,35 Gb Paging File | 5,38 Gb Available in Paging File | 73,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 22,42 Gb Free Space | 7,87% Space Free | Partition Type: NTFS
 
Computer Name: SCHREIBMASCHINE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.28 12:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.05.22 00:52:36 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.07 15:38:13 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 11:45:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 11:44:47 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.19 01:34:25 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.05.12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.05.12 08:04:12 | 000,723,560 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2011.04.24 04:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011.04.24 04:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011.04.22 19:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2011.04.19 09:01:34 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.04.19 09:01:34 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.04.19 09:01:32 | 001,097,808 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.04.19 09:01:32 | 000,353,872 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.09.16 03:13:16 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.09.16 03:13:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.20 17:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2005.01.31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.22 00:52:36 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.24 04:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.22 00:52:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 21:26:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.28 11:45:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 11:44:47 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.19 01:34:25 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.25 15:29:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.07 13:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.05.10 15:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.04.24 04:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.04.22 19:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.04.19 09:01:32 | 000,353,872 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.03.29 07:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.16 03:13:16 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.09.16 03:13:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.05.20 17:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.01.31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.04 17:02:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.05.04 17:02:33 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013.03.28 11:45:07 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 11:45:07 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 11:45:07 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 05:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.06.02 05:37:32 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.05.10 06:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.03.28 05:44:46 | 001,417,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.12.01 10:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.26 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: helper%40savefrom.net:1.79
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.12 16:28:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 00:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 00:52:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 00:52:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 00:52:31 | 000,000,000 | ---D | M]
 
[2012.07.07 16:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.24 11:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ncbypbyq.default\extensions
[2013.04.05 16:58:50 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ncbypbyq.default\extensions\ich@maltegoetz.de
[2013.05.15 21:28:39 | 000,101,681 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ncbypbyq.default\extensions\helper@savefrom.net.xpi
[2013.05.24 11:26:13 | 000,008,019 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ncbypbyq.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.12.16 19:51:37 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ncbypbyq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.09 16:53:07 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ncbypbyq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.22 00:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.22 00:52:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\RALF SCHöNFELDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCBYPBYQ.DEFAULT\EXTENSIONS\HELPER@SAVEFROM.NET.XPI
File not found (No name found) -- C:\USERS\RALF SCHöNFELDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCBYPBYQ.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead VideoStudio 10\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C2CDFC6-0DA1-463C-89A1-59E36D10B77A}: DhcpNameServer = 172.22.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DECCFAD8-1D1C-4A81-80F7-6AFB835FE184}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.28 12:32:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.28 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.05.28 12:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.28 12:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.28 12:13:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.28 12:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.28 10:05:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BE960C05-EB43-4F17-82F2-DC2171A06762}
[2013.05.27 15:26:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Playlist
[2013.05.27 10:00:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A24FF27-909D-43CA-B23F-0E651CEA0C37}
[2013.05.26 11:57:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{70B55D86-F18F-45F2-AA38-C226983AD6B1}
[2013.05.25 14:50:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{80CD9A1B-7CB6-4AC1-A49C-D444A9B6278C}
[2013.05.24 11:25:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A3CD1F48-A6BD-478A-BF5F-D44700F8FD67}
[2013.05.23 09:07:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5A2660A5-E07A-4471-A934-79F4E96370DC}
[2013.05.22 00:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.22 00:29:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{88B2E5AE-E51D-4715-9878-EF6E1F68CAD4}
[2013.05.21 11:43:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4207ABB0-1805-4BAD-92C2-B251A2BC0299}
[2013.05.20 19:14:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ABF4ED34-7FC2-4B88-A52E-92C7D96BC88A}
[2013.05.15 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6F415FFF-0198-416C-8241-8FE31DF2A29D}
[2013.05.15 09:55:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A1411827-AFE7-4F45-A84A-CA0FCC7F6B3F}
[2013.05.14 14:11:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6AF18987-0C7D-4C10-BB41-CF68F046601E}
[2013.05.13 22:08:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{487E4C33-7739-48D2-A78C-F755D47AE2CE}
[2013.05.13 09:52:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{334BD2C4-3334-4A6E-A06C-EB858D38E881}
[2013.05.12 16:55:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E0C73AEB-065E-4AC4-AD27-83F5E9B2144E}
[2013.05.11 11:42:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D2BDC13C-D0B3-4A08-9ACA-4B6EAD57EDD7}
[2013.05.10 10:03:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{64F77BCE-7D81-4FCC-9CA2-54C4F7E3ACE1}
[2013.05.09 12:21:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8EFE75B8-988D-4BA6-A449-159706DA8C28}
[2013.05.08 14:29:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{309D653F-2D10-43A2-A1E0-6B06E00332A5}
[2013.05.08 14:28:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EC7D15DB-B315-40BE-8309-22276B5BAF69}
[2013.05.07 22:41:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DCFF68B4-0690-424A-9795-8051E7BA4A18}
[2013.05.07 15:39:06 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.07 09:39:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F4330BCA-FD91-47C1-9F53-16836D6B080A}
[2013.05.06 09:40:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{60DFAD30-973F-469F-9AFB-99BE44FAA6DC}
[2013.05.05 15:34:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9FEAF07E-4942-4B9E-B6D2-DCB91118D62A}
[2013.05.04 20:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4F9CA7E6-3718-48DD-856E-16383910B348}
[2013.05.04 17:07:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Risen
[2013.05.04 17:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.05.04 17:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.05.04 17:02:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2013.05.04 17:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.05.04 16:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2013.05.03 09:17:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5BFDE256-2DA9-40FC-BDCC-F5B35EB088ED}
[2013.05.02 21:00:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{09E38A5D-0B68-48C4-82AE-BD99836436D9}
[2013.05.02 14:10:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CBF772A7-9AC2-49BA-91AE-4184B9DFD4B9}
[2013.05.02 10:11:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A343F5E-E6A3-4B91-8268-4C5ADF71DEDA}
[2013.05.02 09:49:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{59E680AF-63ED-4E00-A8AF-725CA13076EB}
[2013.05.01 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3393BF22-EA44-41EB-9614-D3EC989EBB9D}
[2013.05.01 00:36:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DAFD2228-145C-4C71-AFF6-62A443D11805}
[2013.04.30 12:33:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CFC71369-5D00-4947-8B48-B13F5E9D626E}
[2013.04.29 12:41:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9C71E391-F19D-44B0-8D7A-A031F7FA07A6}
[2013.04.28 15:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
[2013.04.28 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Civilization III
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.28 13:40:39 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 13:40:39 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 13:33:44 | 000,000,358 | ---- | M] () -- C:\Windows\Ulead32.ini
[2013.05.28 13:33:07 | 000,000,857 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2013.05.28 13:32:57 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 13:32:54 | 2960,412,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 13:25:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.28 12:57:52 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.28 12:57:52 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.28 12:57:52 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.28 12:57:52 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.28 12:57:52 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.28 12:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.28 11:36:57 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\skype.ini
[2013.05.20 19:12:10 | 000,457,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.07 15:38:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.04 17:02:34 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.05.04 17:02:33 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.04.29 00:06:22 | 000,272,749 | ---- | M] () -- C:\Users\***\Desktop\maison.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.28 11:28:27 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.ini
[2013.05.04 17:02:34 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.05.04 17:02:33 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.04.29 00:06:16 | 000,272,749 | ---- | C] () -- C:\Users\***\Desktop\maison.jpg
[2013.04.21 18:03:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013.04.03 13:43:05 | 000,010,495 | ---- | C] () -- C:\Users\***\vtopy_elster_2048.pfx
[2013.03.28 11:59:43 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2013.03.19 01:34:25 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2013.03.19 01:34:25 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013.03.19 01:34:25 | 000,000,857 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2012.12.09 20:32:44 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012.11.24 04:25:24 | 000,005,081 | ---- | C] () -- C:\ProgramData\hnbdehzc.pfe
[2012.11.12 12:34:30 | 794,917,018 | ---- | C] () -- C:\Users\***\SaS - Oct 19, 2012 - Penny Pax and Danny Wylde (25842).wmv
[2012.07.12 17:29:15 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.07.12 17:29:15 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.07.12 17:16:52 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.07.12 15:44:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2012.07.12 15:39:51 | 000,000,358 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012.07.07 18:11:55 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.07 16:04:59 | 000,001,104 | ---- | C] () -- C:\Users\***\AppData\Roaming\AbsoluteReminder.xml
[2012.01.10 13:43:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.01.10 13:42:44 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.01.10 13:42:42 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.01.10 13:42:41 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.01.10 13:42:41 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.22 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DL
[2013.05.28 13:33:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.04.02 22:21:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2013.04.02 22:19:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.03.22 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.11.24 04:11:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2012.07.07 17:46:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lingo4u
[2012.07.07 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2013.05.27 23:24:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.07.08 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2013.01.11 15:46:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 28.05.2013 13:37:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 47,55% Memory free
7,35 Gb Paging File | 5,38 Gb Available in Paging File | 73,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 22,42 Gb Free Space | 7,87% Space Free | Partition Type: NTFS
 
