| |
| |||||||
Log-Analyse und Auswertung: variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.05.2013, 17:16
| #1 |
| |  variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Hallo, Ich bin neu hier im Forum und möchte euch um Hilfe bitten. Nachem ich heute den ganzen Tag damit beschäftigt war das Landespolizeidirection-Virus zu entfernen, hat ESET im Abschluss-scan noch folgendes gefunden: "a variant of Java/Exploit.CVE-2013-2423.Q trojan" Muss ich mir sorgen machen? Hab hier im Board und bei Google kaum etwas zum thema gefunden. Wer kann mir freundlicherweise helfen? Anbei meine Logs |
|
05.05.2013, 00:26
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Wer bitte hat dich angewiesen Combofix auszuführen? Wenn du über CF stolperst hättest du auch lesen müssen, dass das nicht ohne Anweisung eines Helfers ausgeführt werden sollte. Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.05.2013, 10:15
| #3 |
| | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Hallo Cosinus,
__________________Danke für deine schnelle Antwort. CF hab ich wohl aus meiner Unwissenheit heraus und als ultima ratio versucht ;-) Hier nochmal die scan logs mit AVIRA (habe vermutlich auch hier den fehler gemacht die funde zu "löschen" ) und Anti Malware Vielen Dank! Code:
ATTFilter 04.05.2013 13:03 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\lacco\Desktop\googleSD\alt bis
2011\download\org.underdev.penetrate-1.apk'
enthielt einen Virus oder unerwünschtes Programm 'ANDROID/PenetratA.A.31'
[virus].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
04.05.2013 13:03 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\lacco\Desktop\googleSD\alt bis 2011\download\penetrate PRO
2.11.1.apk'
enthielt einen Virus oder unerwünschtes Programm 'ANDROID/PenetratA.A.19'
[virus].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
04.05.2013 13:03 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\lacco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\752030f7-71106
40a'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Jogek.ZN' [virus].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
04.05.2013 13:03 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\lacco\Desktop\googleSD\JellyBelly_HD2_v1.0.1.zip'
enthielt einen Virus oder unerwünschtes Programm 'ANDROID/JSmsHider.A.25'
[virus].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 4. Mai 2013 11:14
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : lacco
Computername : LACCO-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3640 Bytes 18.04.2013 13:29:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 02.05.2013 09:43:48
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.1262 65080 Bytes 02.05.2013 09:44:18
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 02.05.2013 09:43:49
AVREG.DLL : 13.6.0.1262 247864 Bytes 02.05.2013 09:43:46
avlode.dll : 13.6.2.1262 432184 Bytes 02.05.2013 09:43:46
avlode.rdf : 13.0.0.46 15591 Bytes 30.03.2013 21:09:37
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:41:49
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 16:25:45
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 16:25:45
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 16:25:45
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 16:25:45
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 16:25:45
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 16:25:45
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 16:25:45
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 16:25:45
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 16:25:45
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 16:25:45
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 16:25:45
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 16:25:45
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 16:25:45
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 09:43:37
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 08:20:25
VBASE016.VDF : 7.11.75.184 2048 Bytes 03.05.2013 08:20:25
VBASE017.VDF : 7.11.75.185 2048 Bytes 03.05.2013 08:20:25
VBASE018.VDF : 7.11.75.186 2048 Bytes 03.05.2013 08:20:25
VBASE019.VDF : 7.11.75.187 2048 Bytes 03.05.2013 08:20:25
VBASE020.VDF : 7.11.75.188 2048 Bytes 03.05.2013 08:20:25
VBASE021.VDF : 7.11.75.189 2048 Bytes 03.05.2013 08:20:25
VBASE022.VDF : 7.11.75.190 2048 Bytes 03.05.2013 08:20:25
VBASE023.VDF : 7.11.75.191 2048 Bytes 03.05.2013 08:20:25
VBASE024.VDF : 7.11.75.192 2048 Bytes 03.05.2013 08:20:25
VBASE025.VDF : 7.11.75.193 2048 Bytes 03.05.2013 08:20:25
VBASE026.VDF : 7.11.75.194 2048 Bytes 03.05.2013 08:20:25
VBASE027.VDF : 7.11.75.195 2048 Bytes 03.05.2013 08:20:25
VBASE028.VDF : 7.11.75.196 2048 Bytes 03.05.2013 08:20:25
VBASE029.VDF : 7.11.75.197 2048 Bytes 03.05.2013 08:20:25
VBASE030.VDF : 7.11.75.198 2048 Bytes 03.05.2013 08:20:25
VBASE031.VDF : 7.11.76.4 143872 Bytes 04.05.2013 09:12:57
Engineversion : 8.2.12.34
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.110 483709 Bytes 04.05.2013 08:20:33
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 21:23:32
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 18.01.2013 21:17:17
AEPACK.DLL : 8.3.2.6 827767 Bytes 30.03.2013 21:07:53
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 13:39:22
AEHEUR.DLL : 8.1.4.336 5898617 Bytes 04.05.2013 08:20:32
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.7.2 442741 Bytes 26.03.2013 21:23:30
AEEXP.DLL : 8.4.0.26 201078 Bytes 04.05.2013 08:20:33
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 14:10:37
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 19:07:11
AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 19:07:22
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 17:30:34
AVARKT.DLL : 13.6.0.1262 258104 Bytes 02.05.2013 09:43:38
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 02.05.2013 09:43:44
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 19:07:26
NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 19:08:02
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.976 69344 Bytes 30.03.2013 21:07:07
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 4. Mai 2013 11:14
Der Suchlauf über die Masterbootsektoren wird begonnen:
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '155' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMutilps32.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'AudioDevMon.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'RIconMan.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'NIHardwareService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '186' Modul(e) wurden durchsucht
Durchsuche Prozess 'WTGService.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'iFrmewrk.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess '3DataManager_Launcher.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'clear.fiAgent.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMREngine.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'pcee4.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'clear.fiMovieService.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNQMMAIN.EXE' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'MMDx64Fx.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNQMUPDT.EXE' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDTray.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDFSSvc.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWSCSvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdSvc.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDScan.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2169' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
C:\Users\lacco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TG012E0Z\dotNetFx40_Full_x86_x64[1].exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\lacco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\752030f7-7110640a
[0] Archivtyp: ZIP
--> codehex.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.YI
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> d.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.HLP.A.1276
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> hw.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.axk
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Impossible.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.bcx
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MakeNew.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.YL
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MakeNew2.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.bcw
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MakeNew3.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.ZT
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MakeNew4.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.bcy
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MakeNew5.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.ZU
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MakeNew6.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.YK
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> RunnerGood.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.HLP.A.1197
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tt.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.YM
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> ttt.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.ZN
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\lacco\Desktop\googleSD\JellyBelly_HD2_v1.0.1.zip
[0] Archivtyp: ZIP
--> system/app/AC!D.apk
[1] Archivtyp: ZIP
--> classes.dex
[FUND] Enthält Code des ANDROID/JSmsHider.A.25-Virus
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\lacco\Desktop\googleSD\alt bis 2011\download\org.underdev.penetrate-1.apk
[0] Archivtyp: ZIP
--> classes.dex
[FUND] Enthält Code des ANDROID/PenetratA.A.31-Virus
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\lacco\Desktop\googleSD\alt bis 2011\download\penetrate PRO 2.11.1.apk
[0] Archivtyp: ZIP
--> classes.dex
[FUND] Enthält Code des ANDROID/PenetratA.A.19-Virus
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Desinfektion:
C:\Users\lacco\Desktop\googleSD\alt bis 2011\download\penetrate PRO 2.11.1.apk
[FUND] Enthält Code des ANDROID/PenetratA.A.19-Virus
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\lacco\Desktop\googleSD\alt bis 2011\download\org.underdev.penetrate-1.apk
[FUND] Enthält Code des ANDROID/PenetratA.A.31-Virus
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\lacco\Desktop\googleSD\JellyBelly_HD2_v1.0.1.zip
[FUND] Enthält Code des ANDROID/JSmsHider.A.25-Virus
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\lacco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\752030f7-7110640a
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.ZN
[HINWEIS] Die Datei wurde gelöscht.
