| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.05.2013, 13:30
| #1 |
 |  Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Verehrte Meister des Trojanerboards - mein Laptop hat sich den bekannten Bundestrojaner geholt - plötzlich wurde der Bildschirm weiß, es tauchte die Grafik der angeblichen Polizeibehörden auf, inklusive Zahlungsaufforderung und Webcam-Bild. Danach habe ich - und dafür entschuldige ich mich vorweg - nicht gleich den Weg hierher gefunden, sondern zunächst selbst etwas unternommen. Ich habe den Laptop neu gestartet, wodurch die gefakte Anzeige verschwand. Auf dem Laufwerk C fiel mir sofort eine Anwendung mit kryptischem Buchstabensalat-Namen und ohne Eigenschaften auf, die in eben der Minute installiert wurde, als der Trojaner zuschlug. Diese habe ich gelöscht. Außerdem habe ich einen Scan mit Maleware-Bytes gemacht: Auch hier wurde eine Ransomeware-Datei freigelegt & eliminiert. Anschließend bin ich auf die Threads in Eurem Forum gestoßen, die mir die Komplexität des Trojaners klargemacht haben - weshalb ich mich nun an Euch wende. Vielen Dank im Voraus!! OTL: Code:
ATTFilter OTL logfile created on: 28.05.2013 13:37:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 47,55% Memory free 7,35 Gb Paging File | 5,38 Gb Available in Paging File | 73,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,99 Gb Total Space | 22,42 Gb Free Space | 7,87% Space Free | Partition Type: NTFS Computer Name: SCHREIBMASCHINE | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.28 12:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.05.22 00:52:36 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.07 15:38:13 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.28 11:45:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 11:44:47 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.19 01:34:25 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2011.05.12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.05.12 08:04:12 | 000,723,560 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2011.04.24 04:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2011.04.24 04:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2011.04.22 19:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2011.04.19 09:01:34 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011.04.19 09:01:34 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011.04.19 09:01:32 | 001,097,808 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011.04.19 09:01:32 | 000,353,872 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.09.16 03:13:16 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.09.16 03:13:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.05.20 17:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2005.01.31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2013.05.22 00:52:36 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.04.24 04:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV - [2013.05.22 00:52:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 21:26:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.28 11:45:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 11:44:47 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.19 01:34:25 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService) SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.25 15:29:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.06.07 13:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2011.05.12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.05.10 15:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2011.04.24 04:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2011.04.22 19:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2011.04.19 09:01:32 | 000,353,872 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011.03.29 07:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.16 03:13:16 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.09.16 03:13:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.05.20 17:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.01.31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.04 17:02:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.05.04 17:02:33 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2013.03.28 11:45:07 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 11:45:07 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 11:45:07 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.06.10 05:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.06.02 05:37:32 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.05.10 06:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2011.03.28 05:44:46 | 001,417,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.12.01 10:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.26 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: helper%40savefrom.net:1.79 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.12 16:28:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 00:52:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 00:52:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 00:52:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 00:52:31 | 000,000,000 | ---D | M] [2012.07.07 16:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.05.24 11:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ncbypbyq.default\extensions [2013.04.05 16:58:50 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ncbypbyq.default\extensions\ich@maltegoetz.de [2013.05.15 21:28:39 | 000,101,681 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ncbypbyq.default\extensions\helper@savefrom.net.xpi [2013.05.24 11:26:13 | 000,008,019 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ncbypbyq.default\extensions\youtubeunblocker@unblocker.yt.xpi [2012.12.16 19:51:37 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ncbypbyq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.09 16:53:07 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ncbypbyq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.22 00:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 00:52:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\USERS\RALF SCHöNFELDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCBYPBYQ.DEFAULT\EXTENSIONS\HELPER@SAVEFROM.NET.XPI File not found (No name found) -- C:\USERS\RALF SCHöNFELDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCBYPBYQ.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead VideoStudio 10\uvPL.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C2CDFC6-0DA1-463C-89A1-59E36D10B77A}: DhcpNameServer = 172.22.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DECCFAD8-1D1C-4A81-80F7-6AFB835FE184}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.28 12:32:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.28 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.05.28 12:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.28 12:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.28 12:13:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.28 12:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.28 10:05:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BE960C05-EB43-4F17-82F2-DC2171A06762} [2013.05.27 15:26:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Playlist [2013.05.27 10:00:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A24FF27-909D-43CA-B23F-0E651CEA0C37} [2013.05.26 11:57:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{70B55D86-F18F-45F2-AA38-C226983AD6B1} [2013.05.25 14:50:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{80CD9A1B-7CB6-4AC1-A49C-D444A9B6278C} [2013.05.24 11:25:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A3CD1F48-A6BD-478A-BF5F-D44700F8FD67} [2013.05.23 09:07:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5A2660A5-E07A-4471-A934-79F4E96370DC} [2013.05.22 00:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.22 00:29:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{88B2E5AE-E51D-4715-9878-EF6E1F68CAD4} [2013.05.21 11:43:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4207ABB0-1805-4BAD-92C2-B251A2BC0299} [2013.05.20 19:14:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ABF4ED34-7FC2-4B88-A52E-92C7D96BC88A} [2013.05.15 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6F415FFF-0198-416C-8241-8FE31DF2A29D} [2013.05.15 09:55:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A1411827-AFE7-4F45-A84A-CA0FCC7F6B3F} [2013.05.14 14:11:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6AF18987-0C7D-4C10-BB41-CF68F046601E} [2013.05.13 22:08:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{487E4C33-7739-48D2-A78C-F755D47AE2CE} [2013.05.13 09:52:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{334BD2C4-3334-4A6E-A06C-EB858D38E881} [2013.05.12 16:55:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E0C73AEB-065E-4AC4-AD27-83F5E9B2144E} [2013.05.11 11:42:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D2BDC13C-D0B3-4A08-9ACA-4B6EAD57EDD7} [2013.05.10 