Computer Name: SCHREIBMASCHINE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAC6894-AB64-4F4F-B84F-2BAAE98F8B47}" = lport=139 | protocol=6 | dir=in | app=system | 
"{11C337FB-8B6B-492C-84A0-68706DEA95B2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{181954B3-B7A0-41FA-B5A4-CE0C170F710F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1E3E5D11-47A1-4FC5-9800-040C6E6E5748}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24E7212C-2CC6-4A29-8869-8FCBF7E1CD99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26C3C282-8E22-4219-BEF4-5245F6125263}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2D78E964-5EA3-496E-A8BA-D04B229F2FCA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{346D5AAD-A9BD-41D4-9254-3E164D8FF023}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{381EC83B-77F3-46FA-AE1A-0D75138C407C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{40E6EB0C-0D45-45BD-BDFD-07FB8BE47B72}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{422AFFE8-8854-406B-8CBD-F937EBF5BCE6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{444191CA-9BF0-41C0-8AF0-FE6DB4A0DDB7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5E01A9D2-36B7-44C2-B9BA-E3C4ADDEBA99}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7BE88C7B-F5BA-4E14-9E63-754EC4C8E327}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99424132-5F04-4AF4-B40D-08B271A06C74}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9BFA1F53-E004-4E88-A8F7-A8753F5C7558}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A879D1BE-7412-4D48-9E50-B4594A3241F7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B7966275-5D89-42E7-8B82-B903B5C13F6E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BAFD3E5C-F218-4164-8719-B519C6ED5984}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DC600087-40D3-475E-8763-E814AAA88979}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7B83FF1-5242-4C72-BC45-B7A8BD11E4D2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F42B2411-AC9E-45FF-9FCB-478061F9824C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F96E8962-0805-4D65-B7A4-A876A710CE2E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C0032C-7547-4A34-9297-49ED54AFE157}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0A60BF50-5E7D-47C7-9A8E-A7B3609D4F00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A818987-60F6-4815-9B59-5CE988C6D865}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1177FD38-3FE9-46CC-AA4D-57EE428A5420}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{1352EB93-AB2F-42CD-BB16-8C9AFB216D7D}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{16411F85-F575-4E02-8407-9B006D090BD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D0357FB-AB53-401E-99AA-0B057AD2A8EA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{23EDA0CD-2A1B-42AD-A509-432308E93056}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2812FD03-E69C-4312-92CA-C09D6A264479}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{283988D9-D2D9-42DC-A2F9-5666BD2243C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3293DC7F-76B5-4E65-A634-309F039530EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{548AB2D9-0AB7-407A-91AD-0DA384939289}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{57297EC3-91FC-405D-B406-60BC6C851546}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{58A48634-20B2-4602-8173-C122CC496256}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5AE18A9B-D5C6-4EB7-9B9F-40A6892D6D4E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6E814376-49A2-4CD1-9466-E5057943E733}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{74A35CE4-6C9B-4834-B665-BB1F90C30EA4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{7D38A5E3-5CEE-475F-9613-870711171ED8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8E5B143F-12DD-487B-89C1-6DD41132655C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{974962AE-3398-4F9E-9C43-95B4FA2996CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{B5E1C61A-67D9-4B4E-B9FE-48D8FDF2912D}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BF121BBD-62E4-4AFE-8E33-DFC88631DA3B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{CD56C03A-D1B5-46B2-B5CA-EE4249B996FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0F8AC9B-F3D9-4179-91B7-6475BB0C37AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D3F8208C-A328-40E3-ACF5-3B60AA1AC47E}" = protocol=6 | dir=out | app=system | 
"{E1D1FF8A-206E-4A89-B5A9-62882D145DCE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{E2720312-2685-42B4-BD4C-A44389D290F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E2DCC10A-F18C-4451-95AA-4827FC5774C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E7D4BD85-D3BE-4ED7-AF9A-DE3101F24B84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EA12553A-408E-428A-9DA5-E86386216B61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F03C1724-293B-4063-81F7-E9EEAD60EFC5}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{F1409DEC-0A80-4195-8611-84EF8C99B414}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F712BC35-69C9-4045-8D23-9DF9648D8172}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{5F327654-BF89-4BC0-B790-E1C8608105AB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{728D7007-5E84-430C-89F4-43B075186454}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"TCP Query User{B9CBE8DB-D34F-44A2-B74E-D4731326EB69}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{BBB10971-6B7B-481E-B5A2-6194F917AC5E}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{4846CB12-8E8E-40B9-A4F8-ECE15A3E8D01}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{92013EC0-F127-4FA1-BA35-D891E4C0B857}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A6F4C9FC-B19F-4F0A-A5AE-5E3FAA868E01}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"UDP Query User{C2F3D2A0-7CCE-45A3-9D1A-96EC658A6B1A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Install Absolute Data Protect
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76C064E2-BB99-4453-8FDA-42BC01AD0734}" = Control ActiveX del Windows Live Mesh per a connexions remotes
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"7289-1030-5602-7421" = JDownloader 0.9
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.6
"ElsterFormular" = ElsterFormular
"eMule" = eMule
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.21.1212
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"HaaliMkx" = Haali Media Splitter
"Identity Card" = Identity Card
"Indeo® software" = Indeo® software
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"TEW2005" = TEW2005
"Texmaker" = Texmaker
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"WaveLabPro" = WaveLab 6
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YTdetect" = Yahoo! Detect
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2013 06:43:45 | Computer Name = Schreibmaschine | Source = Windows Backup | ID = 4103
Description = 
 
Error - 15.04.2013 09:37:40 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.04.2013 11:24:43 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.04.2013 18:54:15 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.04.2013 04:13:50 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.04.2013 04:54:08 | Computer Name = Schreibmaschine | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\NTI\acer backup manager\OutlookMsgNet64.exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
 in Zeile  11.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition:
 Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 16.04.2013 04:54:12 | Computer Name = Schreibmaschine | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\NTI\acer backup manager\Migrate\OutlookMsgNet64.exe". Fehler in Manifest-
 oder Richtliniendatei "c:\program files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
 in Zeile  11.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition:
 Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 16.04.2013 04:55:42 | Computer Name = Schreibmaschine | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe". Fehler in  Manifest- oder 
Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 16.04.2013 06:40:42 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.04.2013 07:45:52 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 25.05.2013 07:30:12 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 25.05.2013 15:25:38 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 26.05.2013 05:34:50 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 26.05.2013 11:00:40 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 26.05.2013 16:06:15 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 27.05.2013 03:56:17 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 28.05.2013 03:14:28 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 28.05.2013 04:03:37 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 28.05.2013 05:38:13 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 28.05.2013 07:33:07 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
 
< End of report >
         
GMER:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-28 14:11:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\RALFSC~1\AppData\Local\Temp\pfecrfod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                             fffff80002e01000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                             fffff80002e0102f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000747f1465 2 bytes [7F, 74]
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000747f14bb 2 bytes [7F, 74]
.text     ...                                                                                                                                            * 2
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             00000000747f1465 2 bytes [7F, 74]
.text     C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000747f14bb 2 bytes [7F, 74]
.text     ...                                                                                                                                            * 2
.text     C:\Program Files (x86)\Launch Manager\LManager.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               00000000747f1465 2 bytes [7F, 74]
.text     C:\Program Files (x86)\Launch Manager\LManager.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000747f14bb 2 bytes [7F, 74]
.text     ...                                                                                                                                            * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000747f1465 2 bytes [7F, 74]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000747f14bb 2 bytes [7F, 74]
.text     ...                                                                                                                                            * 2
.text     C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[1148] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                00000000747f1465 2 bytes [7F, 74]
.text     C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[1148] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155               00000000747f14bb 2 bytes [7F, 74]
.text     ...                                                                                                                                            * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 00000000747f1465 2 bytes [7F, 74]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000747f14bb 2 bytes [7F, 74]
.text     ...                                                                                                                                            * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000747f1465 2 bytes [7F, 74]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000747f14bb 2 bytes [7F, 74]
.text     ...                                                                                                                                            * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [3044:2044]                                                                                                    000007fef7cf9688

---- EOF - GMER 2.1 ----
         
Und MalewareBytes-Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: SCHREIBMASCHINE [Administrator]

28.05.2013 12:15:18
mbam-log-2013-05-28 (12-15-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 400767
Laufzeit: 1 Stunde(n), 14 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Roaming\skype.dat (Trojan.Ransom.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 28.05.2013, 13:42   #2
markusg
/// Malware-holic
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 28.05.2013, 13:49   #3
vtopy
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Hallo Markus!

Hab schon einmal vielen Dank für die schnelle Reaktion.
Der TDSSKiller ergibt Folgendes:

Code:
ATTFilter
14:45:36.0804 0604  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:45:37.0011 0604  ============================================================
14:45:37.0011 0604  Current date / time: 2013/05/28 14:45:37.0011
14:45:37.0012 0604  SystemInfo:
14:45:37.0012 0604  
14:45:37.0012 0604  OS Version: 6.1.7601 ServicePack: 1.0
14:45:37.0012 0604  Product type: Workstation
14:45:37.0012 0604  ComputerName: SCHREIBMASCHINE
14:45:37.0012 0604  UserName: ***
14:45:37.0012 0604  Windows directory: C:\Windows
14:45:37.0012 0604  System windows directory: C:\Windows
14:45:37.0012 0604  Running under WOW64
14:45:37.0012 0604  Processor architecture: Intel x64
14:45:37.0012 0604  Number of processors: 2
14:45:37.0012 0604  Page size: 0x1000
14:45:37.0012 0604  Boot type: Normal boot
14:45:37.0012 0604  ============================================================
14:45:37.0535 0604  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:45:37.0542 0604  ============================================================
14:45:37.0542 0604  \Device\Harddisk0\DR0:
14:45:37.0546 0604  MBR partitions:
14:45:37.0546 0604  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
14:45:37.0546 0604  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
14:45:37.0546 0604  ============================================================
14:45:37.0577 0604  C: <-> \Device\Harddisk0\DR0\Partition2
14:45:37.0577 0604  ============================================================
14:45:37.0577 0604  Initialize success
14:45:37.0577 0604  ============================================================
14:46:22.0458 2072  ============================================================
14:46:22.0458 2072  Scan started
14:46:22.0458 2072  Mode: Manual; SigCheck; TDLFS; 
14:46:22.0458 2072  ============================================================
14:46:22.0873 2072  ================ Scan system memory ========================
14:46:22.0873 2072  System memory - ok
14:46:22.0874 2072  ================ Scan services =============================
14:46:23.0081 2072  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:46:23.0152 2072  1394ohci - ok
14:46:23.0216 2072  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:46:23.0257 2072  ACPI - ok
14:46:23.0287 2072  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:46:23.0307 2072  AcpiPmi - ok
14:46:23.0422 2072  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:46:23.0445 2072  AdobeARMservice - ok
14:46:23.0614 2072  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:46:23.0645 2072  AdobeFlashPlayerUpdateSvc - ok
14:46:23.0702 2072  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:46:23.0730 2072  adp94xx - ok
14:46:23.0801 2072  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:46:23.0837 2072  adpahci - ok
14:46:23.0876 2072  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:46:23.0893 2072  adpu320 - ok
14:46:23.0920 2072  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:46:23.0971 2072  AeLookupSvc - ok
14:46:24.0036 2072  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:46:24.0070 2072  AFD - ok
14:46:24.0097 2072  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:46:24.0113 2072  agp440 - ok
14:46:24.0130 2072  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:46:24.0150 2072  ALG - ok
14:46:24.0162 2072  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:46:24.0176 2072  aliide - ok
14:46:24.0190 2072  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:46:24.0203 2072  amdide - ok
14:46:24.0224 2072  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:46:24.0241 2072  AmdK8 - ok
14:46:24.0261 2072  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:46:24.0278 2072  AmdPPM - ok
14:46:24.0296 2072  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:46:24.0314 2072  amdsata - ok
14:46:24.0339 2072  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:46:24.0356 2072  amdsbs - ok
14:46:24.0374 2072  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:46:24.0388 2072  amdxata - ok
14:46:24.0498 2072  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:46:24.0521 2072  AntiVirSchedulerService - ok
14:46:24.0563 2072  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:46:24.0586 2072  AntiVirService - ok
14:46:24.0630 2072  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:46:24.0691 2072  AppID - ok
14:46:24.0734 2072  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:46:24.0776 2072  AppIDSvc - ok
14:46:24.0824 2072  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:46:24.0854 2072  Appinfo - ok
14:46:24.0877 2072  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:46:24.0895 2072  arc - ok
14:46:24.0913 2072  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:46:24.0931 2072  arcsas - ok
14:46:24.0965 2072  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:46:25.0019 2072  AsyncMac - ok
14:46:25.0048 2072  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:46:25.0061 2072  atapi - ok
14:46:25.0164 2072  [ DE9FB3DADE8FD39AE2C587DF22D36B8E ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:46:25.0283 2072  athr - ok
14:46:25.0376 2072  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
14:46:25.0417 2072  atksgt - ok
14:46:25.0452 2072  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:46:25.0507 2072  AudioEndpointBuilder - ok
14:46:25.0518 2072  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:46:25.0567 2072  AudioSrv - ok
14:46:25.0609 2072  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:46:25.0635 2072  avgntflt - ok
14:46:25.0692 2072  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:46:25.0710 2072  avipbb - ok
14:46:25.0785 2072  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:46:25.0808 2072  avkmgr - ok
14:46:25.0849 2072  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:46:25.0874 2072  AxInstSV - ok
14:46:25.0925 2072  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:46:25.0968 2072  b06bdrv - ok
14:46:25.0988 2072  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:46:26.0011 2072  b57nd60a - ok
14:46:26.0086 2072  [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:46:26.0119 2072  BBSvc - ok
14:46:26.0150 2072  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:46:26.0167 2072  BBUpdate - ok
14:46:26.0190 2072  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:46:26.0215 2072  BDESVC - ok
14:46:26.0224 2072  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:46:26.0268 2072  Beep - ok
14:46:26.0322 2072  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:46:26.0378 2072  BFE - ok
14:46:26.0430 2072  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:46:26.0516 2072  BITS - ok
14:46:26.0548 2072  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:46:26.0562 2072  blbdrive - ok
14:46:26.0597 2072  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:46:26.0636 2072  bowser - ok
14:46:26.0681 2072  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:46:26.0708 2072  BrFiltLo - ok
14:46:26.0725 2072  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:46:26.0743 2072  BrFiltUp - ok
14:46:26.0795 2072  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:46:26.0833 2072  Browser - ok
14:46:26.0856 2072  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:46:26.0887 2072  Brserid - ok
14:46:26.0903 2072  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:46:26.0924 2072  BrSerWdm - ok
14:46:26.0929 2072  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:46:26.0952 2072  BrUsbMdm - ok
14:46:26.0957 2072  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:46:26.0971 2072  BrUsbSer - ok
14:46:27.0006 2072  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:46:27.0024 2072  BTHMODEM - ok
14:46:27.0048 2072  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:46:27.0094 2072  bthserv - ok
14:46:27.0106 2072  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:46:27.0153 2072  cdfs - ok
14:46:27.0183 2072  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:46:27.0198 2072  cdrom - ok
14:46:27.0218 2072  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:46:27.0263 2072  CertPropSvc - ok
14:46:27.0290 2072  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:46:27.0307 2072  circlass - ok
14:46:27.0333 2072  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:46:27.0353 2072  CLFS - ok
14:46:27.0427 2072  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:27.0449 2072  clr_optimization_v2.0.50727_32 - ok
14:46:27.0504 2072  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:46:27.0527 2072  clr_optimization_v2.0.50727_64 - ok
14:46:27.0632 2072  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:27.0661 2072  clr_optimization_v4.0.30319_32 - ok
14:46:27.0693 2072  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:46:27.0707 2072  clr_optimization_v4.0.30319_64 - ok
14:46:27.0743 2072  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:46:27.0772 2072  CmBatt - ok
14:46:27.0787 2072  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:46:27.0802 2072  cmdide - ok
14:46:27.0858 2072  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:46:27.0888 2072  CNG - ok
14:46:27.0921 2072  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:46:27.0934 2072  Compbatt - ok
14:46:27.0962 2072  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:46:27.0983 2072  CompositeBus - ok
14:46:28.0001 2072  COMSysApp - ok
14:46:28.0024 2072  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:46:28.0039 2072  crcdisk - ok
14:46:28.0096 2072  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:46:28.0139 2072  CryptSvc - ok
14:46:28.0181 2072  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:46:28.0240 2072  DcomLaunch - ok
14:46:28.0272 2072  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:46:28.0321 2072  defragsvc - ok
14:46:28.0331 2072  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:46:28.0375 2072  DfsC - ok
14:46:28.0409 2072  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:46:28.0434 2072  Dhcp - ok
14:46:28.0465 2072  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:46:28.0511 2072  discache - ok
14:46:28.0543 2072  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:46:28.0558 2072  Disk - ok
14:46:28.0573 2072  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:46:28.0594 2072  Dnscache - ok
14:46:28.0613 2072  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:46:28.0659 2072  dot3svc - ok
14:46:28.0676 2072  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:46:28.0719 2072  DPS - ok
14:46:28.0750 2072  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:46:28.0767 2072  drmkaud - ok
14:46:28.0826 2072  [ AEA290020589EAF37BA17BA4B0C60937 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:46:28.0843 2072  DsiWMIService - ok
14:46:28.0912 2072  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:46:28.0981 2072  DXGKrnl - ok
14:46:29.0005 2072  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:46:29.0050 2072  EapHost - ok
14:46:29.0151 2072  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:46:29.0258 2072  ebdrv - ok
14:46:29.0304 2072  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:46:29.0338 2072  EFS - ok
14:46:29.0413 2072  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:46:29.0456 2072  ehRecvr - ok
14:46:29.0476 2072  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:46:29.0493 2072  ehSched - ok
14:46:29.0533 2072  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:46:29.0560 2072  elxstor - ok
14:46:29.0671 2072  [ AC5C64F828C0A6A1350971501AC2A0C7 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:46:29.0746 2072  ePowerSvc - ok
14:46:29.0758 2072  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:46:29.0774 2072  ErrDev - ok
14:46:29.0814 2072  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:46:29.0864 2072  EventSystem - ok
14:46:29.0889 2072  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:46:29.0938 2072  exfat - ok
14:46:29.0956 2072  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:46:30.0002 2072  fastfat - ok
14:46:30.0044 2072  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:46:30.0080 2072  Fax - ok
14:46:30.0097 2072  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:46:30.0112 2072  fdc - ok
14:46:30.0142 2072  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:46:30.0186 2072  fdPHost - ok
14:46:30.0196 2072  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:46:30.0241 2072  FDResPub - ok
14:46:30.0264 2072  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:46:30.0278 2072  FileInfo - ok
14:46:30.0293 2072  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:46:30.0336 2072  Filetrace - ok
14:46:30.0404 2072  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:46:30.0440 2072  FLEXnet Licensing Service - ok
14:46:30.0468 2072  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:46:30.0484 2072  flpydisk - ok
14:46:30.0501 2072  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:46:30.0522 2072  FltMgr - ok
14:46:30.0597 2072  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:46:30.0675 2072  FontCache - ok
14:46:30.0726 2072  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:46:30.0744 2072  FontCache3.0.0.0 - ok
14:46:30.0763 2072  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:46:30.0785 2072  FsDepends - ok
14:46:30.0837 2072  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:46:30.0862 2072  Fs_Rec - ok
14:46:30.0923 2072  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:46:30.0957 2072  fvevol - ok
14:46:30.0985 2072  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:46:30.0999 2072  gagp30kx - ok
14:46:31.0041 2072  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:46:31.0121 2072  gpsvc - ok
14:46:31.0200 2072  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:46:31.0218 2072  GREGService - ok
14:46:31.0246 2072  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:46:31.0282 2072  hcw85cir - ok
14:46:31.0318 2072  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:46:31.0352 2072  HdAudAddService - ok
14:46:31.0381 2072  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:46:31.0401 2072  HDAudBus - ok
14:46:31.0436 2072  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
14:46:31.0448 2072  HECIx64 - ok
14:46:31.0465 2072  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:46:31.0480 2072  HidBatt - ok
14:46:31.0496 2072  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:46:31.0518 2072  HidBth - ok
14:46:31.0540 2072  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:46:31.0560 2072  HidIr - ok
14:46:31.0595 2072  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:46:31.0645 2072  hidserv - ok
14:46:31.0699 2072  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:46:31.0727 2072  HidUsb - ok
14:46:31.0808 2072  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:46:31.0900 2072  hkmsvc - ok
14:46:31.0934 2072  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:46:31.0953 2072  HomeGroupListener - ok
14:46:31.0982 2072  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:46:31.0999 2072  HomeGroupProvider - ok
14:46:32.0022 2072  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:46:32.0038 2072  HpSAMD - ok
14:46:32.0094 2072  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:46:32.0167 2072  HTTP - ok
14:46:32.0176 2072  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:46:32.0188 2072  hwpolicy - ok
14:46:32.0230 2072  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:46:32.0247 2072  i8042prt - ok
14:46:32.0294 2072  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\Windows\system32\drivers\iaStor.sys
14:46:32.0311 2072  iaStor - ok
14:46:32.0337 2072  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:46:32.0360 2072  iaStorV - ok