Ende des Suchlaufs: Samstag, 4. Mai 2013 13:03
Benötigte Zeit: 1:47:57 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
29990 Verzeichnisse wurden überprüft
972882 Dateien wurden geprüft
16 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
4 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
972866 Dateien ohne Befall
13806 Archive wurden durchsucht
17 Warnungen
5 Hinweise
795660 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.04.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 lacco :: LACCO-PC [Administrator] 04.05.2013 15:11:57 mbam-log-2013-05-04 (15-11-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 406203 Laufzeit: 39 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
06.05.2013, 08:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.05.2013, 20:31
| #5 |
| | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Hallo, meine antwort hat jetzt etwas auf sich warten lassen, weil aswMBR immer mit einem Blue Screen abgestürzt ist. im Abgesichtern modus hats allerdings geplappt. Anbei meine logs in entsprechender reihenfolge. schöne grüße und vielen Dank! Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.06.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
lacco :: LACCO-PC [administrator]
06.05.2013 22:53:17
mbar-log-2013-05-06 (22-53-17).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 33042
Time elapsed: 23 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 20:54:48
-----------------------------
20:54:48.828 OS Version: Windows x64 6.1.7601 Service Pack 1
20:54:48.828 Number of processors: 4 586 0x2A07
20:54:48.828 ComputerName: LACCO-PC UserName: lacco
20:54:50.091 Initialize success
20:55:04.428 AVAST engine defs: 13050700
20:55:08.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:55:08.952 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
20:55:09.077 Disk 0 MBR read successfully
20:55:09.077 Disk 0 MBR scan
20:55:09.077 Disk 0 Windows 7 default MBR code
20:55:09.108 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
20:55:09.123 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
20:55:09.139 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 696870 MB offset 37955584
20:55:09.155 Disk 0 scanning C:\Windows\system32\drivers
20:55:19.809 Service scanning
20:55:48.670 Modules scanning
20:55:48.670 Disk 0 trace - called modules:
20:55:48.685 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:55:48.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800754b060]
20:55:48.685 3 CLASSPNP.SYS[fffff880019a843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8005081050]
20:56:12.148 AVAST engine scan C:\Windows
20:56:28.699 AVAST engine scan C:\Windows\system32
20:59:09.130 AVAST engine scan C:\Windows\system32\drivers
20:59:22.624 AVAST engine scan C:\Users\lacco
21:20:49.127 AVAST engine scan C:\ProgramData
21:22:46.658 Scan finished successfully
21:23:08.498 Disk 0 MBR has been saved successfully to "C:\Users\lacco\Desktop\MBR.dat"
21:23:08.513 The log file has been saved successfully to "C:\Users\lacco\Desktop\aswMBR.txt"
Code:
ATTFilter 18:37:07.0257 5144 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:37:07.0527 5144 ============================================================
18:37:07.0527 5144 Current date / time: 2013/05/07 18:37:07.0527
18:37:07.0527 5144 SystemInfo:
18:37:07.0527 5144
18:37:07.0527 5144 OS Version: 6.1.7601 ServicePack: 1.0
18:37:07.0527 5144 Product type: Workstation
18:37:07.0527 5144 ComputerName: LACCO-PC
18:37:07.0527 5144 UserName: lacco
18:37:07.0527 5144 Windows directory: C:\Windows
18:37:07.0527 5144 System windows directory: C:\Windows
18:37:07.0527 5144 Running under WOW64
18:37:07.0527 5144 Processor architecture: Intel x64
18:37:07.0527 5144 Number of processors: 4
18:37:07.0527 5144 Page size: 0x1000
18:37:07.0527 5144 Boot type: Normal boot
18:37:07.0527 5144 ============================================================
18:37:08.0257 5144 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:37:08.0277 5144 ============================================================
18:37:08.0277 5144 \Device\Harddisk0\DR0:
18:37:08.0277 5144 MBR partitions:
18:37:08.0277 5144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
18:37:08.0277 5144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x55113000
18:37:08.0277 5144 ============================================================
18:37:08.0317 5144 C: <-> \Device\Harddisk0\DR0\Partition2
18:37:08.0317 5144 ============================================================
18:37:08.0317 5144 Initialize success
18:37:08.0317 5144 ============================================================
18:37:43.0816 5200 ============================================================
18:37:43.0816 5200 Scan started
18:37:43.0816 5200 Mode: Manual; SigCheck; TDLFS;
18:37:43.0816 5200 ============================================================
18:37:43.0966 5200 ================ Scan system memory ========================
18:37:43.0966 5200 System memory - ok
18:37:43.0966 5200 ================ Scan services =============================
18:37:44.0106 5200 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:37:44.0186 5200 1394ohci - ok
18:37:44.0226 5200 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:37:44.0236 5200 ACPI - ok
18:37:44.0256 5200 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:37:44.0306 5200 AcpiPmi - ok
18:37:44.0316 5200 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:37:44.0336 5200 adp94xx - ok
18:37:44.0386 5200 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:37:44.0416 5200 adpahci - ok
18:37:44.0436 5200 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:37:44.0446 5200 adpu320 - ok
18:37:44.0466 5200 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:37:44.0526 5200 AeLookupSvc - ok
18:37:44.0546 5200 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:37:44.0566 5200 AFD - ok
18:37:44.0576 5200 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:37:44.0586 5200 agp440 - ok
18:37:44.0606 5200 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:37:44.0676 5200 ALG - ok
18:37:44.0686 5200 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:37:44.0696 5200 aliide - ok
18:37:44.0696 5200 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:37:44.0706 5200 amdide - ok
18:37:44.0716 5200 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:37:44.0746 5200 AmdK8 - ok
18:37:44.0756 5200 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:37:44.0776 5200 AmdPPM - ok
18:37:44.0826 5200 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:37:44.0846 5200 amdsata - ok
18:37:44.0866 5200 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:37:44.0876 5200 amdsbs - ok
18:37:44.0896 5200 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:37:44.0906 5200 amdxata - ok
18:37:44.0976 5200 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:37:45.0016 5200 AntiVirSchedulerService - ok
18:37:45.0046 5200 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:37:45.0066 5200 AntiVirService - ok
18:37:45.0086 5200 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:37:45.0126 5200 AppID - ok
18:37:45.0146 5200 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:37:45.0196 5200 AppIDSvc - ok
18:37:45.0206 5200 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:37:45.0246 5200 Appinfo - ok
18:37:45.0326 5200 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:37:45.0366 5200 Apple Mobile Device - ok
18:37:45.0396 5200 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:37:45.0416 5200 arc - ok
18:37:45.0416 5200 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:37:45.0426 5200 arcsas - ok
18:37:45.0496 5200 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:37:45.0526 5200 aspnet_state - ok
18:37:45.0546 5200 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:37:45.0626 5200 AsyncMac - ok
18:37:45.0636 5200 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:37:45.0646 5200 atapi - ok
18:37:45.0726 5200 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:37:45.0816 5200 athr - ok
18:37:45.0866 5200 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:37:45.0966 5200 AudioEndpointBuilder - ok
18:37:45.0996 5200 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:37:46.0026 5200 AudioSrv - ok
18:37:46.0056 5200 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:37:46.0066 5200 avgntflt - ok
18:37:46.0096 5200 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:37:46.0126 5200 avipbb - ok
18:37:46.0146 5200 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:37:46.0156 5200 avkmgr - ok
18:37:46.0186 5200 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:37:46.0216 5200 AxInstSV - ok
18:37:46.0246 5200 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:37:46.0286 5200 b06bdrv - ok
18:37:46.0306 5200 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:37:46.0336 5200 b57nd60a - ok
18:37:46.0386 5200 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:37:46.0426 5200 BBSvc - ok
18:37:46.0456 5200 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:37:46.0476 5200 BBUpdate - ok
18:37:46.0496 5200 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:37:46.0516 5200 BDESVC - ok
18:37:46.0536 5200 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:37:46.0596 5200 Beep - ok
18:37:46.0616 5200 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:37:46.0666 5200 BFE - ok
18:37:46.0736 5200 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:37:46.0826 5200 BITS - ok
18:37:46.0866 5200 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:37:46.0906 5200 blbdrive - ok
18:37:46.0996 5200 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:37:47.0036 5200 Bonjour Service - ok
18:37:47.0046 5200 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:37:47.0066 5200 bowser - ok
18:37:47.0076 5200 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:37:47.0096 5200 BrFiltLo - ok
18:37:47.0116 5200 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:37:47.0126 5200 BrFiltUp - ok
18:37:47.0126 5200 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:37:47.0156 5200 BridgeMP - ok
18:37:47.0206 5200 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:37:47.0226 5200 Browser - ok
18:37:47.0256 5200 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:37:47.0296 5200 Brserid - ok
18:37:47.0306 5200 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:37:47.0316 5200 BrSerWdm - ok
18:37:47.0326 5200 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:37:47.0336 5200 BrUsbMdm - ok
18:37:47.0346 5200 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:37:47.0356 5200 BrUsbSer - ok
18:37:47.0386 5200 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:37:47.0446 5200 BthEnum - ok
18:37:47.0446 5200 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:37:47.0476 5200 BTHMODEM - ok
18:37:47.0506 5200 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:37:47.0526 5200 BthPan - ok
18:37:47.0546 5200 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:37:47.0586 5200 BTHPORT - ok
18:37:47.0616 5200 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:37:47.0646 5200 bthserv - ok
18:37:47.0656 5200 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:37:47.0676 5200 BTHUSB - ok
18:37:47.0706 5200 [ 9DE56FA4533E485AE5409D3C11747143 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