10:03:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{64F77BCE-7D81-4FCC-9CA2-54C4F7E3ACE1} [2013.05.09 12:21:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8EFE75B8-988D-4BA6-A449-159706DA8C28} [2013.05.08 14:29:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{309D653F-2D10-43A2-A1E0-6B06E00332A5} [2013.05.08 14:28:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EC7D15DB-B315-40BE-8309-22276B5BAF69} [2013.05.07 22:41:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DCFF68B4-0690-424A-9795-8051E7BA4A18} [2013.05.07 15:39:06 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 09:39:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F4330BCA-FD91-47C1-9F53-16836D6B080A} [2013.05.06 09:40:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{60DFAD30-973F-469F-9AFB-99BE44FAA6DC} [2013.05.05 15:34:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9FEAF07E-4942-4B9E-B6D2-DCB91118D62A} [2013.05.04 20:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4F9CA7E6-3718-48DD-856E-16383910B348} [2013.05.04 17:07:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Risen [2013.05.04 17:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.05.04 17:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.05.04 17:02:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2013.05.04 17:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.05.04 16:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver [2013.05.03 09:17:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5BFDE256-2DA9-40FC-BDCC-F5B35EB088ED} [2013.05.02 21:00:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{09E38A5D-0B68-48C4-82AE-BD99836436D9} [2013.05.02 14:10:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CBF772A7-9AC2-49BA-91AE-4184B9DFD4B9} [2013.05.02 10:11:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A343F5E-E6A3-4B91-8268-4C5ADF71DEDA} [2013.05.02 09:49:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{59E680AF-63ED-4E00-A8AF-725CA13076EB} [2013.05.01 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3393BF22-EA44-41EB-9614-D3EC989EBB9D} [2013.05.01 00:36:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DAFD2228-145C-4C71-AFF6-62A443D11805} [2013.04.30 12:33:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CFC71369-5D00-4947-8B48-B13F5E9D626E} [2013.04.29 12:41:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9C71E391-F19D-44B0-8D7A-A031F7FA07A6} [2013.04.28 15:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames [2013.04.28 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Civilization III [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.28 13:40:39 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 13:40:39 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 13:33:44 | 000,000,358 | ---- | M] () -- C:\Windows\Ulead32.ini [2013.05.28 13:33:07 | 000,000,857 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys [2013.05.28 13:32:57 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2013.05.28 13:32:54 | 2960,412,672 | -HS- | M] () -- C:\hiberfil.sys [2013.05.28 13:25:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.28 12:57:52 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.28 12:57:52 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.28 12:57:52 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.28 12:57:52 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.28 12:57:52 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.28 12:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.28 11:36:57 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\skype.ini [2013.05.20 19:12:10 | 000,457,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.07 15:38:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.04 17:02:34 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2013.05.04 17:02:33 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2013.04.29 00:06:22 | 000,272,749 | ---- | M] () -- C:\Users\***\Desktop\maison.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.28 11:28:27 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.ini [2013.05.04 17:02:34 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2013.05.04 17:02:33 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2013.04.29 00:06:16 | 000,272,749 | ---- | C] () -- C:\Users\***\Desktop\maison.jpg [2013.04.21 18:03:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2013.04.03 13:43:05 | 000,010,495 | ---- | C] () -- C:\Users\***\vtopy_elster_2048.pfx [2013.03.28 11:59:43 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini [2013.03.19 01:34:25 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll [2013.03.19 01:34:25 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe [2013.03.19 01:34:25 | 000,000,857 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys [2012.12.09 20:32:44 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2012.11.24 04:25:24 | 000,005,081 | ---- | C] () -- C:\ProgramData\hnbdehzc.pfe [2012.11.12 12:34:30 | 794,917,018 | ---- | C] () -- C:\Users\***\SaS - Oct 19, 2012 - Penny Pax and Danny Wylde (25842).wmv [2012.07.12 17:29:15 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.07.12 17:29:15 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.07.12 17:16:52 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.07.12 15:44:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll [2012.07.12 15:39:51 | 000,000,358 | ---- | C] () -- C:\Windows\Ulead32.ini [2012.07.07 18:11:55 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012.07.07 16:04:59 | 000,001,104 | ---- | C] () -- C:\Users\***\AppData\Roaming\AbsoluteReminder.xml [2012.01.10 13:43:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.01.10 13:42:44 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.01.10 13:42:42 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.01.10 13:42:41 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.01.10 13:42:41 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.22 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DL [2013.05.28 13:33:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2013.04.02 22:21:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2013.04.02 22:19:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.22 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012.11.24 04:11:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter [2012.07.07 17:46:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lingo4u [2012.07.07 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2013.05.27 23:24:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2012.07.08 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2013.01.11 15:46:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xm1 ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.05.2013 13:37:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 47,55% Memory free
7,35 Gb Paging File | 5,38 Gb Available in Paging File | 73,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 22,42 Gb Free Space | 7,87% Space Free | Partition Type: NTFS
Computer Name: SCHREIBMASCHINE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAC6894-AB64-4F4F-B84F-2BAAE98F8B47}" = lport=139 | protocol=6 | dir=in | app=system |
"{11C337FB-8B6B-492C-84A0-68706DEA95B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{181954B3-B7A0-41FA-B5A4-CE0C170F710F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1E3E5D11-47A1-4FC5-9800-040C6E6E5748}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24E7212C-2CC6-4A29-8869-8FCBF7E1CD99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26C3C282-8E22-4219-BEF4-5245F6125263}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D78E964-5EA3-496E-A8BA-D04B229F2FCA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{346D5AAD-A9BD-41D4-9254-3E164D8FF023}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{381EC83B-77F3-46FA-AE1A-0D75138C407C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{40E6EB0C-0D45-45BD-BDFD-07FB8BE47B72}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{422AFFE8-8854-406B-8CBD-F937EBF5BCE6}" = lport=445 | protocol=6 | dir=in | app=system |
"{444191CA-9BF0-41C0-8AF0-FE6DB4A0DDB7}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E01A9D2-36B7-44C2-B9BA-E3C4ADDEBA99}" = rport=138 | protocol=17 | dir=out | app=system |
"{7BE88C7B-F5BA-4E14-9E63-754EC4C8E327}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99424132-5F04-4AF4-B40D-08B271A06C74}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9BFA1F53-E004-4E88-A8F7-A8753F5C7558}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A879D1BE-7412-4D48-9E50-B4594A3241F7}" = rport=137 | protocol=17 | dir=out | app=system |
"{B7966275-5D89-42E7-8B82-B903B5C13F6E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BAFD3E5C-F218-4164-8719-B519C6ED5984}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DC600087-40D3-475E-8763-E814AAA88979}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7B83FF1-5242-4C72-BC45-B7A8BD11E4D2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F42B2411-AC9E-45FF-9FCB-478061F9824C}" = lport=138 | protocol=17 | dir=in | app=system |