14:46:32.0468 2072  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:46:32.0479 2072  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:46:32.0479 2072  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:46:32.0547 2072  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:46:32.0631 2072  idsvc - ok
14:46:32.0913 2072  [ 9937600A1584FF00565D5379EB4C9EDB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:46:33.0287 2072  igfx - ok
14:46:33.0328 2072  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:46:33.0343 2072  iirsp - ok
14:46:33.0387 2072  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:46:33.0498 2072  IKEEXT - ok
14:46:33.0530 2072  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
14:46:33.0558 2072  Impcd - ok
14:46:33.0656 2072  [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:46:33.0769 2072  IntcAzAudAddService - ok
14:46:33.0785 2072  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:46:33.0798 2072  intelide - ok
14:46:33.0827 2072  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:46:33.0843 2072  intelppm - ok
14:46:33.0883 2072  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:46:33.0945 2072  IPBusEnum - ok
14:46:33.0958 2072  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:46:34.0000 2072  IpFilterDriver - ok
14:46:34.0084 2072  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:46:34.0136 2072  iphlpsvc - ok
14:46:34.0159 2072  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:46:34.0183 2072  IPMIDRV - ok
14:46:34.0203 2072  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:46:34.0252 2072  IPNAT - ok
14:46:34.0283 2072  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:46:34.0302 2072  IRENUM - ok
14:46:34.0324 2072  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:46:34.0338 2072  isapnp - ok
14:46:34.0355 2072  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:46:34.0375 2072  iScsiPrt - ok
14:46:34.0418 2072  [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:46:34.0429 2072  IviRegMgr - ok
14:46:34.0463 2072  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
14:46:34.0484 2072  k57nd60a - ok
14:46:34.0508 2072  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:46:34.0522 2072  kbdclass - ok
14:46:34.0554 2072  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:46:34.0568 2072  kbdhid - ok
14:46:34.0582 2072  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:46:34.0596 2072  KeyIso - ok
14:46:34.0638 2072  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:46:34.0670 2072  KSecDD - ok
14:46:34.0677 2072  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:46:34.0693 2072  KSecPkg - ok
14:46:34.0710 2072  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:46:34.0755 2072  ksthunk - ok
14:46:34.0796 2072  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:46:34.0846 2072  KtmRm - ok
14:46:34.0883 2072  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:46:34.0932 2072  LanmanServer - ok
14:46:34.0959 2072  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:46:35.0003 2072  LanmanWorkstation - ok
14:46:35.0099 2072  [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService  C:\Windows\runservice.exe
14:46:35.0107 2072  LicCtrlService ( UnsignedFile.Multi.Generic ) - warning
14:46:35.0107 2072  LicCtrlService - detected UnsignedFile.Multi.Generic (1)
14:46:35.0199 2072  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
14:46:35.0221 2072  lirsgt - ok
14:46:35.0267 2072  [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:46:35.0294 2072  Live Updater Service - ok
14:46:35.0324 2072  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:46:35.0374 2072  lltdio - ok
14:46:35.0399 2072  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:46:35.0448 2072  lltdsvc - ok
14:46:35.0469 2072  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:46:35.0518 2072  lmhosts - ok
14:46:35.0604 2072  [ 9D8B95C0EAE145C46BC4A727B23DA395 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:46:35.0620 2072  LMS - ok
14:46:35.0672 2072  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:46:35.0687 2072  LSI_FC - ok
14:46:35.0700 2072  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:46:35.0715 2072  LSI_SAS - ok
14:46:35.0729 2072  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:46:35.0743 2072  LSI_SAS2 - ok
14:46:35.0763 2072  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:46:35.0778 2072  LSI_SCSI - ok
14:46:35.0801 2072  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:46:35.0845 2072  luafv - ok
14:46:35.0848 2072  McAfee SiteAdvisor Service - ok
14:46:35.0871 2072  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:46:35.0887 2072  Mcx2Svc - ok
14:46:35.0908 2072  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:46:35.0921 2072  megasas - ok
14:46:35.0944 2072  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:46:35.0964 2072  MegaSR - ok
14:46:36.0064 2072  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:46:36.0089 2072  Microsoft Office Groove Audit Service - ok
14:46:36.0120 2072  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:46:36.0164 2072  MMCSS - ok
14:46:36.0183 2072  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:46:36.0227 2072  Modem - ok
14:46:36.0265 2072  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:46:36.0283 2072  monitor - ok
14:46:36.0334 2072  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:46:36.0347 2072  mouclass - ok
14:46:36.0371 2072  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:46:36.0388 2072  mouhid - ok
14:46:36.0401 2072  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:46:36.0418 2072  mountmgr - ok
14:46:36.0490 2072  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:46:36.0504 2072  MozillaMaintenance - ok
14:46:36.0540 2072  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:46:36.0555 2072  mpio - ok
14:46:36.0615 2072  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:46:36.0672 2072  mpsdrv - ok
14:46:36.0715 2072  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:46:36.0771 2072  MpsSvc - ok
14:46:36.0778 2072  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:46:36.0800 2072  MRxDAV - ok
14:46:36.0811 2072  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:46:36.0842 2072  mrxsmb - ok
14:46:36.0865 2072  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:46:36.0882 2072  mrxsmb10 - ok
14:46:36.0902 2072  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:46:36.0917 2072  mrxsmb20 - ok
14:46:36.0930 2072  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:46:36.0943 2072  msahci - ok
14:46:36.0960 2072  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:46:36.0975 2072  msdsm - ok
14:46:36.0994 2072  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:46:37.0011 2072  MSDTC - ok
14:46:37.0027 2072  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:46:37.0070 2072  Msfs - ok
14:46:37.0097 2072  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:46:37.0139 2072  mshidkmdf - ok
14:46:37.0154 2072  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:46:37.0166 2072  msisadrv - ok
14:46:37.0200 2072  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:46:37.0249 2072  MSiSCSI - ok
14:46:37.0252 2072  msiserver - ok
14:46:37.0278 2072  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:46:37.0324 2072  MSKSSRV - ok
14:46:37.0351 2072  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:46:37.0393 2072  MSPCLOCK - ok
14:46:37.0406 2072  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:46:37.0448 2072  MSPQM - ok
14:46:37.0472 2072  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:46:37.0492 2072  MsRPC - ok
14:46:37.0507 2072  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:46:37.0520 2072  mssmbios - ok
14:46:37.0524 2072  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:46:37.0567 2072  MSTEE - ok
14:46:37.0589 2072  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:46:37.0602 2072  MTConfig - ok
14:46:37.0619 2072  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:46:37.0633 2072  Mup - ok
14:46:37.0664 2072  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:46:37.0715 2072  napagent - ok
14:46:37.0765 2072  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:46:37.0810 2072  NativeWifiP - ok
14:46:37.0881 2072  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:46:37.0947 2072  NDIS - ok
14:46:37.0979 2072  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:46:38.0021 2072  NdisCap - ok
14:46:38.0044 2072  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:46:38.0087 2072  NdisTapi - ok
14:46:38.0115 2072  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:46:38.0157 2072  Ndisuio - ok
14:46:38.0171 2072  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:46:38.0215 2072  NdisWan - ok
14:46:38.0229 2072  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:46:38.0271 2072  NDProxy - ok
14:46:38.0282 2072  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:46:38.0326 2072  NetBIOS - ok
14:46:38.0347 2072  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:46:38.0393 2072  NetBT - ok
14:46:38.0404 2072  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:46:38.0417 2072  Netlogon - ok
14:46:38.0463 2072  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:46:38.0529 2072  Netman - ok
14:46:38.0550 2072  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:46:38.0602 2072  netprofm - ok
14:46:38.0630 2072  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:46:38.0641 2072  NetTcpPortSharing - ok
14:46:38.0663 2072  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:46:38.0677 2072  nfrd960 - ok
14:46:38.0696 2072  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:46:38.0715 2072  NlaSvc - ok
14:46:38.0731 2072  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:46:38.0775 2072  Npfs - ok
14:46:38.0793 2072  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:46:38.0837 2072  nsi - ok
14:46:38.0841 2072  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:46:38.0884 2072  nsiproxy - ok
14:46:38.0972 2072  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:46:39.0067 2072  Ntfs - ok
14:46:39.0118 2072  [ 1873214666F6F0A883742DF91FBC48C9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
14:46:39.0144 2072  NTI IScheduleSvc - ok
14:46:39.0179 2072  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
14:46:39.0197 2072  NTIDrvr - ok
14:46:39.0215 2072  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:46:39.0278 2072  Null - ok
14:46:39.0296 2072  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:46:39.0313 2072  nvraid - ok
14:46:39.0333 2072  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:46:39.0349 2072  nvstor - ok
14:46:39.0367 2072  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:46:39.0382 2072  nv_agp - ok
14:46:39.0460 2072  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:46:39.0496 2072  odserv - ok
14:46:39.0508 2072  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:46:39.0524 2072  ohci1394 - ok
14:46:39.0567 2072  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:46:39.0583 2072  ose - ok
14:46:39.0614 2072  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:46:39.0638 2072  p2pimsvc - ok
14:46:39.0677 2072  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:46:39.0702 2072  p2psvc - ok
14:46:39.0732 2072  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:46:39.0758 2072  Parport - ok
14:46:39.0813 2072  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:46:39.0840 2072  partmgr - ok
14:46:39.0879 2072  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:46:39.0920 2072  PcaSvc - ok
14:46:39.0944 2072  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:46:39.0963 2072  pci - ok
14:46:39.0977 2072  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:46:39.0992 2072  pciide - ok
14:46:40.0014 2072  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:46:40.0035 2072  pcmcia - ok
14:46:40.0055 2072  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:46:40.0069 2072  pcw - ok
14:46:40.0098 2072  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:46:40.0154 2072  PEAUTH - ok
14:46:40.0261 2072  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:46:40.0291 2072  PerfHost - ok
14:46:40.0367 2072  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:46:40.0480 2072  pla - ok
14:46:40.0525 2072  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:46:40.0573 2072  PlugPlay - ok
14:46:40.0586 2072  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:46:40.0604 2072  PNRPAutoReg - ok
14:46:40.0625 2072  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:46:40.0647 2072  PNRPsvc - ok
14:46:40.0685 2072  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:46:40.0746 2072  PolicyAgent - ok
14:46:40.0762 2072  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:46:40.0808 2072  Power - ok
14:46:40.0834 2072  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:46:40.0879 2072  PptpMiniport - ok
14:46:40.0897 2072  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:46:40.0911 2072  Processor - ok
14:46:40.0945 2072  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:46:40.0966 2072  ProfSvc - ok
14:46:40.0981 2072  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:46:40.0994 2072  ProtectedStorage - ok
14:46:41.0022 2072  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:46:41.0070 2072  Psched - ok
14:46:41.0102 2072  [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:46:41.0115 2072  PSI_SVC_2 - ok
14:46:41.0169 2072  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:46:41.0249 2072  ql2300 - ok
14:46:41.0265 2072  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:46:41.0280 2072  ql40xx - ok
14:46:41.0326 2072  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:46:41.0366 2072  QWAVE - ok
14:46:41.0377 2072  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:46:41.0397 2072  QWAVEdrv - ok
14:46:41.0412 2072  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:46:41.0455 2072  RasAcd - ok
14:46:41.0520 2072  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:46:41.0570 2072  RasAgileVpn - ok
14:46:41.0584 2072  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:46:41.0629 2072  RasAuto - ok
14:46:41.0646 2072  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:46:41.0690 2072  Rasl2tp - ok
14:46:41.0713 2072  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:46:41.0761 2072  RasMan - ok
14:46:41.0766 2072  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:46:41.0810 2072  RasPppoe - ok
14:46:41.0829 2072  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:46:41.0872 2072  RasSstp - ok
14:46:41.0895 2072  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:46:41.0941 2072  rdbss - ok
14:46:41.0956 2072  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:46:41.0973 2072  rdpbus - ok
14:46:41.0990 2072  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:46:42.0033 2072  RDPCDD - ok
14:46:42.0044 2072  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:46:42.0086 2072  RDPENCDD - ok
14:46:42.0107 2072  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:46:42.0150 2072  RDPREFMP - ok
14:46:42.0203 2072  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:46:42.0252 2072  RDPWD - ok
14:46:42.0289 2072  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:46:42.0321 2072  rdyboost - ok
14:46:42.0360 2072  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:46:42.0410 2072  RemoteAccess - ok
14:46:42.0456 2072  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:46:42.0503 2072  RemoteRegistry - ok
14:46:42.0521 2072  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:46:42.0569 2072  RpcEptMapper - ok
14:46:42.0594 2072  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:46:42.0610 2072  RpcLocator - ok
14:46:42.0635 2072  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:46:42.0688 2072  RpcSs - ok
14:46:42.0727 2072  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:46:42.0770 2072  rspndr - ok