18:37:47.0716 5200 BTWAMPFL - ok
18:37:47.0736 5200 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:37:47.0746 5200 btwaudio - ok
18:37:47.0756 5200 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
18:37:47.0766 5200 btwavdt - ok
18:37:47.0826 5200 [ 5B6B009D4F4449E77264AFD6DAD185E0 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:37:47.0866 5200 btwdins - ok
18:37:47.0886 5200 [ E8D2BCD080EA91E74775B9F5EA051F97 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
18:37:47.0886 5200 btwl2cap - ok
18:37:47.0906 5200 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:37:47.0916 5200 btwrchid - ok
18:37:47.0936 5200 catchme - ok
18:37:47.0956 5200 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:37:47.0996 5200 cdfs - ok
18:37:48.0006 5200 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:37:48.0016 5200 cdrom - ok
18:37:48.0056 5200 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:37:48.0126 5200 CertPropSvc - ok
18:37:48.0136 5200 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:37:48.0156 5200 circlass - ok
18:37:48.0166 5200 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:37:48.0186 5200 CLFS - ok
18:37:48.0236 5200 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:37:48.0276 5200 clr_optimization_v2.0.50727_32 - ok
18:37:48.0317 5200 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:37:48.0337 5200 clr_optimization_v2.0.50727_64 - ok
18:37:48.0387 5200 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:37:48.0417 5200 clr_optimization_v4.0.30319_32 - ok
18:37:48.0427 5200 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:37:48.0437 5200 clr_optimization_v4.0.30319_64 - ok
18:37:48.0467 5200 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:37:48.0487 5200 CmBatt - ok
18:37:48.0497 5200 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:37:48.0507 5200 cmdide - ok
18:37:48.0537 5200 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:37:48.0567 5200 CNG - ok
18:37:48.0627 5200 [ 87FF942B1954F31AD09028BCCC9DCCA2 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:37:48.0717 5200 CnxtHdAudService - ok
18:37:48.0737 5200 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:37:48.0747 5200 Compbatt - ok
18:37:48.0767 5200 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:37:48.0787 5200 CompositeBus - ok
18:37:48.0787 5200 COMSysApp - ok
18:37:48.0807 5200 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:37:48.0817 5200 crcdisk - ok
18:37:48.0867 5200 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:37:48.0927 5200 CryptSvc - ok
18:37:48.0967 5200 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
18:37:48.0987 5200 CxAudMsg - ok
18:37:49.0037 5200 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:37:49.0097 5200 DcomLaunch - ok
18:37:49.0127 5200 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:37:49.0167 5200 defragsvc - ok
18:37:49.0197 5200 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:37:49.0237 5200 DfsC - ok
18:37:49.0267 5200 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:37:49.0327 5200 Dhcp - ok
18:37:49.0347 5200 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:37:49.0387 5200 discache - ok
18:37:49.0407 5200 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:37:49.0407 5200 Disk - ok
18:37:49.0427 5200 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:37:49.0487 5200 Dnscache - ok
18:37:49.0507 5200 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:37:49.0567 5200 dot3svc - ok
18:37:49.0567 5200 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:37:49.0607 5200 DPS - ok
18:37:49.0627 5200 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:37:49.0657 5200 drmkaud - ok
18:37:49.0707 5200 [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:37:49.0727 5200 DsiWMIService - ok
18:37:49.0767 5200 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:37:49.0797 5200 dtsoftbus01 - ok
18:37:49.0827 5200 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:37:49.0857 5200 DXGKrnl - ok
18:37:49.0897 5200 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:37:49.0967 5200 EapHost - ok
18:37:50.0067 5200 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:37:50.0197 5200 ebdrv - ok
18:37:50.0237 5200 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:37:50.0297 5200 EFS - ok
18:37:50.0358 5200 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:37:50.0478 5200 ehRecvr - ok
18:37:50.0498 5200 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:37:50.0508 5200 ehSched - ok
18:37:50.0538 5200 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:37:50.0558 5200 elxstor - ok
18:37:50.0618 5200 [ FBD1E925964E3EDA858DA89F77B2E796 ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
18:37:50.0648 5200 ePowerSvc - ok
18:37:50.0668 5200 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:37:50.0678 5200 ErrDev - ok
18:37:50.0698 5200 [ DBAA0C650C9549DC5C599D1E81DEDAAD ] ETD C:\Windows\system32\DRIVERS\ETD.sys
18:37:50.0718 5200 ETD - ok
18:37:50.0748 5200 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:37:50.0798 5200 EventSystem - ok
18:37:50.0888 5200 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:37:50.0988 5200 EvtEng - ok
18:37:51.0038 5200 [ D83EB7ADE99D99A4CD6568AC1261D35E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
18:37:51.0078 5200 ewusbnet - ok
18:37:51.0108 5200 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
18:37:51.0168 5200 ew_hwusbdev - ok
18:37:51.0178 5200 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:37:51.0218 5200 exfat - ok
18:37:51.0248 5200 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:37:51.0288 5200 fastfat - ok
18:37:51.0378 5200 [ 3AD4E9A29B2126ED6CA20A386B79AA97 ] FastTrackC400AudioDevMon C:\Program Files (x86)\M-Audio\Fast Track C400\AudioDevMon.exe
18:37:51.0448 5200 FastTrackC400AudioDevMon - ok
18:37:51.0488 5200 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:37:51.0528 5200 Fax - ok
18:37:51.0538 5200 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:37:51.0548 5200 fdc - ok
18:37:51.0568 5200 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:37:51.0588 5200 fdPHost - ok
18:37:51.0608 5200 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:37:51.0628 5200 FDResPub - ok
18:37:51.0658 5200 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:37:51.0668 5200 FileInfo - ok
18:37:51.0678 5200 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:37:51.0748 5200 Filetrace - ok
18:37:51.0808 5200 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:37:51.0858 5200 FLEXnet Licensing Service - ok
18:37:51.0888 5200 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:37:51.0908 5200 flpydisk - ok
18:37:51.0928 5200 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:37:51.0938 5200 FltMgr - ok
18:37:51.0978 5200 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:37:52.0028 5200 FontCache - ok
18:37:52.0068 5200 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:37:52.0078 5200 FontCache3.0.0.0 - ok
18:37:52.0098 5200 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:37:52.0098 5200 FsDepends - ok
18:37:52.0128 5200 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:37:52.0128 5200 Fs_Rec - ok
18:37:52.0158 5200 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:37:52.0168 5200 fvevol - ok
18:37:52.0178 5200 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:37:52.0188 5200 gagp30kx - ok
18:37:52.0248 5200 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:37:52.0288 5200 GamesAppService - ok
18:37:52.0353 5200 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:37:52.0384 5200 GEARAspiWDM - ok
18:37:52.0416 5200 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:37:52.0494 5200 gpsvc - ok
18:37:52.0556 5200 [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:37:52.0587 5200 GREGService - ok
18:37:52.0650 5200 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:37:52.0681 5200 gupdate - ok
18:37:52.0712 5200 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:37:52.0728 5200 gupdatem - ok
18:37:52.0743 5200 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:37:52.0774 5200 hcw85cir - ok
18:37:52.0806 5200 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:37:52.0837 5200 HdAudAddService - ok
18:37:52.0852 5200 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:37:52.0884 5200 HDAudBus - ok
18:37:52.0884 5200 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:37:52.0899 5200 HidBatt - ok
18:37:52.0915 5200 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:37:52.0930 5200 HidBth - ok
18:37:52.0946 5200 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:37:52.0962 5200 HidIr - ok
18:37:52.0977 5200 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:37:53.0008 5200 hidserv - ok
18:37:53.0040 5200 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:37:53.0040 5200 HidUsb - ok
18:37:53.0055 5200 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:37:53.0102 5200 hkmsvc - ok
18:37:53.0102 5200 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:37:53.0133 5200 HomeGroupListener - ok
18:37:53.0180 5200 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:37:53.0196 5200 HomeGroupProvider - ok
18:37:53.0211 5200 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:37:53.0211 5200 HpSAMD - ok
18:37:53.0242 5200 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:37:53.0289 5200 HTTP - ok
18:37:53.0320 5200 [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:37:53.0352 5200 hwdatacard - ok
18:37:53.0383 5200 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:37:53.0398 5200 hwpolicy - ok
18:37:53.0414 5200 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:37:53.0430 5200 i8042prt - ok
18:37:53.0461 5200 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
18:37:53.0461 5200 iaStor - ok
18:37:53.0523 5200 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:37:53.0539 5200 IAStorDataMgrSvc - ok
18:37:53.0570 5200 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:37:53.0601 5200 iaStorV - ok
18:37:53.0695 5200 [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
18:37:53.0773 5200 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
18:37:53.0773 5200 IconMan_R - detected UnsignedFile.Multi.Generic (1)
18:37:53.0820 5200 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:37:53.0866 5200 idsvc - ok
18:37:54.0147 5200 [ A47D902F5C0C43DCF5EE2CAE02BF39A8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:37:54.0537 5200 igfx - ok
18:37:54.0584 5200 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:37:54.0584 5200 iirsp - ok
18:37:54.0615 5200 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:37:54.0709 5200 IKEEXT - ok
18:37:54.0724 5200 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
18:37:54.0724 5200 intaud_WaveExtensible - ok
18:37:54.0756 5200 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:37:54.0771 5200 IntcDAud - ok
18:37:54.0771 5200 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:37:54.0787 5200 intelide - ok
18:37:54.0802 5200 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:37:54.0818 5200 intelppm - ok
18:37:54.0834 5200 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:37:54.0880 5200 IPBusEnum - ok
18:37:54.0896 5200 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:37:54.0912 5200 IpFilterDriver - ok