"{F96E8962-0805-4D65-B7A4-A876A710CE2E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C0032C-7547-4A34-9297-49ED54AFE157}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0A60BF50-5E7D-47C7-9A8E-A7B3609D4F00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A818987-60F6-4815-9B59-5CE988C6D865}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1177FD38-3FE9-46CC-AA4D-57EE428A5420}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1352EB93-AB2F-42CD-BB16-8C9AFB216D7D}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{16411F85-F575-4E02-8407-9B006D090BD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D0357FB-AB53-401E-99AA-0B057AD2A8EA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23EDA0CD-2A1B-42AD-A509-432308E93056}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2812FD03-E69C-4312-92CA-C09D6A264479}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{283988D9-D2D9-42DC-A2F9-5666BD2243C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3293DC7F-76B5-4E65-A634-309F039530EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{548AB2D9-0AB7-407A-91AD-0DA384939289}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{57297EC3-91FC-405D-B406-60BC6C851546}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58A48634-20B2-4602-8173-C122CC496256}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AE18A9B-D5C6-4EB7-9B9F-40A6892D6D4E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E814376-49A2-4CD1-9466-E5057943E733}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{74A35CE4-6C9B-4834-B665-BB1F90C30EA4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7D38A5E3-5CEE-475F-9613-870711171ED8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8E5B143F-12DD-487B-89C1-6DD41132655C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{974962AE-3398-4F9E-9C43-95B4FA2996CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B5E1C61A-67D9-4B4E-B9FE-48D8FDF2912D}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{BF121BBD-62E4-4AFE-8E33-DFC88631DA3B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CD56C03A-D1B5-46B2-B5CA-EE4249B996FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0F8AC9B-F3D9-4179-91B7-6475BB0C37AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3F8208C-A328-40E3-ACF5-3B60AA1AC47E}" = protocol=6 | dir=out | app=system |
"{E1D1FF8A-206E-4A89-B5A9-62882D145DCE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E2720312-2685-42B4-BD4C-A44389D290F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E2DCC10A-F18C-4451-95AA-4827FC5774C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E7D4BD85-D3BE-4ED7-AF9A-DE3101F24B84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA12553A-408E-428A-9DA5-E86386216B61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F03C1724-293B-4063-81F7-E9EEAD60EFC5}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{F1409DEC-0A80-4195-8611-84EF8C99B414}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F712BC35-69C9-4045-8D23-9DF9648D8172}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5F327654-BF89-4BC0-B790-E1C8608105AB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{728D7007-5E84-430C-89F4-43B075186454}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{B9CBE8DB-D34F-44A2-B74E-D4731326EB69}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{BBB10971-6B7B-481E-B5A2-6194F917AC5E}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4846CB12-8E8E-40B9-A4F8-ECE15A3E8D01}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{92013EC0-F127-4FA1-BA35-D891E4C0B857}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A6F4C9FC-B19F-4F0A-A5AE-5E3FAA868E01}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{C2F3D2A0-7CCE-45A3-9D1A-96EC658A6B1A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Install Absolute Data Protect
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76C064E2-BB99-4453-8FDA-42BC01AD0734}" = Control ActiveX del Windows Live Mesh per a connexions remotes
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"7289-1030-5602-7421" = JDownloader 0.9
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.6
"ElsterFormular" = ElsterFormular
"eMule" = eMule
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.21.1212
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"HaaliMkx" = Haali Media Splitter
"Identity Card" = Identity Card
"Indeo® software" = Indeo® software
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"TEW2005" = TEW2005
"Texmaker" = Texmaker
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"WaveLabPro" = WaveLab 6
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YTdetect" = Yahoo! Detect
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2013 06:43:45 | Computer Name = Schreibmaschine | Source = Windows Backup | ID = 4103
Description =
Error - 15.04.2013 09:37:40 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description =
Error - 15.04.2013 11:24:43 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description =
Error - 15.04.2013 18:54:15 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description =
Error - 16.04.2013 04:13:50 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description =
Error - 16.04.2013 04:54:08 | Computer Name = Schreibmaschine | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\NTI\acer backup manager\OutlookMsgNet64.exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition:
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 16.04.2013 04:54:12 | Computer Name = Schreibmaschine | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\NTI\acer backup manager\Migrate\OutlookMsgNet64.exe". Fehler in Manifest-
oder Richtliniendatei "c:\program files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition:
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 16.04.2013 04:55:42 | Computer Name = Schreibmaschine | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 16.04.2013 06:40:42 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description =
Error - 16.04.2013 07:45:52 | Computer Name = Schreibmaschine | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.05.2013 07:30:12 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 25.05.2013 15:25:38 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 26.05.2013 05:34:50 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 26.05.2013 11:00:40 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 26.05.2013 16:06:15 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.05.2013 03:56:17 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.05.2013 03:14:28 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.05.2013 04:03:37 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.05.2013 05:38:13 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.05.2013 07:33:07 | Computer Name = Schreibmaschine | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-28 14:11:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\RALFSC~1\AppData\Local\Temp\pfecrfod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002e01000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002e0102f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[1148] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[1148] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3044:2044] 000007fef7cf9688
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: SCHREIBMASCHINE [Administrator] 28.05.2013 12:15:18 mbam-log-2013-05-28 (12-15-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 400767 Laufzeit: 1 Stunde(n), 14 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Roaming\skype.dat (Trojan.Ransom.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
28.05.2013, 13:42
| #2 |
| /// Malware-holic   | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
28.05.2013, 13:49
| #3 |
| | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Hallo Markus!
__________________Hab schon einmal vielen Dank für die schnelle Reaktion. Der TDSSKiller ergibt Folgendes: Code:
ATTFilter 14:45:36.0804 0604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:45:37.0011 0604 ============================================================
14:45:37.0011 0604 Current date / time: 2013/05/28 14:45:37.0011
14:45:37.0012 0604 SystemInfo:
14:45:37.0012 0604
14:45:37.0012 0604 OS Version: 6.1.7601 ServicePack: 1.0
14:45:37.0012 0604 Product type: Workstation
14:45:37.0012 0604 ComputerName: SCHREIBMASCHINE
14:45:37.0012 0604 UserName: ***
14:45:37.0012 0604 Windows directory: C:\Windows
14:45:37.0012 0604 System windows directory: C:\Windows
14:45:37.0012 0604 Running under WOW64
14:45:37.0012 0604 Processor architecture: Intel x64
14:45:37.0012 0604 Number of processors: 2
14:45:37.0012 0604 Page size: 0x1000
14:45:37.0012 0604 Boot type: Normal boot
14:45:37.0012 0604 ============================================================