14:46:42.0816 2072  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
14:46:42.0832 2072  RSUSBSTOR - ok
14:46:42.0898 2072  [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service      C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
14:46:42.0925 2072  RS_Service - ok
14:46:42.0937 2072  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:46:42.0957 2072  SamSs - ok
14:46:42.0975 2072  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:46:42.0997 2072  sbp2port - ok
14:46:43.0024 2072  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:46:43.0073 2072  SCardSvr - ok
14:46:43.0083 2072  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:46:43.0125 2072  scfilter - ok
14:46:43.0156 2072  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:46:43.0258 2072  Schedule - ok
14:46:43.0284 2072  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:46:43.0326 2072  SCPolicySvc - ok
14:46:43.0340 2072  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:46:43.0364 2072  SDRSVC - ok
14:46:43.0398 2072  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:46:43.0455 2072  secdrv - ok
14:46:43.0465 2072  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:46:43.0508 2072  seclogon - ok
14:46:43.0517 2072  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:46:43.0561 2072  SENS - ok
14:46:43.0577 2072  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:46:43.0602 2072  SensrSvc - ok
14:46:43.0623 2072  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:46:43.0637 2072  Serenum - ok
14:46:43.0653 2072  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
14:46:43.0670 2072  Serial - ok
14:46:43.0709 2072  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:46:43.0723 2072  sermouse - ok
14:46:43.0772 2072  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:46:43.0815 2072  SessionEnv - ok
14:46:43.0833 2072  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:46:43.0851 2072  sffdisk - ok
14:46:43.0891 2072  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:46:43.0910 2072  sffp_mmc - ok
14:46:43.0977 2072  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:46:44.0006 2072  sffp_sd - ok
14:46:44.0019 2072  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:46:44.0036 2072  sfloppy - ok
14:46:44.0074 2072  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:46:44.0126 2072  SharedAccess - ok
14:46:44.0146 2072  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:46:44.0195 2072  ShellHWDetection - ok
14:46:44.0226 2072  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:46:44.0239 2072  SiSRaid2 - ok
14:46:44.0254 2072  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:46:44.0269 2072  SiSRaid4 - ok
14:46:44.0355 2072  [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:46:44.0382 2072  SkypeUpdate - ok
14:46:44.0409 2072  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:46:44.0453 2072  Smb - ok
14:46:44.0510 2072  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:46:44.0541 2072  SNMPTRAP - ok
14:46:44.0558 2072  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:46:44.0580 2072  spldr - ok
14:46:44.0644 2072  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:46:44.0690 2072  Spooler - ok
14:46:44.0781 2072  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:46:44.0942 2072  sppsvc - ok
14:46:44.0963 2072  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:46:45.0007 2072  sppuinotify - ok
14:46:45.0024 2072  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:46:45.0056 2072  srv - ok
14:46:45.0078 2072  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:46:45.0099 2072  srv2 - ok
14:46:45.0111 2072  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:46:45.0128 2072  srvnet - ok
14:46:45.0160 2072  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:46:45.0209 2072  SSDPSRV - ok
14:46:45.0225 2072  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:46:45.0272 2072  SstpSvc - ok
14:46:45.0288 2072  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:46:45.0302 2072  stexstor - ok
14:46:45.0340 2072  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:46:45.0375 2072  stisvc - ok
14:46:45.0386 2072  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:46:45.0399 2072  swenum - ok
14:46:45.0418 2072  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:46:45.0472 2072  swprv - ok
14:46:45.0545 2072  [ BBA2EA927EC5CC5DEF5F1BF2B125C0F7 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:46:45.0632 2072  SynTP - ok
14:46:45.0681 2072  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:46:45.0755 2072  SysMain - ok
14:46:45.0771 2072  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:46:45.0796 2072  TabletInputService - ok
14:46:45.0816 2072  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:46:45.0865 2072  TapiSrv - ok
14:46:45.0872 2072  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:46:45.0917 2072  TBS - ok
14:46:46.0013 2072  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:46:46.0121 2072  Tcpip - ok
14:46:46.0161 2072  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:46:46.0210 2072  TCPIP6 - ok
14:46:46.0255 2072  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:46:46.0281 2072  tcpipreg - ok
14:46:46.0345 2072  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:46:46.0382 2072  TDPIPE - ok
14:46:46.0412 2072  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:46:46.0428 2072  TDTCP - ok
14:46:46.0461 2072  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:46:46.0510 2072  tdx - ok
14:46:46.0539 2072  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:46:46.0552 2072  TermDD - ok
14:46:46.0587 2072  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:46:46.0643 2072  TermService - ok
14:46:46.0664 2072  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:46:46.0684 2072  Themes - ok
14:46:46.0697 2072  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:46:46.0740 2072  THREADORDER - ok
14:46:46.0751 2072  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:46:46.0795 2072  TrkWks - ok
14:46:46.0858 2072  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:46:46.0918 2072  TrustedInstaller - ok
14:46:46.0924 2072  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:46:46.0967 2072  tssecsrv - ok
14:46:47.0007 2072  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:46:47.0033 2072  TsUsbFlt - ok
14:46:47.0051 2072  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:46:47.0066 2072  TsUsbGD - ok
14:46:47.0100 2072  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:46:47.0146 2072  tunnel - ok
14:46:47.0164 2072  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:46:47.0178 2072  uagp35 - ok
14:46:47.0194 2072  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
14:46:47.0205 2072  UBHelper - ok
14:46:47.0222 2072  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:46:47.0269 2072  udfs - ok
14:46:47.0297 2072  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:46:47.0312 2072  UI0Detect - ok
14:46:47.0372 2072  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
14:46:47.0380 2072  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
14:46:47.0380 2072  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
14:46:47.0399 2072  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:46:47.0415 2072  uliagpkx - ok
14:46:47.0436 2072  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:46:47.0451 2072  umbus - ok
14:46:47.0464 2072  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:46:47.0479 2072  UmPass - ok
14:46:47.0593 2072  [ 0B0B9F55B12767A755932C26B5FED715 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:46:47.0697 2072  UNS - ok
14:46:47.0751 2072  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:46:47.0815 2072  upnphost - ok
14:46:47.0826 2072  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:46:47.0840 2072  usbccgp - ok
14:46:47.0873 2072  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:46:47.0893 2072  usbcir - ok
14:46:47.0914 2072  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:46:47.0929 2072  usbehci - ok
14:46:47.0962 2072  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
14:46:47.0982 2072  usbhub - ok
14:46:48.0002 2072  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:46:48.0016 2072  usbohci - ok
14:46:48.0029 2072  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
14:46:48.0048 2072  usbprint - ok
14:46:48.0068 2072  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:46:48.0095 2072  USBSTOR - ok
14:46:48.0115 2072  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:46:48.0130 2072  usbuhci - ok
14:46:48.0164 2072  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:46:48.0188 2072  usbvideo - ok
14:46:48.0217 2072  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:46:48.0264 2072  UxSms - ok
14:46:48.0281 2072  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:46:48.0294 2072  VaultSvc - ok
14:46:48.0327 2072  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:46:48.0339 2072  vdrvroot - ok
14:46:48.0364 2072  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:46:48.0415 2072  vds - ok
14:46:48.0436 2072  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:46:48.0453 2072  vga - ok
14:46:48.0474 2072  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:46:48.0516 2072  VgaSave - ok
14:46:48.0530 2072  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:46:48.0546 2072  vhdmp - ok
14:46:48.0561 2072  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:46:48.0574 2072  viaide - ok
14:46:48.0586 2072  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:46:48.0599 2072  volmgr - ok
14:46:48.0618 2072  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:46:48.0637 2072  volmgrx - ok
14:46:48.0650 2072  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:46:48.0668 2072  volsnap - ok
14:46:48.0694 2072  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:46:48.0709 2072  vsmraid - ok
14:46:48.0759 2072  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:46:48.0847 2072  VSS - ok
14:46:48.0862 2072  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:46:48.0879 2072  vwifibus - ok
14:46:48.0909 2072  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:46:48.0928 2072  vwififlt - ok
14:46:48.0942 2072  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:46:48.0991 2072  W32Time - ok
14:46:49.0014 2072  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:46:49.0028 2072  WacomPen - ok
14:46:49.0060 2072  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:46:49.0105 2072  WANARP - ok
14:46:49.0122 2072  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:46:49.0164 2072  Wanarpv6 - ok
14:46:49.0207 2072  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:46:49.0279 2072  wbengine - ok
14:46:49.0297 2072  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:46:49.0324 2072  WbioSrvc - ok
14:46:49.0339 2072  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:46:49.0368 2072  wcncsvc - ok
14:46:49.0386 2072  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:46:49.0407 2072  WcsPlugInService - ok
14:46:49.0423 2072  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:46:49.0435 2072  Wd - ok
14:46:49.0510 2072  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:46:49.0562 2072  Wdf01000 - ok
14:46:49.0581 2072  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:46:49.0606 2072  WdiServiceHost - ok
14:46:49.0611 2072  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:46:49.0634 2072  WdiSystemHost - ok
14:46:49.0647 2072  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:46:49.0676 2072  WebClient - ok
14:46:49.0691 2072  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:46:49.0739 2072  Wecsvc - ok
14:46:49.0752 2072  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:46:49.0797 2072  wercplsupport - ok
14:46:49.0822 2072  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:46:49.0868 2072  WerSvc - ok
14:46:49.0905 2072  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:46:49.0963 2072  WfpLwf - ok
14:46:49.0982 2072  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:46:49.0994 2072  WIMMount - ok
14:46:50.0015 2072  WinDefend - ok
14:46:50.0019 2072  WinHttpAutoProxySvc - ok
14:46:50.0085 2072  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:46:50.0154 2072  Winmgmt - ok
14:46:50.0199 2072  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:46:50.0323 2072  WinRM - ok
14:46:50.0370 2072  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:46:50.0411 2072  Wlansvc - ok
14:46:50.0479 2072  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:46:50.0502 2072  wlcrasvc - ok
14:46:50.0630 2072  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:46:50.0725 2072  wlidsvc - ok
14:46:50.0743 2072  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:46:50.0758 2072  WmiAcpi - ok
14:46:50.0793 2072  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:46:50.0812 2072  wmiApSrv - ok
14:46:50.0855 2072  WMPNetworkSvc - ok
14:46:50.0877 2072  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:46:50.0901 2072  WPCSvc - ok
14:46:50.0919 2072  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:46:50.0940 2072  WPDBusEnum - ok
14:46:50.0963 2072  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:46:51.0010 2072  ws2ifsl - ok
14:46:51.0026 2072  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:46:51.0048 2072  wscsvc - ok
14:46:51.0052 2072  WSearch - ok
14:46:51.0143 2072  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:46:51.0255 2072  wuauserv - ok
14:46:51.0307 2072  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:46:51.0330 2072  WudfPf - ok
14:46:51.0354 2072  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:46:51.0371 2072  WUDFRd - ok
14:46:51.0454 2072  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:46:51.0483 2072  wudfsvc - ok
14:46:51.0564 2072  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:46:51.0648 2072  WwanSvc - ok
14:46:51.0669 2072  ================ Scan global ===============================
14:46:51.0687 2072  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:46:51.0745 2072  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:46:51.0758 2072  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:46:51.0810 2072  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:46:51.0845 2072  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:46:51.0852 2072  [Global] - ok
14:46:51.0853 2072  ================ Scan MBR ==================================
14:46:51.0867 2072  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:46:52.0365 2072  \Device\Harddisk0\DR0 - ok
14:46:52.0366 2072  ================ Scan VBR ==================================
14:46:52.0371 2072  [ 1661ABB4DFD4813B5EB358FEFD2CEE75 ] \Device\Harddisk0\DR0\Partition1
14:46:52.0374 2072  \Device\Harddisk0\DR0\Partition1 - ok
14:46:52.0411 2072  [ D6F9B7741827FB0A1C062AEC89EB3404 ] \Device\Harddisk0\DR0\Partition2
14:46:52.0414 2072  \Device\Harddisk0\DR0\Partition2 - ok
14:46:52.0415 2072  ============================================================
14:46:52.0415 2072  Scan finished
14:46:52.0415 2072  ============================================================
14:46:52.0434 0688  Detected object count: 3
14:46:52.0434 0688  Actual detected object count: 3
14:47:13.0447 0688  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:13.0447 0688  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:47:13.0448 0688  LicCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:13.0448 0688  LicCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:47:13.0448 0688  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:13.0448 0688  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 28.05.2013, 13:50   #4
markusg
/// Malware-holic
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 15:52   #5
vtopy
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Auch Combofix ist jetzt durchgelaufen, hier die Logfile:

Code:
ATTFilter
ComboFix 13-05-28.02 - *** 28.05.2013  16:37:15.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3764.2325 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-28  ))))))))))))))))))))))))))))))
.
.
2013-05-28 14:45 . 2013-05-28 14:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-28 10:13 . 2013-05-28 10:13	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-05-28 10:13 . 2013-05-28 10:13	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-28 10:13 . 2013-05-28 10:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-28 10:13 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-28 08:05 . 2013-05-28 08:05	--------	d-----w-	c:\users\***\AppData\Local\{BE960C05-EB43-4F17-82F2-DC2171A06762}
2013-05-28 07:20 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6F17C6F-2954-4BE7-9D51-F2F66F088CA0}\mpengine.dll
2013-05-27 08:00 . 2013-05-27 08:01	--------	d-----w-	c:\users\***\AppData\Local\{8A24FF27-909D-43CA-B23F-0E651CEA0C37}
2013-05-26 09:57 . 2013-05-26 09:57	--------	d-----w-	c:\users\***\AppData\Local\{70B55D86-F18F-45F2-AA38-C226983AD6B1}
2013-05-25 12:50 . 2013-05-25 12:51	--------	d-----w-	c:\users\***\AppData\Local\{80CD9A1B-7CB6-4AC1-A49C-D444A9B6278C}
2013-05-24 09:25 . 2013-05-24 09:26	--------	d-----w-	c:\users\***\AppData\Local\{A3CD1F48-A6BD-478A-BF5F-D44700F8FD67}
2013-05-23 07:07 . 2013-05-23 07:07	--------	d-----w-	c:\users\***\AppData\Local\{5A2660A5-E07A-4471-A934-79F4E96370DC}
2013-05-21 22:29 . 2013-05-21 22:29	--------	d-----w-	c:\users\***\AppData\Local\{88B2E5AE-E51D-4715-9878-EF6E1F68CAD4}
2013-05-21 09:43 . 2013-05-21 09:43	--------	d-----w-	c:\users\***\AppData\Local\{4207ABB0-1805-4BAD-92C2-B251A2BC0299}
2013-05-20 17:14 . 2013-05-20 17:15	--------	d-----w-	c:\users\***\AppData\Local\{ABF4ED34-7FC2-4B88-A52E-92C7D96BC88A}
2013-05-15 21:09 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-15 21:09 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-15 21:09 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-15 21:08 . 2013-04-05 01:55	182896	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-05-15 21:08 . 2013-04-05 00:51	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-15 21:08 . 2013-04-04 22:47	149632	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-05-15 21:08 . 2013-04-05 00:58	548864	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2013-05-15 21:08 . 2013-04-05 00:54	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-05-15 21:08 . 2013-04-04 22:00	768512	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-15 21:08 . 2013-04-04 22:00	194560	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-05-15 21:08 . 2013-04-04 21:57	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-15 20:50 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 08:45 . 2013-05-15 08:45	--------	d-----w-	c:\users\***\AppData\Local\{6F415FFF-0198-416C-8241-8FE31DF2A29D}
2013-05-15 07:55 . 2013-05-15 07:55	--------	d-----w-	c:\users\***\AppData\Local\{A1411827-AFE7-4F45-A84A-CA0FCC7F6B3F}
2013-05-14 12:11 . 2013-05-14 12:11	--------	d-----w-	c:\users\***\AppData\Local\{6AF18987-0C7D-4C10-BB41-CF68F046601E}
2013-05-13 20:08 . 2013-05-13 20:09	--------	d-----w-	c:\users\***\AppData\Local\{487E4C33-7739-48D2-A78C-F755D47AE2CE}
2013-05-13 07:52 . 2013-05-13 07:52	--------	d-----w-	c:\users\***\AppData\Local\{334BD2C4-3334-4A6E-A06C-EB858D38E881}
2013-05-12 14:55 . 2013-05-12 14:55	--------	d-----w-	c:\users\***\AppData\Local\{E0C73AEB-065E-4AC4-AD27-83F5E9B2144E}
2013-05-11 09:42 . 2013-05-11 09:42	--------	d-----w-	c:\users\***\AppData\Local\{D2BDC13C-D0B3-4A08-9ACA-4B6EAD57EDD7}
2013-05-10 08:03 . 2013-05-10 08:03	--------	d-----w-	c:\users\***\AppData\Local\{64F77BCE-7D81-4FCC-9CA2-54C4F7E3ACE1}
2013-05-09 10:21 . 2013-05-09 10:21	--------	d-----w-	c:\users\***\AppData\Local\{8EFE75B8-988D-4BA6-A449-159706DA8C28}
2013-05-08 12:29 . 2013-05-08 12:29	--------	d-----w-	c:\users\***\AppData\Local\{309D653F-2D10-43A2-A1E0-6B06E00332A5}
2013-05-08 12:28 . 2013-05-08 12:28	--------	d-----w-	c:\users\***\AppData\Local\{EC7D15DB-B315-40BE-8309-22276B5BAF69}
2013-05-07 20:41 . 2013-05-07 20:41	--------	d-----w-	c:\users\***\AppData\Local\{DCFF68B4-0690-424A-9795-8051E7BA4A18}
2013-05-07 13:39 . 2013-05-07 13:38	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-07 07:39 . 2013-05-07 07:39	--------	d-----w-	c:\users\***\AppData\Local\{F4330BCA-FD91-47C1-9F53-16836D6B080A}
2013-05-06 07:40 . 2013-05-06 07:40	--------	d-----w-	c:\users\***\AppData\Local\{60DFAD30-973F-469F-9AFB-99BE44FAA6DC}
2013-05-05 13:34 . 2013-05-05 13:35	--------	d-----w-	c:\users\***\AppData\Local\{9FEAF07E-4942-4B9E-B6D2-DCB91118D62A}
2013-05-04 18:51 . 2013-05-04 18:51	--------	d-----w-	c:\users\***\AppData\Local\{4F9CA7E6-3718-48DD-856E-16383910B348}
2013-05-04 15:07 . 2013-05-04 15:07	--------	d-----w-	c:\users\***\AppData\Local\Risen
2013-05-04 15:02 . 2013-05-04 15:02	314016	----a-w-	c:\windows\system32\drivers\atksgt.sys
2013-05-04 15:02 . 2013-05-04 15:02	43680	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2013-05-04 15:02 . 2013-05-04 15:02	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-05-04 15:02 . 2013-05-04 15:02	--------	d-----w-	c:\windows\SysWow64\AGEIA
2013-05-04 15:02 . 2013-05-04 15:02	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-04 14:55 . 2013-05-04 14:55	--------	d-----w-	c:\program files (x86)\Deep Silver
2013-05-03 07:17 . 2013-05-03 07:18	--------	d-----w-	c:\users\***\AppData\Local\{5BFDE256-2DA9-40FC-BDCC-F5B35EB088ED}
2013-05-02 19:00 . 2013-05-02 19:00	--------	d-----w-	c:\users\***\AppData\Local\{09E38A5D-0B68-48C4-82AE-BD99836436D9}
2013-05-02 12:10 . 2013-05-02 12:10	--------	d-----w-	c:\users\***\AppData\Local\{CBF772A7-9AC2-49BA-91AE-4184B9DFD4B9}
2013-05-02 08:11 . 2013-05-02 08:11	--------	d-----w-	c:\users\***\AppData\Local\{8A343F5E-E6A3-4B91-8268-4C5ADF71DEDA}
2013-05-02 07:49 . 2013-05-02 07:49	--------	d-----w-	c:\users\***\AppData\Local\{59E680AF-63ED-4E00-A8AF-725CA13076EB}
2013-05-01 09:49 . 2013-05-01 09:49	--------	d-----w-	c:\users\***\AppData\Local\{3393BF22-EA44-41EB-9614-D3EC989EBB9D}
2013-04-30 22:36 . 2013-04-30 22:36	--------	d-----w-	c:\users\***\AppData\Local\{DAFD2228-145C-4C71-AFF6-62A443D11805}
2013-04-30 10:33 . 2013-04-30 10:33	--------	d-----w-	c:\users\***\AppData\Local\{CFC71369-5D00-4947-8B48-B13F5E9D626E}
2013-04-29 10:41 . 2013-04-29 10:41	--------	d-----w-	c:\users\***\AppData\Local\{9C71E391-F19D-44B0-8D7A-A031F7FA07A6}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 21:14 . 2012-07-08 14:40	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 19:25 . 2012-07-08 13:06	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 19:25 . 2012-01-10 12:48	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 10:15 . 2011-03-29 02:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 20:50	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 20:50	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 20:50	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 20:50	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 20:50	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 20:50	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 08:22	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-03 11:31 . 2013-04-03 11:31	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-03 11:31 . 2012-07-07 14:29	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-04-03 11:31 . 2012-07-07 14:29	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-28 09:45 . 2013-03-28 09:45	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-28 09:45 . 2013-03-28 09:45	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-28 09:45 . 2013-03-28 09:45	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-10 08:16	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 08:16	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 08:16	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:16	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 08:16	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 08:16	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-18 23:34 . 2013-03-18 23:34	126976	----a-w-	c:\windows\lcmmfu.cpl
2013-03-18 23:34 . 2013-03-18 23:34	48640	----a-w-	c:\windows\mmfs.dll
2013-03-18 23:34 . 2013-03-18 23:34	2560	----a-w-	c:\windows\Runservice.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-04-19 1097808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UVS10 Preload"="c:\program files (x86)\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2012-07-12 155648]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2012-1-10 723560]
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-7-9 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2013-03-18 2560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 19:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-20 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-20 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ncbypbyq.default\
FF - ExtSQL: 2013-05-15 21:28; helper@savefrom.net; c:\users\Ralf Schönfelder\AppData\Roaming\Mozilla\Firefox\Profiles\ncbypbyq.default\extensions\helper@savefrom.net.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Free AVI Video Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2663514295-945132651-3534600787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Œ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2663514295-945132651-3534600787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Œ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2663514295-945132651-3534600787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**Œ]
"0"=hex:44,3a,5c,56,69,64,65,6f,73,5c,4b,61,6c,6b,6f,66,65,73,20,4d,61,74,74,
   73,63,68,65,69,62,65,20,2d,20,42,61,62,61,72,61,20,53,61,6c,65,73,63,68,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-28  16:49:54
ComboFix-quarantined-files.txt  2013-05-28 14:49
.
Vor Suchlauf: 10 Verzeichnis(se), 23.638.847.488 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 23.794.200.576 Bytes frei
.
- - End Of File - - 1436AE85A61D4A834E705647CE321452
         