18:37:54.0943 5200 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:37:54.0974 5200 iphlpsvc - ok
18:37:54.0990 5200 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:37:55.0005 5200 IPMIDRV - ok
18:37:55.0021 5200 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:37:55.0052 5200 IPNAT - ok
18:37:55.0099 5200 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:37:55.0130 5200 iPod Service - ok
18:37:55.0130 5200 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:37:55.0146 5200 IRENUM - ok
18:37:55.0161 5200 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:37:55.0161 5200 isapnp - ok
18:37:55.0177 5200 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:37:55.0192 5200 iScsiPrt - ok
18:37:55.0224 5200 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
18:37:55.0224 5200 iwdbus - ok
18:37:55.0239 5200 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:37:55.0239 5200 kbdclass - ok
18:37:55.0255 5200 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:37:55.0270 5200 kbdhid - ok
18:37:55.0286 5200 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:37:55.0286 5200 KeyIso - ok
18:37:55.0317 5200 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:37:55.0317 5200 KSecDD - ok
18:37:55.0348 5200 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:37:55.0348 5200 KSecPkg - ok
18:37:55.0364 5200 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:37:55.0411 5200 ksthunk - ok
18:37:55.0426 5200 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:37:55.0473 5200 KtmRm - ok
18:37:55.0504 5200 [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:37:55.0504 5200 L1C - ok
18:37:55.0536 5200 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:37:55.0645 5200 LanmanServer - ok
18:37:55.0676 5200 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:37:55.0770 5200 LanmanWorkstation - ok
18:37:55.0811 5200 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:37:55.0842 5200 lltdio - ok
18:37:55.0873 5200 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:37:55.0920 5200 lltdsvc - ok
18:37:55.0936 5200 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:37:55.0982 5200 lmhosts - ok
18:37:56.0014 5200 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:37:56.0029 5200 LMS - ok
18:37:56.0060 5200 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:37:56.0076 5200 LSI_FC - ok
18:37:56.0107 5200 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:37:56.0107 5200 LSI_SAS - ok
18:37:56.0123 5200 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:37:56.0138 5200 LSI_SAS2 - ok
18:37:56.0138 5200 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:37:56.0138 5200 LSI_SCSI - ok
18:37:56.0154 5200 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:37:56.0201 5200 luafv - ok
18:37:56.0232 5200 McAWFwk - ok
18:37:56.0263 5200 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:37:56.0310 5200 Mcx2Svc - ok
18:37:56.0326 5200 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:37:56.0341 5200 megasas - ok
18:37:56.0357 5200 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:37:56.0372 5200 MegaSR - ok
18:37:56.0404 5200 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
18:37:56.0419 5200 MEIx64 - ok
18:37:56.0419 5200 mfewfpk - ok
18:37:56.0497 5200 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:37:56.0544 5200 Microsoft Office Groove Audit Service - ok
18:37:56.0575 5200 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:37:56.0638 5200 MMCSS - ok
18:37:56.0653 5200 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:37:56.0700 5200 Modem - ok
18:37:56.0731 5200 [ 2517CC10DBC2C00DA3FD223D9531DA56 ] MONEYPENNY C:\Windows\system32\DRIVERS\MAudioFastTrackC400.sys
18:37:56.0747 5200 MONEYPENNY - ok
18:37:56.0762 5200 [ 7536F8BA8F2BEF87A1BD3CA7C8614A26 ] MONEYPENNYDFU C:\Windows\system32\DRIVERS\MAudioFastTrackC400_DFU.sys
18:37:56.0778 5200 MONEYPENNYDFU - ok
18:37:56.0794 5200 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:37:56.0825 5200 monitor - ok
18:37:56.0840 5200 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:37:56.0840 5200 mouclass - ok
18:37:56.0856 5200 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:37:56.0872 5200 mouhid - ok
18:37:56.0887 5200 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:37:56.0887 5200 mountmgr - ok
18:37:56.0950 5200 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:37:56.0965 5200 MozillaMaintenance - ok
18:37:56.0981 5200 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:37:56.0996 5200 mpio - ok
18:37:57.0012 5200 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:37:57.0028 5200 mpsdrv - ok
18:37:57.0074 5200 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:37:57.0121 5200 MpsSvc - ok
18:37:57.0152 5200 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:37:57.0168 5200 MRxDAV - ok
18:37:57.0199 5200 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:37:57.0215 5200 mrxsmb - ok
18:37:57.0246 5200 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:37:57.0293 5200 mrxsmb10 - ok
18:37:57.0324 5200 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:37:57.0340 5200 mrxsmb20 - ok
18:37:57.0355 5200 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:37:57.0371 5200 msahci - ok
18:37:57.0386 5200 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:37:57.0402 5200 msdsm - ok
18:37:57.0418 5200 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:37:57.0449 5200 MSDTC - ok
18:37:57.0464 5200 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:37:57.0496 5200 Msfs - ok
18:37:57.0496 5200 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:37:57.0542 5200 mshidkmdf - ok
18:37:57.0542 5200 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:37:57.0558 5200 msisadrv - ok
18:37:57.0589 5200 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:37:57.0620 5200 MSiSCSI - ok
18:37:57.0620 5200 msiserver - ok
18:37:57.0636 5200 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:37:57.0667 5200 MSKSSRV - ok
18:37:57.0683 5200 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:37:57.0714 5200 MSPCLOCK - ok
18:37:57.0730 5200 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:37:57.0761 5200 MSPQM - ok
18:37:57.0776 5200 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:37:57.0792 5200 MsRPC - ok
18:37:57.0808 5200 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:37:57.0823 5200 mssmbios - ok
18:37:57.0823 5200 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:37:57.0859 5200 MSTEE - ok
18:37:57.0869 5200 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:37:57.0879 5200 MTConfig - ok
18:37:57.0909 5200 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:37:57.0909 5200 Mup - ok
18:37:57.0949 5200 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:37:57.0969 5200 MyWiFiDHCPDNS - ok
18:37:57.0999 5200 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:37:58.0049 5200 napagent - ok
18:37:58.0069 5200 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:37:58.0104 5200 NativeWifiP - ok
18:37:58.0136 5200 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:37:58.0151 5200 NDIS - ok
18:37:58.0167 5200 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:37:58.0198 5200 NdisCap - ok
18:37:58.0214 5200 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:37:58.0245 5200 NdisTapi - ok
18:37:58.0260 5200 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:37:58.0276 5200 Ndisuio - ok
18:37:58.0292 5200 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:37:58.0338 5200 NdisWan - ok
18:37:58.0338 5200 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:37:58.0370 5200 NDProxy - ok
18:37:58.0385 5200 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:37:58.0416 5200 NetBIOS - ok
18:37:58.0432 5200 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:37:58.0463 5200 NetBT - ok
18:37:58.0479 5200 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:37:58.0479 5200 Netlogon - ok
18:37:58.0510 5200 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:37:58.0557 5200 Netman - ok
18:37:58.0588 5200 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:37:58.0604 5200 NetMsmqActivator - ok
18:37:58.0604 5200 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:37:58.0619 5200 NetPipeActivator - ok
18:37:58.0619 5200 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:37:58.0666 5200 netprofm - ok
18:37:58.0666 5200 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:37:58.0682 5200 NetTcpActivator - ok
18:37:58.0682 5200 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:37:58.0697 5200 NetTcpPortSharing - ok
18:37:58.0869 5200 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
18:37:59.0103 5200 NETwNs64 - ok
18:37:59.0165 5200 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:37:59.0181 5200 nfrd960 - ok
18:37:59.0368 5200 [ 0BCB418C2906852C6F9347A258FD5711 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
18:37:59.0494 5200 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
18:37:59.0494 5200 NIHardwareService - detected UnsignedFile.Multi.Generic (1)
18:37:59.0525 5200 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:37:59.0572 5200 NlaSvc - ok
18:37:59.0603 5200 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:37:59.0619 5200 Npfs - ok
18:37:59.0634 5200 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:37:59.0681 5200 nsi - ok
18:37:59.0697 5200 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:37:59.0728 5200 nsiproxy - ok
18:37:59.0790 5200 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:37:59.0868 5200 Ntfs - ok
18:37:59.0868 5200 NTIDrvr - ok
18:37:59.0884 5200 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:37:59.0915 5200 Null - ok
18:37:59.0946 5200 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
18:37:59.0946 5200 nusb3hub - ok
18:37:59.0977 5200 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
18:37:59.0993 5200 nusb3xhc - ok
18:38:00.0227 5200 [ D5DEA2C1865CAB9EE6AA29CF9E79A2CE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:38:00.0556 5200 nvlddmkm - ok
18:38:00.0587 5200 [ 5EF70F7714C664BCF50EDFC141DEA9B8 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
18:38:00.0587 5200 nvpciflt - ok
18:38:00.0618 5200 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:38:00.0618 5200 nvraid - ok
18:38:00.0649 5200 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:38:00.0649 5200 nvstor - ok
18:38:00.0680 5200 [ 5A4AF8EA634B4FEEAF6F16BB1845715A ] NVSvc C:\Windows\system32\nvvsvc.exe
18:38:00.0712 5200 NVSvc - ok
18:38:00.0727 5200 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:38:00.0727 5200 nv_agp - ok
18:38:00.0821 5200 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:38:00.0883 5200 odserv - ok
18:38:00.0930 5200 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:38:00.0977 5200 ohci1394 - ok
18:38:01.0008 5200 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:38:01.0024 5200 ose - ok
18:38:01.0055 5200 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:38:01.0102 5200 p2pimsvc - ok
18:38:01.0117 5200 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:38:01.0133 5200 p2psvc - ok
18:38:01.0164 5200 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:38:01.0180 5200 Parport - ok
18:38:01.0211 5200 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:38:01.0226 5200 partmgr - ok