14:45:37.0535 0604 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:45:37.0542 0604 ============================================================
14:45:37.0542 0604 \Device\Harddisk0\DR0:
14:45:37.0546 0604 MBR partitions:
14:45:37.0546 0604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
14:45:37.0546 0604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
14:45:37.0546 0604 ============================================================
14:45:37.0577 0604 C: <-> \Device\Harddisk0\DR0\Partition2
14:45:37.0577 0604 ============================================================
14:45:37.0577 0604 Initialize success
14:45:37.0577 0604 ============================================================
14:46:22.0458 2072 ============================================================
14:46:22.0458 2072 Scan started
14:46:22.0458 2072 Mode: Manual; SigCheck; TDLFS;
14:46:22.0458 2072 ============================================================
14:46:22.0873 2072 ================ Scan system memory ========================
14:46:22.0873 2072 System memory - ok
14:46:22.0874 2072 ================ Scan services =============================
14:46:23.0081 2072 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:46:23.0152 2072 1394ohci - ok
14:46:23.0216 2072 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:46:23.0257 2072 ACPI - ok
14:46:23.0287 2072 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:46:23.0307 2072 AcpiPmi - ok
14:46:23.0422 2072 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:46:23.0445 2072 AdobeARMservice - ok
14:46:23.0614 2072 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:46:23.0645 2072 AdobeFlashPlayerUpdateSvc - ok
14:46:23.0702 2072 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:46:23.0730 2072 adp94xx - ok
14:46:23.0801 2072 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:46:23.0837 2072 adpahci - ok
14:46:23.0876 2072 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:46:23.0893 2072 adpu320 - ok
14:46:23.0920 2072 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:46:23.0971 2072 AeLookupSvc - ok
14:46:24.0036 2072 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:46:24.0070 2072 AFD - ok
14:46:24.0097 2072 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:46:24.0113 2072 agp440 - ok
14:46:24.0130 2072 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:46:24.0150 2072 ALG - ok
14:46:24.0162 2072 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:46:24.0176 2072 aliide - ok
14:46:24.0190 2072 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:46:24.0203 2072 amdide - ok
14:46:24.0224 2072 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:46:24.0241 2072 AmdK8 - ok
14:46:24.0261 2072 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:46:24.0278 2072 AmdPPM - ok
14:46:24.0296 2072 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:46:24.0314 2072 amdsata - ok
14:46:24.0339 2072 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:46:24.0356 2072 amdsbs - ok
14:46:24.0374 2072 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:46:24.0388 2072 amdxata - ok
14:46:24.0498 2072 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:46:24.0521 2072 AntiVirSchedulerService - ok
14:46:24.0563 2072 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:46:24.0586 2072 AntiVirService - ok
14:46:24.0630 2072 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:46:24.0691 2072 AppID - ok
14:46:24.0734 2072 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:46:24.0776 2072 AppIDSvc - ok
14:46:24.0824 2072 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
14:46:24.0854 2072 Appinfo - ok
14:46:24.0877 2072 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:46:24.0895 2072 arc - ok
14:46:24.0913 2072 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:46:24.0931 2072 arcsas - ok
14:46:24.0965 2072 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:46:25.0019 2072 AsyncMac - ok
14:46:25.0048 2072 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:46:25.0061 2072 atapi - ok
14:46:25.0164 2072 [ DE9FB3DADE8FD39AE2C587DF22D36B8E ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:46:25.0283 2072 athr - ok
14:46:25.0376 2072 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
14:46:25.0417 2072 atksgt - ok
14:46:25.0452 2072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:46:25.0507 2072 AudioEndpointBuilder - ok
14:46:25.0518 2072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:46:25.0567 2072 AudioSrv - ok
14:46:25.0609 2072 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:46:25.0635 2072 avgntflt - ok
14:46:25.0692 2072 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:46:25.0710 2072 avipbb - ok
14:46:25.0785 2072 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:46:25.0808 2072 avkmgr - ok
14:46:25.0849 2072 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:46:25.0874 2072 AxInstSV - ok
14:46:25.0925 2072 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:46:25.0968 2072 b06bdrv - ok
14:46:25.0988 2072 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:46:26.0011 2072 b57nd60a - ok
14:46:26.0086 2072 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:46:26.0119 2072 BBSvc - ok
14:46:26.0150 2072 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:46:26.0167 2072 BBUpdate - ok
14:46:26.0190 2072 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:46:26.0215 2072 BDESVC - ok
14:46:26.0224 2072 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:46:26.0268 2072 Beep - ok
14:46:26.0322 2072 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:46:26.0378 2072 BFE - ok
14:46:26.0430 2072 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:46:26.0516 2072 BITS - ok
14:46:26.0548 2072 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:46:26.0562 2072 blbdrive - ok
14:46:26.0597 2072 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:46:26.0636 2072 bowser - ok
14:46:26.0681 2072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:46:26.0708 2072 BrFiltLo - ok
14:46:26.0725 2072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:46:26.0743 2072 BrFiltUp - ok
14:46:26.0795 2072 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:46:26.0833 2072 Browser - ok
14:46:26.0856 2072 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:46:26.0887 2072 Brserid - ok
14:46:26.0903 2072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:46:26.0924 2072 BrSerWdm - ok
14:46:26.0929 2072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:46:26.0952 2072 BrUsbMdm - ok
14:46:26.0957 2072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:46:26.0971 2072 BrUsbSer - ok
14:46:27.0006 2072 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:46:27.0024 2072 BTHMODEM - ok
14:46:27.0048 2072 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:46:27.0094 2072 bthserv - ok
14:46:27.0106 2072 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:46:27.0153 2072 cdfs - ok
14:46:27.0183 2072 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:46:27.0198 2072 cdrom - ok
14:46:27.0218 2072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:46:27.0263 2072 CertPropSvc - ok
14:46:27.0290 2072 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:46:27.0307 2072 circlass - ok
14:46:27.0333 2072 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:46:27.0353 2072 CLFS - ok
14:46:27.0427 2072 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:27.0449 2072 clr_optimization_v2.0.50727_32 - ok
14:46:27.0504 2072 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:46:27.0527 2072 clr_optimization_v2.0.50727_64 - ok
14:46:27.0632 2072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:27.0661 2072 clr_optimization_v4.0.30319_32 - ok
14:46:27.0693 2072 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:46:27.0707 2072 clr_optimization_v4.0.30319_64 - ok
14:46:27.0743 2072 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:46:27.0772 2072 CmBatt - ok
14:46:27.0787 2072 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:46:27.0802 2072 cmdide - ok
14:46:27.0858 2072 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:46:27.0888 2072 CNG - ok
14:46:27.0921 2072 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:46:27.0934 2072 Compbatt - ok
14:46:27.0962 2072 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:46:27.0983 2072 CompositeBus - ok
14:46:28.0001 2072 COMSysApp - ok
14:46:28.0024 2072 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:46:28.0039 2072 crcdisk - ok
14:46:28.0096 2072 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:46:28.0139 2072 CryptSvc - ok
14:46:28.0181 2072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:46:28.0240 2072 DcomLaunch - ok
14:46:28.0272 2072 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:46:28.0321 2072 defragsvc - ok
14:46:28.0331 2072 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:46:28.0375 2072 DfsC - ok
14:46:28.0409 2072 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:46:28.0434 2072 Dhcp - ok
14:46:28.0465 2072 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:46:28.0511 2072 discache - ok