Alt 28.05.2013, 16:27   #6
markusg
/// Malware-holic
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Hi, waren das alle Malwarebytes logs mit Funden?
falls nein benötige ich alle.
http://www.trojaner-board.de/125889-...en-posten.html
__________________
--> Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"

Alt 28.05.2013, 16:36   #7
vtopy
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Sorry, ich dachte, es ist nur der Teil wichtig, der sich auf die Ransomware bezieht und habe den Rest rauseditiert.
Hier der komplette Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: SCHREIBMASCHINE [Administrator]

28.05.2013 12:15:18
mbam-log-2013-05-28 (12-15-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 400767
Laufzeit: 1 Stunde(n), 14 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\***\DOSBox-Verzeichnis in Windows Explorer öffnen.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\***\Installationsverzeichnis in Windows Explorer öffnen.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\skype.dat (Trojan.Ransom.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 28.05.2013, 16:38   #8
markusg
/// Malware-holic
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Hi,
es ist immer alles an Funden wichtig.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 17:16   #9
vtopy
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Alles klar, bin die Liste durchgegangen. Da meine PC-Kenntnisse rudimentär sind, gibt es manche Programme, die mir zwar nichts sagen, deren Name aber koscher klingt. Z.B. die ganzen Acer-Programme. Diese habe ich mit "notwendig, nehme ich an" gekennzeichnet.