18:38:01.0226 5200 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:38:01.0258 5200 PcaSvc - ok
18:38:01.0273 5200 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:38:01.0289 5200 pci - ok
18:38:01.0304 5200 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:38:01.0304 5200 pciide - ok
18:38:01.0320 5200 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:38:01.0336 5200 pcmcia - ok
18:38:01.0351 5200 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:38:01.0351 5200 pcw - ok
18:38:01.0382 5200 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:38:01.0429 5200 PEAUTH - ok
18:38:01.0476 5200 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:38:01.0507 5200 PerfHost - ok
18:38:01.0570 5200 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:38:01.0663 5200 pla - ok
18:38:01.0694 5200 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:38:01.0726 5200 PlugPlay - ok
18:38:01.0741 5200 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:38:01.0757 5200 PNRPAutoReg - ok
18:38:01.0772 5200 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:38:01.0788 5200 PNRPsvc - ok
18:38:01.0835 5200 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:38:01.0882 5200 PolicyAgent - ok
18:38:01.0928 5200 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:38:01.0975 5200 Power - ok
18:38:01.0991 5200 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:38:02.0038 5200 PptpMiniport - ok
18:38:02.0069 5200 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:38:02.0084 5200 Processor - ok
18:38:02.0116 5200 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
18:38:02.0147 5200 ProfSvc - ok
18:38:02.0162 5200 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:38:02.0178 5200 ProtectedStorage - ok
18:38:02.0178 5200 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:38:02.0209 5200 Psched - ok
18:38:02.0256 5200 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:38:02.0318 5200 ql2300 - ok
18:38:02.0365 5200 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:38:02.0365 5200 ql40xx - ok
18:38:02.0396 5200 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:38:02.0412 5200 QWAVE - ok
18:38:02.0428 5200 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:38:02.0459 5200 QWAVEdrv - ok
18:38:02.0474 5200 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:38:02.0490 5200 RasAcd - ok
18:38:02.0506 5200 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:38:02.0537 5200 RasAgileVpn - ok
18:38:02.0552 5200 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:38:02.0599 5200 RasAuto - ok
18:38:02.0615 5200 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:38:02.0646 5200 Rasl2tp - ok
18:38:02.0662 5200 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:38:02.0708 5200 RasMan - ok
18:38:02.0724 5200 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:38:02.0755 5200 RasPppoe - ok
18:38:02.0786 5200 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:38:02.0818 5200 RasSstp - ok
18:38:02.0849 5200 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:38:02.0880 5200 rdbss - ok
18:38:02.0896 5200 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:38:02.0911 5200 rdpbus - ok
18:38:02.0942 5200 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:38:02.0974 5200 RDPCDD - ok
18:38:02.0974 5200 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:38:03.0005 5200 RDPENCDD - ok
18:38:03.0020 5200 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:38:03.0052 5200 RDPREFMP - ok
18:38:03.0083 5200 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:38:03.0098 5200 RDPWD - ok
18:38:03.0130 5200 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:38:03.0145 5200 rdyboost - ok
18:38:03.0208 5200 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:38:03.0223 5200 RegSrvc - ok
18:38:03.0254 5200 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:38:03.0301 5200 RemoteAccess - ok
18:38:03.0317 5200 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:38:03.0364 5200 RemoteRegistry - ok
18:38:03.0395 5200 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:38:03.0426 5200 RFCOMM - ok
18:38:03.0442 5200 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:38:03.0488 5200 RpcEptMapper - ok
18:38:03.0520 5200 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:38:03.0551 5200 RpcLocator - ok
18:38:03.0582 5200 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:38:03.0613 5200 RpcSs - ok
18:38:03.0644 5200 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
18:38:03.0644 5200 RSPCIESTOR - ok
18:38:03.0676 5200 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:38:03.0707 5200 rspndr - ok
18:38:03.0754 5200 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
18:38:03.0800 5200 RS_Service - ok
18:38:03.0816 5200 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:38:03.0816 5200 SamSs - ok
18:38:03.0832 5200 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:38:03.0847 5200 sbp2port - ok
18:38:03.0863 5200 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:38:03.0910 5200 SCardSvr - ok
18:38:03.0925 5200 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:38:03.0956 5200 scfilter - ok
18:38:03.0988 5200 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:38:04.0050 5200 Schedule - ok
18:38:04.0081 5200 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:38:04.0097 5200 SCPolicySvc - ok
18:38:04.0128 5200 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:38:04.0144 5200 sdbus - ok
18:38:04.0159 5200 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:38:04.0206 5200 SDRSVC - ok
18:38:04.0237 5200 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:38:04.0300 5200 secdrv - ok
18:38:04.0315 5200 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:38:04.0346 5200 seclogon - ok
18:38:04.0346 5200 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:38:04.0378 5200 SENS - ok
18:38:04.0393 5200 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:38:04.0424 5200 SensrSvc - ok
18:38:04.0456 5200 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:38:04.0471 5200 Serenum - ok
18:38:04.0487 5200 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:38:04.0487 5200 Serial - ok
18:38:04.0518 5200 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:38:04.0534 5200 sermouse - ok
18:38:04.0565 5200 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:38:04.0612 5200 SessionEnv - ok
18:38:04.0627 5200 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:38:04.0627 5200 sffdisk - ok
18:38:04.0643 5200 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:38:04.0658 5200 sffp_mmc - ok
18:38:04.0658 5200 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:38:04.0690 5200 sffp_sd - ok
18:38:04.0690 5200 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:38:04.0705 5200 sfloppy - ok
18:38:04.0752 5200 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:38:04.0783 5200 SharedAccess - ok
18:38:04.0814 5200 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:38:04.0861 5200 ShellHWDetection - ok
18:38:04.0877 5200 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:38:04.0892 5200 SiSRaid2 - ok
18:38:04.0924 5200 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:38:04.0924 5200 SiSRaid4 - ok
18:38:04.0970 5200 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:38:04.0970 5200 SkypeUpdate - ok
18:38:05.0002 5200 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:38:05.0033 5200 Smb - ok
18:38:05.0064 5200 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:38:05.0080 5200 SNMPTRAP - ok
18:38:05.0095 5200 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:38:05.0111 5200 spldr - ok
18:38:05.0126 5200 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
18:38:05.0158 5200 Spooler - ok
18:38:05.0220 5200 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:38:05.0329 5200 sppsvc - ok
18:38:05.0329 5200 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:38:05.0360 5200 sppuinotify - ok
18:38:05.0438 5200 [ D6AB7C13FCDD2E4CAC35244D2C172D9A ] sptd C:\Windows\System32\Drivers\sptd.sys
18:38:05.0485 5200 sptd - ok
18:38:05.0532 5200 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:38:05.0563 5200 srv - ok
18:38:05.0579 5200 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:38:05.0610 5200 srv2 - ok
18:38:05.0610 5200 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:38:05.0626 5200 srvnet - ok
18:38:05.0672 5200 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:38:05.0750 5200 SSDPSRV - ok
18:38:05.0766 5200 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:38:05.0828 5200 SstpSvc - ok
18:38:05.0875 5200 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:38:05.0891 5200 stexstor - ok
18:38:05.0953 5200 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:38:06.0000 5200 stisvc - ok
18:38:06.0016 5200 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:38:06.0016 5200 swenum - ok
18:38:06.0062 5200 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:38:06.0109 5200 swprv - ok
18:38:06.0140 5200 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:38:06.0234 5200 SysMain - ok
18:38:06.0265 5200 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:38:06.0281 5200 TabletInputService - ok
18:38:06.0296 5200 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:38:06.0328 5200 TapiSrv - ok
18:38:06.0343 5200 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:38:06.0374 5200 TBS - ok
18:38:06.0437 5200 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:38:06.0525 5200 Tcpip - ok
18:38:06.0540 5200 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:38:06.0572 5200 TCPIP6 - ok
18:38:06.0634 5200 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:38:06.0728 5200 tcpipreg - ok
18:38:06.0759 5200 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:38:06.0774 5200 TDPIPE - ok
18:38:06.0806 5200 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:38:06.0821 5200 TDTCP - ok
18:38:06.0837 5200 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:38:06.0868 5200 tdx - ok
18:38:06.0884 5200 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:38:06.0884 5200 TermDD - ok
18:38:06.0930 5200 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:38:06.0977 5200 TermService - ok
18:38:06.0993 5200 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:38:07.0008 5200 Themes - ok
18:38:07.0040 5200 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:38:07.0071 5200 THREADORDER - ok
18:38:07.0086 5200 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:38:07.0118 5200 TrkWks - ok
18:38:07.0180 5200 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:38:07.0258 5200 TrustedInstaller - ok
18:38:07.0274 5200 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:38:07.0320 5200 tssecsrv - ok
18:38:07.0352 5200 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:38:07.0383 5200 TsUsbFlt - ok
18:38:07.0398 5200 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:38:07.0414 5200 TsUsbGD - ok
18:38:07.0430 5200 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:38:07.0476 5200 tunnel - ok
18:38:07.0509 5200 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
18:38:07.0524 5200 TurboB - ok
18:38:07.0571 5200 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:38:07.0587 5200 TurboBoost - ok
18:38:07.0618 5200 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:38:07.0633 5200 uagp35 - ok