14:46:28.0543 2072 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:46:28.0558 2072 Disk - ok
14:46:28.0573 2072 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:46:28.0594 2072 Dnscache - ok
14:46:28.0613 2072 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:46:28.0659 2072 dot3svc - ok
14:46:28.0676 2072 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:46:28.0719 2072 DPS - ok
14:46:28.0750 2072 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:46:28.0767 2072 drmkaud - ok
14:46:28.0826 2072 [ AEA290020589EAF37BA17BA4B0C60937 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:46:28.0843 2072 DsiWMIService - ok
14:46:28.0912 2072 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:46:28.0981 2072 DXGKrnl - ok
14:46:29.0005 2072 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:46:29.0050 2072 EapHost - ok
14:46:29.0151 2072 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:46:29.0258 2072 ebdrv - ok
14:46:29.0304 2072 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:46:29.0338 2072 EFS - ok
14:46:29.0413 2072 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:46:29.0456 2072 ehRecvr - ok
14:46:29.0476 2072 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:46:29.0493 2072 ehSched - ok
14:46:29.0533 2072 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:46:29.0560 2072 elxstor - ok
14:46:29.0671 2072 [ AC5C64F828C0A6A1350971501AC2A0C7 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:46:29.0746 2072 ePowerSvc - ok
14:46:29.0758 2072 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:46:29.0774 2072 ErrDev - ok
14:46:29.0814 2072 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:46:29.0864 2072 EventSystem - ok
14:46:29.0889 2072 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:46:29.0938 2072 exfat - ok
14:46:29.0956 2072 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:46:30.0002 2072 fastfat - ok
14:46:30.0044 2072 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:46:30.0080 2072 Fax - ok
14:46:30.0097 2072 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:46:30.0112 2072 fdc - ok
14:46:30.0142 2072 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:46:30.0186 2072 fdPHost - ok
14:46:30.0196 2072 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:46:30.0241 2072 FDResPub - ok
14:46:30.0264 2072 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:46:30.0278 2072 FileInfo - ok
14:46:30.0293 2072 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:46:30.0336 2072 Filetrace - ok
14:46:30.0404 2072 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:46:30.0440 2072 FLEXnet Licensing Service - ok
14:46:30.0468 2072 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:46:30.0484 2072 flpydisk - ok
14:46:30.0501 2072 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:46:30.0522 2072 FltMgr - ok
14:46:30.0597 2072 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
14:46:30.0675 2072 FontCache - ok
14:46:30.0726 2072 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:46:30.0744 2072 FontCache3.0.0.0 - ok
14:46:30.0763 2072 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:46:30.0785 2072 FsDepends - ok
14:46:30.0837 2072 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:46:30.0862 2072 Fs_Rec - ok
14:46:30.0923 2072 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:46:30.0957 2072 fvevol - ok
14:46:30.0985 2072 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:46:30.0999 2072 gagp30kx - ok
14:46:31.0041 2072 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:46:31.0121 2072 gpsvc - ok
14:46:31.0200 2072 [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:46:31.0218 2072 GREGService - ok
14:46:31.0246 2072 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:46:31.0282 2072 hcw85cir - ok
14:46:31.0318 2072 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:46:31.0352 2072 HdAudAddService - ok
14:46:31.0381 2072 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:46:31.0401 2072 HDAudBus - ok
14:46:31.0436 2072 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
14:46:31.0448 2072 HECIx64 - ok
14:46:31.0465 2072 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:46:31.0480 2072 HidBatt - ok
14:46:31.0496 2072 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:46:31.0518 2072 HidBth - ok
14:46:31.0540 2072 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:46:31.0560 2072 HidIr - ok
14:46:31.0595 2072 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:46:31.0645 2072 hidserv - ok
14:46:31.0699 2072 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:46:31.0727 2072 HidUsb - ok
14:46:31.0808 2072 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:46:31.0900 2072 hkmsvc - ok
14:46:31.0934 2072 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:46:31.0953 2072 HomeGroupListener - ok
14:46:31.0982 2072 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:46:31.0999 2072 HomeGroupProvider - ok
14:46:32.0022 2072 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:46:32.0038 2072 HpSAMD - ok
14:46:32.0094 2072 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:46:32.0167 2072 HTTP - ok
14:46:32.0176 2072 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:46:32.0188 2072 hwpolicy - ok
14:46:32.0230 2072 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:46:32.0247 2072 i8042prt - ok
14:46:32.0294 2072 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
14:46:32.0311 2072 iaStor - ok
14:46:32.0337 2072 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:46:32.0360 2072 iaStorV - ok
14:46:32.0468 2072 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:46:32.0479 2072 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:46:32.0479 2072 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:46:32.0547 2072 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:46:32.0631 2072 idsvc - ok
14:46:32.0913 2072 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:46:33.0287 2072 igfx - ok
14:46:33.0328 2072 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:46:33.0343 2072 iirsp - ok
14:46:33.0387 2072 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:46:33.0498 2072 IKEEXT - ok
14:46:33.0530 2072 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
14:46:33.0558 2072 Impcd - ok
14:46:33.0656 2072 [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:46:33.0769 2072 IntcAzAudAddService - ok
14:46:33.0785 2072 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:46:33.0798 2072 intelide - ok
14:46:33.0827 2072 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:46:33.0843 2072 intelppm - ok
14:46:33.0883 2072 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:46:33.0945 2072 IPBusEnum - ok
14:46:33.0958 2072 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:46:34.0000 2072 IpFilterDriver - ok
14:46:34.0084 2072 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:46:34.0136 2072 iphlpsvc - ok
14:46:34.0159 2072 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:46:34.0183 2072 IPMIDRV - ok
14:46:34.0203 2072 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:46:34.0252 2072 IPNAT - ok
14:46:34.0283 2072 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:46:34.0302 2072 IRENUM - ok
14:46:34.0324 2072 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:46:34.0338 2072 isapnp - ok
14:46:34.0355 2072 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:46:34.0375 2072 iScsiPrt - ok
14:46:34.0418 2072 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:46:34.0429 2072 IviRegMgr - ok
14:46:34.0463 2072 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
14:46:34.0484 2072 k57nd60a - ok
14:46:34.0508 2072 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:46:34.0522 2072 kbdclass - ok
14:46:34.0554 2072 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:46:34.0568 2072 kbdhid - ok
14:46:34.0582 2072 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:46:34.0596 2072 KeyIso - ok
14:46:34.0638 2072 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:46:34.0670 2072 KSecDD - ok
14:46:34.0677 2072 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:46:34.0693 2072 KSecPkg - ok
14:46:34.0710 2072 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:46:34.0755 2072 ksthunk - ok
14:46:34.0796 2072 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:46:34.0846 2072 KtmRm - ok
14:46:34.0883 2072 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:46:34.0932 2072 LanmanServer - ok
14:46:34.0959 2072 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:46:35.0003 2072 LanmanWorkstation - ok
14:46:35.0099 2072 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
14:46:35.0107 2072 LicCtrlService ( UnsignedFile.Multi.Generic ) - warning
14:46:35.0107 2072 LicCtrlService - detected UnsignedFile.Multi.Generic (1)
14:46:35.0199 2072 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
14:46:35.0221 2072 lirsgt - ok
14:46:35.0267 2072 [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:46:35.0294 2072 Live Updater Service - ok