Code:
ATTFilter
Acer Backup Manager	NTI Corporation	10.01.2012	336 MB	3.0.0.99 notwendig (nehme ich an)
Acer Crystal Eye Webcam	CyberLink Corp.	25.02.2012	33,7 MB	1.0.1904 notwendig (nehme ich an)
Acer ePower Management	Acer Incorporated	25.02.2012		6.00.3007 notwendig (nehme ich an)
Acer eRecovery Management	Acer Incorporated	10.01.2012		5.00.3502 notwendig (nehme ich an)
Acer Registration	Acer Incorporated	25.02.2012		1.04.3505 notwendig (nehme ich an)
Acer ScreenSaver	Acer Incorporated	25.02.2012		1.1.0517.2011 notwendig (nehme ich an)
Acer Updater	Acer Incorporated	10.01.2012		1.02.3500 notwendig (nehme ich an)
Acer VCM	Acer Incorporated	10.01.2012		4.05.3501 notwendig (nehme ich an)
ActiveX контрола на Windows Live Mesh за отдалечени връзки	Microsoft Corporation	08.07.2012	5,57 MB	15.4.5722.2  notwendig
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	15.05.2013	6,00 MB	11.7.700.202 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	15.05.2013	6,00 MB	11.7.700.202 notwendig
Adobe Photoshop 7.0	Adobe Systems, Inc.	09.07.2012		7.0 notwendig
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	07.07.2012	121 MB	10.1.3 notwendig
Avira Free Antivirus	Avira	07.05.2013	137 MB	13.0.0.3640 notwendig
Bing Bar	Microsoft Corporation	25.02.2012	27,0 MB	7.0.765.0 unbekannt
Broadcom NetLink Controller	Broadcom Corporation	10.01.2012	508 KB	14.8.4.1 unbekannt
CCleaner	Piriform	24.05.2013		4.02 notwendig
Civilization III		28.04.2013	notwendig	
Control ActiveX de Windows Live Mesh para conexiones remotas	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 notwendig (nehme ich an)
Control ActiveX del Windows Live Mesh per a connexions remotes	Microsoft Corporation	08.07.2012	5,57 MB	15.4.5722.2 notwendig (nehme ich an)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 notwendig (nehme ich an)
Controle ActiveX do Windows Live Mesh para Conexões Remotas	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 notwendig (nehme ich an)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas	Microsoft Corporation	08.07.2012	5,38 MB	15.4.5722.2 notwendig (nehme ich an)
Contrôle ActiveX Windows Live Mesh pour connexions à distance	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 notwendig (nehme ich an)
Corel WinDVD	Corel Inc.	25.02.2012	291 MB	10.0.5.899 unnötig
DivX-Setup	DivX, LLC	12.07.2012		2.6.1.9 notwendig
Dropbox	Dropbox, Inc.	28.03.2013		1.6.18 notwendig
DVD Flick 1.3.0.6	Dennis Meuwissen	07.07.2012		1.3.0.6 notwendig
ElsterFormular	Landesfinanzdirektion Thüringen	22.03.2013	188 MB	14.1.20130301 notwendig
eMule		07.07.2012	notwendig	
Evernote v. 4.5.1	Evernote Corp.	10.01.2012	151 MB	4.5.1.5451 unnötig
ffdshow v1.2.4422 [2012-04-09]		12.07.2012	13,3 MB	1.2.4422.0 notwendig
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 notwendig (nehme ich an)
Free AVI Video Converter version 5.0.21.1212	DVDVideoSoft Ltd.	13.01.2013	75,9 MB	5.0.21.1212 notwendig
Free FLV Converter V 7.5.0	Koyote Soft	24.11.2012	17,6 MB	7.5.0.0 notwendig
Free M4a to MP3 Converter 7.0	ManiacTools.com	17.12.2012	3,95 MB	notwendig
Free YouTube Download version 3.2.1.320	DVDVideoSoft Ltd.	02.04.2013	70,7 MB	3.2.1.320 notwendig
Haali Media Splitter		12.07.2012	notwendig	
Identity Card	Acer Incorporated	25.02.2012		1.00.3501 notwendig (nehme ich an)
Indeo® software		12.07.2012	notwendig	
Install Absolute Data Protect	Absolute Software	07.07.2012	642 KB	1.0.0.42 notwendig (nehme ich an)
Intel(R) Control Center	Intel Corporation	25.02.2012		1.2.1.1007 notwendig (nehme ich an)
Intel(R) Management Engine Components	Intel Corporation	25.02.2012		6.0.0.1179 notwendig (nehme ich an)
Intel(R) Processor Graphics	Intel Corporation	25.02.2012		8.15.10.2418 notwendig (nehme ich an)
Java 7 Update 17	Oracle	03.04.2013	129 MB	7.0.170 notwendig
Java 7 Update 7 (64-bit)	Oracle	04.09.2012	127 MB	7.0.70 notwendig
JavaFX 2.1.1	Oracle Corporation	07.07.2012	20,8 MB	2.1.1 notwendig
JDownloader 0.9	AppWork GmbH	07.07.2012		0.9 notwendig
Kontrola Windows Live Mesh ActiveX za daljinske veze	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
Launch Manager	Acer Inc.	25.02.2012		6.0.5 notwendig (nehme ich an)
LingoPad 2.6 (Build 360)	Lingo4you	07.07.2012	2.6 notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	28.05.2013	19,2 MB	1.75.0.1300 notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	09.07.2012	38,8 MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	09.07.2012	2,93 MB	4.0.30319 unbekannt
Microsoft Office 2010	Microsoft Corporation	25.02.2012	6,31 MB	14.0.4763.1000 notwendig
Microsoft Office Enterprise 2007	Microsoft Corporation	10.07.2012		12.0.6612.1000 notwendig
Microsoft Silverlight	Microsoft Corporation	14.03.2013	50,6 MB	5.1.20125.0 notwendig (nehme ich an)
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	08.07.2012	1,69 MB	3.1.0000 notwendig (nehme ich an)
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	08.07.2012	300 KB	8.0.56336 notwendig (nehme ich an)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	10.01.2012	596 KB	9.0.30729 notwendig (nehme ich an)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	08.07.2012	600 KB	9.0.30729.6161 notwendig (nehme ich an)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	08.07.2012	16,5 MB	10.0.40219 notwendig (nehme ich an)
MiKTeX 2.9	MiKTeX.org	11.01.2013		2.9 notwendig
Mozilla Firefox 21.0 (x86 de)	Mozilla	22.05.2013	44,8 MB	21.0 notwendig
Mozilla Maintenance Service	Mozilla	22.05.2013	333 KB	21.0 notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	08.07.2012	1,27 MB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	08.07.2012	1,33 MB	4.20.9876.0 unbekannt
Nero 8 Lite 8.3.2.1	Updatepack.nl	07.07.2012		8.3.2.1 notwendig
newsXpresso	esobi Inc.	10.01.2012	7,34 MB	1.0.0.40 unbekannt
NTI Media Maker 9	NTI Corporation	25.02.2012	1,60 GB	9.0.2.8942 unbekannt
NVIDIA PhysX	NVIDIA Corporation	04.05.2013	119 MB	9.09.0203 unbekannt
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení	Microsoft Corporation	08.07.2012	5,57 MB	15.4.5722.2 unbekannt
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
Pazera Free MP4 to AVI Converter 1.6	Pazera Jacek	24.11.2012	6,76 MB	1.6 unnötig
PDFCreator	Frank Heindörfer, Philip Chinery	07.07.2012		1.4.2 notwendig
QuickTime	Apple Computer, Inc.	12.07.2012	61,4 MB	7.0.3 notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	25.02.2012		6.0.1.6392 notwendig
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	10.01.2012		6.1.7600.30127 notwendig
Risen	Deep Silver	04.05.2013		1.00.0000 notwendig
Skype™ 6.2	Skype Technologies S.A.	08.03.2013	20,2 MB	6.2.106 notwendig
Spybot - Search & Destroy	Safer Networking Limited	07.07.2012		1.6.2 notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	25.02.2012	46,4 MB	15.2.17.5 unbekannt
TEW2005		19.03.2013 notwendig		
Texmaker		11.01.2013 notwendig		
Ulead VideoStudio 10	Ulead Systems	12.07.2012		10.0 notwendig
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
VLC media player 2.0.2	VideoLAN	07.07.2012		2.0.2 notwendig
WaveLab 6	Steinberg	18.08.2012		6.1.0.340 notwendig
Welcome Center	Acer Incorporated	25.02.2012		1.02.3505 notwendig
Windows Live Essentials	Microsoft Corporation	08.07.2012		15.4.3555.0308 unbekannt
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	08.07.2012	5,57 MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX-objekt til fjernforbindelser	Microsoft Corporation	08.07.2012	5,57 MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz	Microsoft Corporation	08.07.2012	5,38 MB	15.4.5722.2 unbekannt
Windows Live Meshin etäyhteyksien ActiveX-komponentti	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
Windows Media Player Firefox Plugin	Microsoft Corp	07.08.2012	296 KB	1.0.0.8 notwendig
WinRAR 4.20 (64-Bit)	win.rar GmbH	07.07.2012		4.20.0 notwenig
Xvid Video Codec	Xvid Team	12.07.2012		1.3.2 notwendig
Zattoo4 4.0.5	Zattoo Inc.	09.12.2012		4.0.5 notwendig
µTorrent		07.07.2012		3.2.0 notwendig
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις	Microsoft Corporation	08.07.2012	5,57 MB	15.4.5722.2 unbekannt
Элемент управления Windows Live Mesh ActiveX для удаленных подключений	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة	Microsoft Corporation	08.07.2012	5,57 MB	15.4.5722.2 unbekannt
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)	Microsoft Corporation	08.07.2012	5,37 MB	15.4.5722.2 unbekannt
適用遠端連線的 Windows Live Mesh ActiveX 控制項	Microsoft Corporation	08.07.2012	5,56 MB	15.4.5722.2 unbekannt
         

Alt 28.05.2013, 17:21   #10
markusg
/// Malware-holic
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



bdeinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Bing
Control ActiveX : alle
Controle : beide
Controlo
Corel
eMule :
1. ist viel Zeug was man dort bekommt illegal, wer erwischt wird muss mit hohen Kosten rechnen.
2. Programme dort enthalten häufig Schadsoftware.

Deinstaliere:
Evernote
Formant
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Kontrola
Kontrolnik
Ovládací : alle
Pazera
Spybot : kann weg, ist nicht sinnvoll
Uzak
Windows Live : alle für dich unnötigen
µTorrent : selbe wie bei emule

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 18:01   #11
vtopy
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Wow, ich bin wirklich sehr beeindruckt, Ihr habt es hier echt raus!

Eine kurze Zwischenfrage: Du schreibst, ich soll von Windows Live alle für mich Unnötigen deinstallieren. Nun habe ich all diese Windows Live Mash Anwendungen bewusst noch nie benutzt, schon gar nicht die, mit den fremdsprachigen oder orientalischen Zeichen im Namen.
Wie ich im Netz gelesen habe, handelt es sich dabei ja um ein Programm, das in irgend einer Weise zum Sychronisieren von Einstellungen verwendet wird. Wie gesagt, habe ich das nie genutzt und wüsste auch nicht, wozu ich das bräuchte. Kann ich also all diese Live-Mesh-Teile deinstallieren, oder haben die irgend eine andere wichtige Funktion?

Alt 28.05.2013, 18:15   #12
markusg
/// Malware-holic
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Nö, hau weg. so lange du zb kein Windows live mail nutzt ist das alles unnötig
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 18:21   #13
vtopy
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Aha! Doch, Windows Live Mail nutze ich. Das hängt also mit diesem Live-Mesh zusammen? Dann sollte ich es lieber drauflassen?

Alt 28.05.2013, 18:23   #14
markusg
/// Malware-holic
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



na die mit den ausländischen Bezeichnungen können weg der Rest bleibt.
wenn dir das zu unsicher ist, lässt halt alle
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 18:39   #15
vtopy
 
Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Standard

Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"



Okay, AdwCleaner hat sein Werk getan.
Die Logfile:

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 28/05/2013 um 19:30:16 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - SCHREIBMASCHINE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ncbypbyq.default\prefs.js

Gelöscht : user_pref("extensions.50e586cd24d8b.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

*************************

AdwCleaner[S1].txt - [1313 octets] - [28/05/2013 19:30:16]

########## EOF - C:\AdwCleaner[S1].txt - [1373 octets] ##########
         

Antwort

Themen zu Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
antivir, autorun, avira, bildschirm, bingbar, browser, fehler, firefox, flash player, gesellschaft zur verfügung von urheberrechtsverletzungen, home, install.exe, installation, laufwerk c, launch, logfile, mozilla, realtek, registry, richtlinie, savefrom.net, scan, security, siteadvisor, software, svchost.exe, trojaner, version., windows



Ähnliche Themen: Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"


  1. Gesellschaft zur Verfügung von Urheberrechtsverletzungen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (22)
  2. Win7 32Bit: Gesellschaft zur Verfügung von Urheberrechtsverletzungen
    Log-Analyse und Auswertung - 07.01.2015 (13)
  3. Gesellschaft zur verfügung von urheberrechtsverletzungen
    Smartphone, Tablet & Handy Security - 20.12.2014 (2)
  4. WIN7x64: "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Abgesicherter Modus nicht möglich - bereits einiges versucht
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (3)
  5. Trojaner Schirm "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Windows 7
    Log-Analyse und Auswertung - 16.11.2013 (1)
  6. Windows 8: "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (17)
  7. virus gesellschaft zur verfügung von urheberrechtsverletzungen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (10)
  8. "Gesellschaft Zur Verfügung Von Urheberrechtsverletzungen Virus" Logfile mit FSRT erstellt
    Log-Analyse und Auswertung - 06.09.2013 (13)
  9. Virus? "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V."
    Plagegeister aller Art und deren Bekämpfung - 03.09.2013 (16)
  10. "Gesellschaft zur verfügung von urheberrechtsverletzungen" - kein abgesicherter modus möglich
    Plagegeister aller Art und deren Bekämpfung - 03.08.2013 (21)
  11. Malware "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
    Log-Analyse und Auswertung - 25.07.2013 (21)
  12. "gesellschaft zur Verfügung von Urheberrechtsverletzungen" kein abgesicherter modus möglich
    Log-Analyse und Auswertung - 23.07.2013 (19)
  13. Malware "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
    Log-Analyse und Auswertung - 22.07.2013 (13)
  14. Trojaner: Gesellschaft zur Verfügung von Urheberrechtsverletzungen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2013 (18)
  15. Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzung"
    Log-Analyse und Auswertung - 12.07.2013 (5)
  16. "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - kein Zugriff auf Rechner möglich
    Log-Analyse und Auswertung - 02.07.2013 (15)
  17. Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (12)

Zum Thema Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" - Verehrte Meister des Trojanerboards - mein Laptop hat sich den bekannten Bundestrojaner geholt - plötzlich wurde der Bildschirm weiß, es tauchte die Grafik der angeblichen Polizeibehörden auf, inklusive Zahlungsaufforderung und - Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"...
Archiv
Du betrachtest: Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.