18:38:07.0633 5200 UBHelper - ok
18:38:07.0665 5200 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:38:07.0727 5200 udfs - ok
18:38:07.0774 5200 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:38:07.0774 5200 UI0Detect - ok
18:38:07.0805 5200 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:38:07.0805 5200 uliagpkx - ok
18:38:07.0821 5200 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:38:07.0836 5200 umbus - ok
18:38:07.0852 5200 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:38:07.0867 5200 UmPass - ok
18:38:07.0961 5200 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:38:08.0070 5200 UNS - ok
18:38:08.0101 5200 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:38:08.0133 5200 upnphost - ok
18:38:08.0179 5200 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:38:08.0211 5200 USBAAPL64 - ok
18:38:08.0257 5200 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:38:08.0289 5200 usbaudio - ok
18:38:08.0320 5200 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:38:08.0351 5200 usbccgp - ok
18:38:08.0382 5200 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:38:08.0398 5200 usbcir - ok
18:38:08.0413 5200 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:38:08.0429 5200 usbehci - ok
18:38:08.0460 5200 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
18:38:08.0491 5200 usbhub - ok
18:38:08.0507 5200 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:38:08.0523 5200 usbohci - ok
18:38:08.0538 5200 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:38:08.0554 5200 usbprint - ok
18:38:08.0585 5200 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:38:08.0601 5200 usbscan - ok
18:38:08.0632 5200 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
18:38:08.0647 5200 usbser - ok
18:38:08.0663 5200 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:38:08.0694 5200 USBSTOR - ok
18:38:08.0710 5200 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:38:08.0725 5200 usbuhci - ok
18:38:08.0741 5200 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:38:08.0757 5200 usbvideo - ok
18:38:08.0788 5200 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:38:08.0835 5200 UxSms - ok
18:38:08.0850 5200 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:38:08.0850 5200 VaultSvc - ok
18:38:08.0881 5200 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:38:08.0881 5200 vdrvroot - ok
18:38:08.0913 5200 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:38:08.0944 5200 vds - ok
18:38:08.0975 5200 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:38:08.0991 5200 vga - ok
18:38:09.0006 5200 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:38:09.0053 5200 VgaSave - ok
18:38:09.0069 5200 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:38:09.0084 5200 vhdmp - ok
18:38:09.0100 5200 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:38:09.0115 5200 viaide - ok
18:38:09.0131 5200 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:38:09.0131 5200 volmgr - ok
18:38:09.0147 5200 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:38:09.0162 5200 volmgrx - ok
18:38:09.0178 5200 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:38:09.0193 5200 volsnap - ok
18:38:09.0209 5200 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:38:09.0225 5200 vsmraid - ok
18:38:09.0271 5200 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:38:09.0349 5200 VSS - ok
18:38:09.0365 5200 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:38:09.0396 5200 vwifibus - ok
18:38:09.0396 5200 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:38:09.0427 5200 vwififlt - ok
18:38:09.0427 5200 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:38:09.0443 5200 vwifimp - ok
18:38:09.0474 5200 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:38:09.0505 5200 W32Time - ok
18:38:09.0521 5200 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:38:09.0537 5200 WacomPen - ok
18:38:09.0552 5200 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:38:09.0583 5200 WANARP - ok
18:38:09.0583 5200 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:38:09.0615 5200 Wanarpv6 - ok
18:38:09.0677 5200 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:38:09.0786 5200 WatAdminSvc - ok
18:38:09.0833 5200 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:38:09.0911 5200 wbengine - ok
18:38:09.0958 5200 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:38:09.0973 5200 WbioSrvc - ok
18:38:10.0005 5200 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:38:10.0036 5200 wcncsvc - ok
18:38:10.0051 5200 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:38:10.0083 5200 WcsPlugInService - ok
18:38:10.0098 5200 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:38:10.0114 5200 Wd - ok
18:38:10.0129 5200 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:38:10.0145 5200 Wdf01000 - ok
18:38:10.0161 5200 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:38:10.0254 5200 WdiServiceHost - ok
18:38:10.0270 5200 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:38:10.0285 5200 WdiSystemHost - ok
18:38:10.0317 5200 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:38:10.0348 5200 WebClient - ok
18:38:10.0379 5200 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:38:10.0410 5200 Wecsvc - ok
18:38:10.0426 5200 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:38:10.0457 5200 wercplsupport - ok
18:38:10.0457 5200 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:38:10.0488 5200 WerSvc - ok
18:38:10.0504 5200 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:38:10.0535 5200 WfpLwf - ok
18:38:10.0551 5200 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:38:10.0566 5200 WIMMount - ok
18:38:10.0582 5200 WinDefend - ok
18:38:10.0597 5200 WinHttpAutoProxySvc - ok
18:38:10.0660 5200 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:38:10.0722 5200 Winmgmt - ok
18:38:10.0785 5200 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:38:10.0863 5200 WinRM - ok
18:38:10.0909 5200 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:38:10.0925 5200 WinUsb - ok
18:38:10.0956 5200 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:38:11.0003 5200 Wlansvc - ok
18:38:11.0050 5200 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:38:11.0050 5200 wlcrasvc - ok
18:38:11.0175 5200 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:38:11.0362 5200 wlidsvc - ok
18:38:11.0409 5200 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:38:11.0440 5200 WmiAcpi - ok
18:38:11.0487 5200 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:38:11.0518 5200 wmiApSrv - ok
18:38:11.0549 5200 WMPNetworkSvc - ok
18:38:11.0580 5200 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:38:11.0611 5200 WPCSvc - ok
18:38:11.0627 5200 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:38:11.0643 5200 WPDBusEnum - ok
18:38:11.0674 5200 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:38:11.0705 5200 ws2ifsl - ok
18:38:11.0721 5200 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:38:11.0736 5200 wscsvc - ok
18:38:11.0752 5200 WSearch - ok
18:38:11.0814 5200 [ 906AB7AF346E97B3ABA65A7531A8B450 ] WTGService C:\Program Files (x86)\3DataManager\WTGService.exe
18:38:11.0861 5200 WTGService - ok
18:38:11.0923 5200 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:38:11.0986 5200 wuauserv - ok
18:38:12.0001 5200 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:38:12.0064 5200 WudfPf - ok
18:38:12.0111 5200 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:38:12.0142 5200 WUDFRd - ok
18:38:12.0157 5200 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:38:12.0189 5200 wudfsvc - ok
18:38:12.0204 5200 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:38:12.0235 5200 WwanSvc - ok
18:38:12.0267 5200 ================ Scan global ===============================
18:38:12.0329 5200 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:38:12.0360 5200 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:38:12.0407 5200 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:38:12.0438 5200 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:38:12.0454 5200 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:38:12.0469 5200 [Global] - ok
18:38:12.0469 5200 ================ Scan MBR ==================================
18:38:12.0485 5200 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:38:13.0047 5200 \Device\Harddisk0\DR0 - ok
18:38:13.0047 5200 ================ Scan VBR ==================================
18:38:13.0047 5200 [ A0430C39F4359AFBB541EB770A101AC3 ] \Device\Harddisk0\DR0\Partition1
18:38:13.0047 5200 \Device\Harddisk0\DR0\Partition1 - ok
18:38:13.0093 5200 [ A2C7379A7B2DE704537EC925B0275A59 ] \Device\Harddisk0\DR0\Partition2
18:38:13.0093 5200 \Device\Harddisk0\DR0\Partition2 - ok
18:38:13.0093 5200 ============================================================
18:38:13.0093 5200 Scan finished
18:38:13.0093 5200 ============================================================
18:38:13.0125 5772 Detected object count: 2
18:38:13.0125 5772 Actual detected object count: 2
18:38:32.0282 5772 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:32.0282 5772 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:32.0282 5772 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:32.0282 5772 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:41.0939 3504 Deinitialize success
|
|
07.05.2013, 21:15
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus |
|
07.05.2013, 21:52
| #7 |
| | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Hier die aktuellen logs Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by lacco on 07.05.2013 at 22:29:59,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\lacco\AppData\Roaming\mozilla\firefox\profiles\6zns3n7o.default\minidumps [120 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.05.2013 at 22:32:51,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 07/05/2013 um 22:34:34 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : lacco - LACCO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\lacco\Desktop\adwcleaner(1).exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\lacco\AppData\Roaming\Mozilla\Firefox\Profiles\6zns3n7o.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [912 octets] - [07/05/2013 22:34:19]
AdwCleaner[S1].txt - [854 octets] - [04/05/2013 13:08:44]
AdwCleaner[S2].txt - [846 octets] - [07/05/2013 22:34:34]
########## EOF - C:\AdwCleaner[S2].txt - [905 octets] ##########
Code:
ATTFilter OTL Extras logfile created on: 07.05.2013 22:44:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lacco\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 46,67% Memory free
7,71 Gb Paging File | 5,42 Gb Available in Paging File | 70,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680,54 Gb Total Space | 360,84 Gb Free Space | 53,02% Space Free | Partition Type: NTFS