14:46:35.0324 2072 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:46:35.0374 2072 lltdio - ok
14:46:35.0399 2072 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:46:35.0448 2072 lltdsvc - ok
14:46:35.0469 2072 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:46:35.0518 2072 lmhosts - ok
14:46:35.0604 2072 [ 9D8B95C0EAE145C46BC4A727B23DA395 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:46:35.0620 2072 LMS - ok
14:46:35.0672 2072 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:46:35.0687 2072 LSI_FC - ok
14:46:35.0700 2072 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:46:35.0715 2072 LSI_SAS - ok
14:46:35.0729 2072 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:46:35.0743 2072 LSI_SAS2 - ok
14:46:35.0763 2072 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:46:35.0778 2072 LSI_SCSI - ok
14:46:35.0801 2072 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:46:35.0845 2072 luafv - ok
14:46:35.0848 2072 McAfee SiteAdvisor Service - ok
14:46:35.0871 2072 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:46:35.0887 2072 Mcx2Svc - ok
14:46:35.0908 2072 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:46:35.0921 2072 megasas - ok
14:46:35.0944 2072 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:46:35.0964 2072 MegaSR - ok
14:46:36.0064 2072 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:46:36.0089 2072 Microsoft Office Groove Audit Service - ok
14:46:36.0120 2072 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:46:36.0164 2072 MMCSS - ok
14:46:36.0183 2072 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:46:36.0227 2072 Modem - ok
14:46:36.0265 2072 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:46:36.0283 2072 monitor - ok
14:46:36.0334 2072 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:46:36.0347 2072 mouclass - ok
14:46:36.0371 2072 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:46:36.0388 2072 mouhid - ok
14:46:36.0401 2072 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:46:36.0418 2072 mountmgr - ok
14:46:36.0490 2072 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:46:36.0504 2072 MozillaMaintenance - ok
14:46:36.0540 2072 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:46:36.0555 2072 mpio - ok
14:46:36.0615 2072 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:46:36.0672 2072 mpsdrv - ok
14:46:36.0715 2072 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:46:36.0771 2072 MpsSvc - ok
14:46:36.0778 2072 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:46:36.0800 2072 MRxDAV - ok
14:46:36.0811 2072 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:46:36.0842 2072 mrxsmb - ok
14:46:36.0865 2072 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:46:36.0882 2072 mrxsmb10 - ok
14:46:36.0902 2072 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:46:36.0917 2072 mrxsmb20 - ok
14:46:36.0930 2072 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:46:36.0943 2072 msahci - ok
14:46:36.0960 2072 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:46:36.0975 2072 msdsm - ok
14:46:36.0994 2072 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:46:37.0011 2072 MSDTC - ok
14:46:37.0027 2072 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:46:37.0070 2072 Msfs - ok
14:46:37.0097 2072 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:46:37.0139 2072 mshidkmdf - ok
14:46:37.0154 2072 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:46:37.0166 2072 msisadrv - ok
14:46:37.0200 2072 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:46:37.0249 2072 MSiSCSI - ok
14:46:37.0252 2072 msiserver - ok
14:46:37.0278 2072 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:46:37.0324 2072 MSKSSRV - ok
14:46:37.0351 2072 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:46:37.0393 2072 MSPCLOCK - ok
14:46:37.0406 2072 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:46:37.0448 2072 MSPQM - ok
14:46:37.0472 2072 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:46:37.0492 2072 MsRPC - ok
14:46:37.0507 2072 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:46:37.0520 2072 mssmbios - ok
14:46:37.0524 2072 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:46:37.0567 2072 MSTEE - ok
14:46:37.0589 2072 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:46:37.0602 2072 MTConfig - ok
14:46:37.0619 2072 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:46:37.0633 2072 Mup - ok
14:46:37.0664 2072 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:46:37.0715 2072 napagent - ok
14:46:37.0765 2072 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:46:37.0810 2072 NativeWifiP - ok
14:46:37.0881 2072 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:46:37.0947 2072 NDIS - ok
14:46:37.0979 2072 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:46:38.0021 2072 NdisCap - ok
14:46:38.0044 2072 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:46:38.0087 2072 NdisTapi - ok
14:46:38.0115 2072 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:46:38.0157 2072 Ndisuio - ok
14:46:38.0171 2072 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:46:38.0215 2072 NdisWan - ok
14:46:38.0229 2072 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:46:38.0271 2072 NDProxy - ok
14:46:38.0282 2072 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:46:38.0326 2072 NetBIOS - ok
14:46:38.0347 2072 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:46:38.0393 2072 NetBT - ok
14:46:38.0404 2072 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:46:38.0417 2072 Netlogon - ok
14:46:38.0463 2072 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:46:38.0529 2072 Netman - ok
14:46:38.0550 2072 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:46:38.0602 2072 netprofm - ok
14:46:38.0630 2072 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:46:38.0641 2072 NetTcpPortSharing - ok
14:46:38.0663 2072 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:46:38.0677 2072 nfrd960 - ok
14:46:38.0696 2072 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:46:38.0715 2072 NlaSvc - ok
14:46:38.0731 2072 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:46:38.0775 2072 Npfs - ok
14:46:38.0793 2072 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:46:38.0837 2072 nsi - ok
14:46:38.0841 2072 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:46:38.0884 2072 nsiproxy - ok
14:46:38.0972 2072 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:46:39.0067 2072 Ntfs - ok
14:46:39.0118 2072 [ 1873214666F6F0A883742DF91FBC48C9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
14:46:39.0144 2072 NTI IScheduleSvc - ok
14:46:39.0179 2072 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
14:46:39.0197 2072 NTIDrvr - ok
14:46:39.0215 2072 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:46:39.0278 2072 Null - ok
14:46:39.0296 2072 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:46:39.0313 2072 nvraid - ok
14:46:39.0333 2072 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:46:39.0349 2072 nvstor - ok
14:46:39.0367 2072 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:46:39.0382 2072 nv_agp - ok
14:46:39.0460 2072 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:46:39.0496 2072 odserv - ok
14:46:39.0508 2072 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:46:39.0524 2072 ohci1394 - ok
14:46:39.0567 2072 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:46:39.0583 2072 ose - ok
14:46:39.0614 2072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:46:39.0638 2072 p2pimsvc - ok
14:46:39.0677 2072 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:46:39.0702 2072 p2psvc - ok
14:46:39.0732 2072 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:46:39.0758 2072 Parport - ok
14:46:39.0813 2072 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:46:39.0840 2072 partmgr - ok
14:46:39.0879 2072 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:46:39.0920 2072 PcaSvc - ok
14:46:39.0944 2072 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:46:39.0963 2072 pci - ok
14:46:39.0977 2072 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:46:39.0992 2072 pciide - ok
14:46:40.0014 2072 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:46:40.0035 2072 pcmcia - ok
14:46:40.0055 2072 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:46:40.0069 2072 pcw - ok
14:46:40.0098 2072 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:46:40.0154 2072 PEAUTH - ok
14:46:40.0261 2072 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:46:40.0291 2072 PerfHost - ok
14:46:40.0367 2072 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:46:40.0480 2072 pla - ok
14:46:40.0525 2072 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:46:40.0573 2072 PlugPlay - ok
14:46:40.0586 2072 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:46:40.0604 2072 PNRPAutoReg - ok
14:46:40.0625 2072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:46:40.0647 2072 PNRPsvc - ok