Drive D: | 4,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LACCO-PC | User Name: lacco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4006155465-997536855-2015683883-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08967647-491C-4C24-871A-BD33497D4751}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F820634-B79C-4B07-B673-30DE67368BA0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{11B9A184-FDE0-477A-8DFD-8D9FC6312027}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16C0C02E-D577-4F13-B53B-E26B2F24156F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FD08610-B75A-400C-8692-BA236F7968ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{225633AE-271A-4BD5-9D7B-ED4B09957F8A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3FF399FA-5AD0-4797-A1F7-25E9241630A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{4261B428-D49E-45AF-9D4E-49AE080A07BF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49FC1D4D-968A-445E-8447-B673AC402FDD}" = lport=137 | protocol=17 | dir=in | app=system |
"{696389EA-5404-42BC-BC47-3641501D7FCF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6ED39343-05F9-43CF-B3D0-56B00E8097DD}" = rport=139 | protocol=6 | dir=out | app=system |
"{71E339ED-2CDF-4FA8-93E3-A9076C5608CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{77DA37F2-6DDE-4860-A16F-156A6008A5E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{9379F17E-B6A9-4469-A8D7-0D1B108E2B38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B407050-BE40-4594-9B0E-2FEDDBF8AE74}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{9CE8A3CB-BF8C-4D1F-8FB4-3A8219F64E57}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A02AF154-982D-4C2E-8494-EEE3AAAE5138}" = lport=445 | protocol=6 | dir=in | app=system |
"{A0FE266B-B11E-41A7-ABD6-9FA0314253FA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A49F256C-2B02-4597-B568-9D3B5A29B642}" = rport=138 | protocol=17 | dir=out | app=system |
"{B871E1CF-99C3-4CC4-AFC0-918679A6B93F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9F31EFC-0CE3-4094-9D78-41FFFF77D91A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{DFBA5D1F-365E-452D-AAF8-8EA0A0E16603}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E6FF2456-15FC-4CCA-8C8D-46DA58758C25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E89E82BB-901D-428D-8279-7D9D62A45EE3}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC256CF9-DE5A-4852-BC44-9E4378546226}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3A3ECF-C9FD-4E86-A8CE-F0A56D206512}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{0F39FC86-3E5C-4CAA-96E2-AB8F0238B155}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{12102D30-0385-4545-A1F1-A2DC5C0C75FD}" = protocol=6 | dir=out | app=system |
"{123D4183-94E6-4457-8779-E66BCE51DF9E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{13AEA5B2-7773-4C9F-8766-27F8C873B9E4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{186BB5D8-9A13-46E4-89AA-5A8580FA9490}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2387F08E-AC75-4402-901C-AAD29DAE2E8F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{298C8A03-ADFC-4E40-A888-F829D8836E37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{29D0CB78-C6F6-4DDE-9E4E-EDD7F09D3AAE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2BA1D1E8-69C7-41AD-B525-B4A5011FADC8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{399A0C86-6306-4746-BCF0-F2C7CED12FC9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{3AD0FB50-8603-46B1-B64B-8DF66E4848D3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3DF88F81-2A93-451E-95C4-BAFF6E5CBCDF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{40FE09ED-81B8-4710-A7F1-783F1500D11F}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{443CFEBA-4C08-4356-AFAA-95CFC0FF9E69}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{44AFBA83-2013-43B6-AF04-A1B6E21AF829}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55FCC928-38FC-452E-B49C-1DB92E92C9F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6870F30D-927C-4FD2-8C3E-D1D1A8A5AA3C}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{7977AF87-5EA9-4436-83B2-FEF4D870B563}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{79EDD11A-E40F-4A94-95B7-CC24780DE27C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{80038319-FE50-4477-A71C-8BB12D241D89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FBDE644-B8A4-4A89-8987-9FE2CEC7CDAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90C91016-9133-4C8D-BE5F-8C0D3E7A46A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{913C1550-DDB4-4F88-8A4B-0317EE3DF3E1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{94A65F28-4BE3-422A-A5B6-958A27068D1B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{971DDCB8-931F-496A-A4CA-085BE64E41E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{974828B3-C73D-48E4-B90C-17BCE4250FC5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{979AE95C-42B1-493A-87A8-72354E0815CA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9977D043-775D-43DB-B38E-66B75D2542E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9AF90610-5F23-4739-9ADD-4B3BE6E089F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FA76439-00EF-4615-A9E8-0EB15EB3227B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A622FB42-0958-401E-9E1D-FDD467FA008E}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{ADA9BB46-42AA-45C0-9655-CEFC447C0ABF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B85381F8-7561-4546-A6A2-12FFBA282889}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BC554666-5F80-46B9-BB54-5AE3891E8342}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD1B2ADA-6780-4E98-BA93-BE30FAAF6C8C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C1B63186-C799-4FF4-9C2F-9F423E61323C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3CF41B6-243C-4344-BD38-1FEA1DBB8776}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C4898FAC-B55E-4406-8CDE-DD0FCB66676C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C767743B-79BE-4CB4-917F-4CFA800CA406}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D54EFFC9-6C93-4A6A-A2AD-8ABC8498C59F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D83B1BDE-315A-4325-AFC2-086070538904}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D958138B-138C-4F05-AB5A-F6E538578DD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DED1BE1F-5461-40FD-BC32-D826549DC7E0}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{E88913EB-366B-4415-A373-5913E744CE18}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{ECF5BAF1-C3C8-49F8-B7B3-2A6196A39C11}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{EE65D3FA-F050-41BF-B4CB-3C76C4E8568B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE6C1F3A-EC07-4EFE-B357-BDD658A1B199}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FFFA063B-FD3E-4BE8-A2D7-E21F165D6D70}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{7A575546-5FFE-4F20-A35A-C178B5F987BD}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{DBE93467-3D36-45CC-A353-BFF9E8F81BB6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CD2945A-E7A9-44BC-BA34-A22FC8117592}" = M-Audio Fast Track C400 Driver 1.0.7 (x64)
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi-Software
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5236C5F0-9539-49DB-829A-D2C964F455D3}" = Ableton Live 8
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}" = Acer USB Charge Manager
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"3DataManager" = 3DataManager
"7289-1030-5602-7421" = JDownloader 0.9
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Addictive Drums 1.00" = Addictive Drums 1.00
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.5.2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonQuickMenu" = Canon Quick Menu
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Service Center" = Native Instruments Service Center
"ProInst" = Intel PROSet Wireless
"VLC media player" = VLC media player 2.0.5
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-1b37a904-9b43-4916-a43b-f5542dce30ee" = Zuma Deluxe
"WTA-1c626ca5-77b5-41d1-85cf-ff947666267c" = Chuzzle Deluxe
"WTA-288dc69e-16f8-4223-a896-51a678d8f189" = Wedding Dash
"WTA-4d65c5de-5691-4740-b0f0-515867ae39e7" = John Deere Drive Green
"WTA-715a53a4-97ff-481a-97fd-9906aade81b8" = Virtual Villagers 4 - The Tree of Life
"WTA-74c0026a-6610-49b6-846d-c8e6843520b4" = Slingo Deluxe
"WTA-945567a1-21c2-4632-8717-5615e5ea39d8" = Jewel Match 3
"WTA-9ae5404c-5b0b-441d-b1b3-84639f44f5c7" = Bejeweled 2 Deluxe
"WTA-9bd99a2a-fece-4093-8ace-54b7f25c06b8" = Jewel Quest Solitaire
"WTA-aa8c2ad5-2dab-4a99-ba6b-c266edc3e654" = Insaniquarium Deluxe
"WTA-c4d5b1b1-25cc-43e7-8afe-935360d2ffae" = Torchlight
"WTA-c70a7599-f651-49a0-9ad0-ca92c6266a39" = Crazy Chicken Kart 2
"WTA-e2a68a80-082a-434d-be45-cf7e5b997cfe" = Final Drive: Nitro
"WTA-f8e91ebe-65da-489f-b9e3-c221999eb626" = Agatha Christie - Death on the Nile
"WTA-fb438896-5461-4eeb-b6ca-9132fc8c6066" = FATE
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.05.2013 16:36:01 | Computer Name = lacco-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 07.05.2013 16:36:06 | Computer Name = lacco-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error - 07.05.2013 16:38:27 | Computer Name = lacco-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 07.05.2013 22:44:37 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lacco\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 46,67% Memory free 7,71 Gb Paging File | 5,42 Gb Available in Paging File | 70,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 680,54 Gb Total Space | 360,84 Gb Free Space | 53,02% Space Free | Partition Type: NTFS Drive D: | 4,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LACCO-PC | User Name: lacco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\lacco\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\M-Audio\Fast Track C400\AudioDevMon.exe (M-Audio) PRC - C:\Program Files (x86)\3DataManager\WTGService.exe () PRC - C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe () PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\35296661bd979735d6afd036a104bfd6\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe () MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll () MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe () MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\UMOUTL~1.DLL () MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\COLLEA~1.DLL () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () ========== Services (SafeList) ========== SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FastTrackC400AudioDevMon) -- C:\Program Files (x86)\M-Audio\Fast Track C400\AudioDevMon.exe (M-Audio) SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe () SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (MONEYPENNYDFU) -- C:\Windows\SysNative\drivers\MAudioFastTrackC400_DFU.sys (Avid) DRV:64bit: - (MONEYPENNY) -- C:\Windows\SysNative\drivers\MAudioFastTrackC400.sys (M-Audio) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4006155465-997536855-2015683883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKU\S-1-5-21-4006155465-997536855-2015683883-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-4006155465-997536855-2015683883-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4006155465-997536855-2015683883-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4006155465-997536855-2015683883-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.01.18 20:44:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 11:45:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 11:45:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 10:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lacco\AppData\Roaming\mozilla\Extensions [2013.04.13 11:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.13 11:45:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 02:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 02:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 02:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 02:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 02:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 02:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found. O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-21-4006155465-997536855-2015683883-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4006155465-997536855-2015683883-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4006155465-997536855-2015683883-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31233FBB-275E-4BB1-A546-91B760D858E5}: NameServer = 213.94.78.17 213.94.78.