14:46:40.0685 2072 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:46:40.0746 2072 PolicyAgent - ok
14:46:40.0762 2072 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:46:40.0808 2072 Power - ok
14:46:40.0834 2072 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:46:40.0879 2072 PptpMiniport - ok
14:46:40.0897 2072 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:46:40.0911 2072 Processor - ok
14:46:40.0945 2072 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:46:40.0966 2072 ProfSvc - ok
14:46:40.0981 2072 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:46:40.0994 2072 ProtectedStorage - ok
14:46:41.0022 2072 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:46:41.0070 2072 Psched - ok
14:46:41.0102 2072 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:46:41.0115 2072 PSI_SVC_2 - ok
14:46:41.0169 2072 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:46:41.0249 2072 ql2300 - ok
14:46:41.0265 2072 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:46:41.0280 2072 ql40xx - ok
14:46:41.0326 2072 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:46:41.0366 2072 QWAVE - ok
14:46:41.0377 2072 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:46:41.0397 2072 QWAVEdrv - ok
14:46:41.0412 2072 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:46:41.0455 2072 RasAcd - ok
14:46:41.0520 2072 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:46:41.0570 2072 RasAgileVpn - ok
14:46:41.0584 2072 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:46:41.0629 2072 RasAuto - ok
14:46:41.0646 2072 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:46:41.0690 2072 Rasl2tp - ok
14:46:41.0713 2072 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:46:41.0761 2072 RasMan - ok
14:46:41.0766 2072 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:46:41.0810 2072 RasPppoe - ok
14:46:41.0829 2072 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:46:41.0872 2072 RasSstp - ok
14:46:41.0895 2072 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:46:41.0941 2072 rdbss - ok
14:46:41.0956 2072 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:46:41.0973 2072 rdpbus - ok
14:46:41.0990 2072 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:46:42.0033 2072 RDPCDD - ok
14:46:42.0044 2072 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:46:42.0086 2072 RDPENCDD - ok
14:46:42.0107 2072 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:46:42.0150 2072 RDPREFMP - ok
14:46:42.0203 2072 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:46:42.0252 2072 RDPWD - ok
14:46:42.0289 2072 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:46:42.0321 2072 rdyboost - ok
14:46:42.0360 2072 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:46:42.0410 2072 RemoteAccess - ok
14:46:42.0456 2072 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:46:42.0503 2072 RemoteRegistry - ok
14:46:42.0521 2072 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:46:42.0569 2072 RpcEptMapper - ok
14:46:42.0594 2072 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:46:42.0610 2072 RpcLocator - ok
14:46:42.0635 2072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:46:42.0688 2072 RpcSs - ok
14:46:42.0727 2072 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:46:42.0770 2072 rspndr - ok
14:46:42.0816 2072 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
14:46:42.0832 2072 RSUSBSTOR - ok
14:46:42.0898 2072 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
14:46:42.0925 2072 RS_Service - ok
14:46:42.0937 2072 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:46:42.0957 2072 SamSs - ok
14:46:42.0975 2072 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:46:42.0997 2072 sbp2port - ok
14:46:43.0024 2072 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:46:43.0073 2072 SCardSvr - ok
14:46:43.0083 2072 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:46:43.0125 2072 scfilter - ok
14:46:43.0156 2072 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:46:43.0258 2072 Schedule - ok
14:46:43.0284 2072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:46:43.0326 2072 SCPolicySvc - ok
14:46:43.0340 2072 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:46:43.0364 2072 SDRSVC - ok
14:46:43.0398 2072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:46:43.0455 2072 secdrv - ok
14:46:43.0465 2072 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:46:43.0508 2072 seclogon - ok
14:46:43.0517 2072 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:46:43.0561 2072 SENS - ok
14:46:43.0577 2072 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:46:43.0602 2072 SensrSvc - ok
14:46:43.0623 2072 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:46:43.0637 2072 Serenum - ok
14:46:43.0653 2072 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:46:43.0670 2072 Serial - ok
14:46:43.0709 2072 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:46:43.0723 2072 sermouse - ok
14:46:43.0772 2072 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:46:43.0815 2072 SessionEnv - ok
14:46:43.0833 2072 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:46:43.0851 2072 sffdisk - ok
14:46:43.0891 2072 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:46:43.0910 2072 sffp_mmc - ok
14:46:43.0977 2072 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:46:44.0006 2072 sffp_sd - ok
14:46:44.0019 2072 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:46:44.0036 2072 sfloppy - ok
14:46:44.0074 2072 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:46:44.0126 2072 SharedAccess - ok
14:46:44.0146 2072 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:46:44.0195 2072 ShellHWDetection - ok
14:46:44.0226 2072 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:46:44.0239 2072 SiSRaid2 - ok
14:46:44.0254 2072 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:46:44.0269 2072 SiSRaid4 - ok
14:46:44.0355 2072 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:46:44.0382 2072 SkypeUpdate - ok
14:46:44.0409 2072 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:46:44.0453 2072 Smb - ok
14:46:44.0510 2072 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:46:44.0541 2072 SNMPTRAP - ok
14:46:44.0558 2072 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:46:44.0580 2072 spldr - ok
14:46:44.0644 2072 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:46:44.0690 2072 Spooler - ok
14:46:44.0781 2072 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:46:44.0942 2072 sppsvc - ok
14:46:44.0963 2072 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:46:45.0007 2072 sppuinotify - ok
14:46:45.0024 2072 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:46:45.0056 2072 srv - ok
14:46:45.0078 2072 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:46:45.0099 2072 srv2 - ok
14:46:45.0111 2072 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:46:45.0128 2072 srvnet - ok
14:46:45.0160 2072 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:46:45.0209 2072 SSDPSRV - ok
14:46:45.0225 2072 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:46:45.0272 2072 SstpSvc - ok
14:46:45.0288 2072 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:46:45.0302 2072 stexstor - ok
14:46:45.0340 2072 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:46:45.0375 2072 stisvc - ok
14:46:45.0386 2072 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:46:45.0399 2072 swenum - ok
14:46:45.0418 2072 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:46:45.0472 2072 swprv - ok
14:46:45.0545 2072 [ BBA2EA927EC5CC5DEF5F1BF2B125C0F7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:46:45.0632 2072 SynTP - ok
14:46:45.0681 2072 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:46:45.0755 2072 SysMain - ok
14:46:45.0771 2072 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:46:45.0796 2072 TabletInputService - ok
14:46:45.0816 2072 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:46:45.0865 2072 TapiSrv - ok
14:46:45.0872 2072 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:46:45.0917 2072 TBS - ok
14:46:46.0013 2072 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:46:46.0121 2072 Tcpip - ok
14:46:46.0161 2072 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:46:46.0210 2072 TCPIP6 - ok
14:46:46.0255 2072 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:46:46.0281 2072 tcpipreg - ok
14:46:46.0345 2072 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:46:46.0382 2072 TDPIPE - ok
14:46:46.0412 2072 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:46:46.0428 2072 TDTCP - ok
14:46:46.0461 2072 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:46:46.0510 2072 tdx - ok
14:46:46.0539 2072 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:46:46.0552 2072 TermDD - ok
14:46:46.0587 2072 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:46:46.0643 2072 TermService - ok
14:46:46.0664 2072 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:46:46.0684 2072 Themes - ok