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9296B2D2-1393-4CC8-A4D6-6235A78D599D}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC3CF147-DE7F-43FB-BB73-017A9ECA132D}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 22:41:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\lacco\Desktop\OTL.exe [2013.05.07 22:38:35 | 000,000,000 | ---D | C] -- C:\Users\lacco\Desktop\logs [2013.05.07 22:29:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.07 22:29:51 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.07 22:28:36 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\lacco\Desktop\JRT.exe [2013.05.07 18:36:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\lacco\Desktop\tdsskiller.exe [2013.05.07 07:39:35 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\lacco\Desktop\aswMBR.exe [2013.05.06 22:28:01 | 000,000,000 | ---D | C] -- C:\Users\lacco\Desktop\mbar [2013.05.05 10:40:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.04 15:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.05.04 15:10:40 | 000,000,000 | ---D | C] -- C:\Users\lacco\AppData\Roaming\Malwarebytes [2013.05.04 15:10:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.04 15:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.04 15:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.04 15:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.04 12:41:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.04 12:41:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.04 12:41:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.04 12:40:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.04 12:40:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.04 11:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.05.04 11:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.02 11:44:41 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.28 20:48:51 | 000,000,000 | ---D | C] -- C:\Users\lacco\Desktop\reifen [2013.04.20 09:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.13 14:09:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.13 14:09:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.13 14:09:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.13 14:09:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.13 14:09:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.13 14:09:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.13 14:09:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.13 14:09:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.13 14:09:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.13 14:09:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.13 14:09:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.13 14:09:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.13 14:09:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.13 14:09:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.13 14:09:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.13 11:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.13 10:42:23 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.13 10:42:22 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.13 10:42:22 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.13 10:42:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.13 10:42:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.13 10:42:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.13 10:41:58 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.13 10:41:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.13 10:41:57 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.13 10:41:57 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.13 10:41:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.13 10:41:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.09 21:38:03 | 000,000,000 | ---D | C] -- C:\Users\lacco\Desktop\abstractnotion ========== Files - Modified Within 30 Days ========== [2013.05.07 22:44:03 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.07 22:44:03 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.07 22:42:11 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.07 22:42:11 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.07 22:42:11 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.07 22:42:11 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.07 22:42:11 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.07 22:37:47 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.07 22:35:52 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job [2013.05.07 22:35:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.07 22:35:50 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2013.05.07 22:33:45 | 000,628,743 | ---- | M] () -- C:\Users\lacco\Desktop\adwcleaner(1).exe [2013.05.07 22:28:28 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\lacco\Desktop\JRT.exe [2013.05.07 22:25:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.07 21:23:08 | 000,000,512 | ---- | M] () -- C:\Users\lacco\Desktop\MBR.dat [2013.05.07 18:36:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\lacco\Desktop\tdsskiller.exe [2013.05.07 18:16:33 | 525,756,908 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.07 07:36:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\lacco\Desktop\aswMBR.exe [2013.05.04 17:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lacco\Desktop\OTL.exe [2013.05.04 15:10:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.02 11:44:30 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.18 21:23:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.13 18:25:41 | 000,416,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.07 22:33:56 | 000,628,743 | ---- | C] () -- C:\Users\lacco\Desktop\adwcleaner(1).exe [2013.05.07 21:23:08 | 000,000,512 | ---- | C] () -- C:\Users\lacco\Desktop\MBR.dat [2013.05.04 15:10:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.04 12:41:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.04 12:41:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.04 12:41:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.04 12:41:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.04 12:41:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.18 21:23:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.13 13:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\GpsPlatformExe.INI [2013.03.13 13:14:30 | 000,000,000 | ---- | C] () -- C:\Windows\SportAppExe.INI [2013.01.18 19:08:51 | 001,590,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.04 06:46:28 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.04 06:46:27 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.04 06:46:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.04 06:46:25 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.04 06:46:24 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
07.05.2013, 22:11
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-VirusCode:
ATTFilter O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31233FBB-275E-4BB1-A546-91B760D858E5}: NameServer = 213.94.78.17 213.94.78.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9296B2D2-1393-4CC8-A4D6-6235A78D599D}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC3CF147-DE7F-43FB-BB73-017A9ECA132D}: DhcpNameServer = 10.0.0.138
 Uni? Firmennetze? Sind mir gerade ins Auge gesprungen die Einträge und wollte lieber mal nachfragen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2013, 22:40
| #9 |
| | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Ja,das ist mein laptop und der ist regelmäßig mit mir unterwegs. Könnte dir jetzt aber nicht sagen zu welchem netz die ip's gehören. |
|
07.05.2013, 22:59
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Naja, wenn du damit unterwegs bist, was bei einem mobilen Computer ja üblich sein soll (  ) erklärt es das schon.Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.05.2013, 09:32
| #11 |
| | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus leider keine so guten nachritchten. zwischenzeitl. hat mein AVIRA wieder einen Fund gemeldet Code:
ATTFilter Exportierte Ereignisse:
08.05.2013 19:30 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\lacco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2b64b163-773f7
278'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Java.HLP.FT' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.08.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 lacco :: LACCO-PC [Administrator] 08.05.2013 18:26:57 mbam-log-2013-05-08 (18-26-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 411345 Laufzeit: 1 Stunde(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cd7057404691d54794a5c2c66e5678ab
# engine=13789
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-09 10:22:06
# local_time=2013-05-09 12:22:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 7019 233518216 0 0
# compatibility_mode=5122 16777214 0 79 9563841 76962986 0 0
# compatibility_mode=5893 16776574 100 94 9609897 119724776 0 0
# scanned=180581
# found=1
# cleaned=0
# scan_time=6356
sh=41E0F9117DE5AA49C76AC6C0DD51AE74BAC8D9D4 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.Q trojan" ac=I fn="C:\Users\lacco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2b64b163-773f7278"
|
|
09.05.2013, 17:38
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Ist nur ein Rest im Javacache. Bitte TFC anwenden, der leert die Cache und Tempordner: TFC - Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.05.2013, 18:41
| #13 |
| | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Ein traum,jetzt ist alles clean!!!! Vielen vielen dank für die ganze Arbeit!!!werde gleich noch ein bier ans board spenden |
|
10.05.2013, 19:43
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2013, 18:34
| #15 |
| | variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus Vielen Dank noch für die Tips, mein system ist wieder rein! Kann man dieser Anleitung sicherheitstechnisch trauen? "Blocking Unwanted Parasites with a Hosts File", ich kenn mich da einfach zu wenig aus und hab leider nicht genug Zeit um mich hier einzulesen. Ansonsten kann der thread geschlossen werden, danke nochmal! |
|
| Themen zu variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus |
| beschäftigt, board, entferne, entfernen, eset, exploit.cve-2013-2423.q trojan, folge, folgendes, gefunde, google, heute, landespolizeidirection, log, sorge, sorgen, thema, troja, trojan, variant |
Linear-Darstellung