14:46:46.0697 2072 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:46:46.0740 2072 THREADORDER - ok
14:46:46.0751 2072 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:46:46.0795 2072 TrkWks - ok
14:46:46.0858 2072 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:46:46.0918 2072 TrustedInstaller - ok
14:46:46.0924 2072 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:46:46.0967 2072 tssecsrv - ok
14:46:47.0007 2072 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:46:47.0033 2072 TsUsbFlt - ok
14:46:47.0051 2072 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:46:47.0066 2072 TsUsbGD - ok
14:46:47.0100 2072 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:46:47.0146 2072 tunnel - ok
14:46:47.0164 2072 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:46:47.0178 2072 uagp35 - ok
14:46:47.0194 2072 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
14:46:47.0205 2072 UBHelper - ok
14:46:47.0222 2072 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:46:47.0269 2072 udfs - ok
14:46:47.0297 2072 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:46:47.0312 2072 UI0Detect - ok
14:46:47.0372 2072 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
14:46:47.0380 2072 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
14:46:47.0380 2072 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
14:46:47.0399 2072 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:46:47.0415 2072 uliagpkx - ok
14:46:47.0436 2072 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:46:47.0451 2072 umbus - ok
14:46:47.0464 2072 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:46:47.0479 2072 UmPass - ok
14:46:47.0593 2072 [ 0B0B9F55B12767A755932C26B5FED715 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:46:47.0697 2072 UNS - ok
14:46:47.0751 2072 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:46:47.0815 2072 upnphost - ok
14:46:47.0826 2072 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:46:47.0840 2072 usbccgp - ok
14:46:47.0873 2072 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:46:47.0893 2072 usbcir - ok
14:46:47.0914 2072 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:46:47.0929 2072 usbehci - ok
14:46:47.0962 2072 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
14:46:47.0982 2072 usbhub - ok
14:46:48.0002 2072 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:46:48.0016 2072 usbohci - ok
14:46:48.0029 2072 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:46:48.0048 2072 usbprint - ok
14:46:48.0068 2072 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:46:48.0095 2072 USBSTOR - ok
14:46:48.0115 2072 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:46:48.0130 2072 usbuhci - ok
14:46:48.0164 2072 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:46:48.0188 2072 usbvideo - ok
14:46:48.0217 2072 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:46:48.0264 2072 UxSms - ok
14:46:48.0281 2072 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:46:48.0294 2072 VaultSvc - ok
14:46:48.0327 2072 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:46:48.0339 2072 vdrvroot - ok
14:46:48.0364 2072 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:46:48.0415 2072 vds - ok
14:46:48.0436 2072 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:46:48.0453 2072 vga - ok
14:46:48.0474 2072 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:46:48.0516 2072 VgaSave - ok
14:46:48.0530 2072 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:46:48.0546 2072 vhdmp - ok
14:46:48.0561 2072 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:46:48.0574 2072 viaide - ok
14:46:48.0586 2072 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:46:48.0599 2072 volmgr - ok
14:46:48.0618 2072 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:46:48.0637 2072 volmgrx - ok
14:46:48.0650 2072 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:46:48.0668 2072 volsnap - ok
14:46:48.0694 2072 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:46:48.0709 2072 vsmraid - ok
14:46:48.0759 2072 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:46:48.0847 2072 VSS - ok
14:46:48.0862 2072 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:46:48.0879 2072 vwifibus - ok
14:46:48.0909 2072 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:46:48.0928 2072 vwififlt - ok
14:46:48.0942 2072 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:46:48.0991 2072 W32Time - ok
14:46:49.0014 2072 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:46:49.0028 2072 WacomPen - ok
14:46:49.0060 2072 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:46:49.0105 2072 WANARP - ok
14:46:49.0122 2072 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:46:49.0164 2072 Wanarpv6 - ok
14:46:49.0207 2072 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:46:49.0279 2072 wbengine - ok
14:46:49.0297 2072 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:46:49.0324 2072 WbioSrvc - ok
14:46:49.0339 2072 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:46:49.0368 2072 wcncsvc - ok
14:46:49.0386 2072 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:46:49.0407 2072 WcsPlugInService - ok
14:46:49.0423 2072 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:46:49.0435 2072 Wd - ok
14:46:49.0510 2072 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:46:49.0562 2072 Wdf01000 - ok
14:46:49.0581 2072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:46:49.0606 2072 WdiServiceHost - ok
14:46:49.0611 2072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:46:49.0634 2072 WdiSystemHost - ok
14:46:49.0647 2072 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:46:49.0676 2072 WebClient - ok
14:46:49.0691 2072 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:46:49.0739 2072 Wecsvc - ok
14:46:49.0752 2072 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:46:49.0797 2072 wercplsupport - ok
14:46:49.0822 2072 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:46:49.0868 2072 WerSvc - ok
14:46:49.0905 2072 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:46:49.0963 2072 WfpLwf - ok
14:46:49.0982 2072 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:46:49.0994 2072 WIMMount - ok
14:46:50.0015 2072 WinDefend - ok
14:46:50.0019 2072 WinHttpAutoProxySvc - ok
14:46:50.0085 2072 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:46:50.0154 2072 Winmgmt - ok
14:46:50.0199 2072 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:46:50.0323 2072 WinRM - ok
14:46:50.0370 2072 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:46:50.0411 2072 Wlansvc - ok
14:46:50.0479 2072 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:46:50.0502 2072 wlcrasvc - ok
14:46:50.0630 2072 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:46:50.0725 2072 wlidsvc - ok
14:46:50.0743 2072 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:46:50.0758 2072 WmiAcpi - ok
14:46:50.0793 2072 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:46:50.0812 2072 wmiApSrv - ok
14:46:50.0855 2072 WMPNetworkSvc - ok
14:46:50.0877 2072 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:46:50.0901 2072 WPCSvc - ok
14:46:50.0919 2072 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:46:50.0940 2072 WPDBusEnum - ok
14:46:50.0963 2072 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:46:51.0010 2072 ws2ifsl - ok
14:46:51.0026 2072 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:46:51.0048 2072 wscsvc - ok
14:46:51.0052 2072 WSearch - ok
14:46:51.0143 2072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:46:51.0255 2072 wuauserv - ok
14:46:51.0307 2072 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:46:51.0330 2072 WudfPf - ok
14:46:51.0354 2072 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:46:51.0371 2072 WUDFRd - ok
14:46:51.0454 2072 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:46:51.0483 2072 wudfsvc - ok
14:46:51.0564 2072 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
14:46:51.0648 2072 WwanSvc - ok
14:46:51.0669 2072 ================ Scan global ===============================
14:46:51.0687 2072 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:46:51.0745 2072 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:46:51.0758 2072 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:46:51.0810 2072 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:46:51.0845 2072 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:46:51.0852 2072 [Global] - ok
14:46:51.0853 2072 ================ Scan MBR ==================================
14:46:51.0867 2072 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:46:52.0365 2072 \Device\Harddisk0\DR0 - ok
14:46:52.0366 2072 ================ Scan VBR ==================================
14:46:52.0371 2072 [ 1661ABB4DFD4813B5EB358FEFD2CEE75 ] \Device\Harddisk0\DR0\Partition1
14:46:52.0374 2072 \Device\Harddisk0\DR0\Partition1 - ok
14:46:52.0411 2072 [ D6F9B7741827FB0A1C062AEC89EB3404 ] \Device\Harddisk0\DR0\Partition2
14:46:52.0414 2072 \Device\Harddisk0\DR0\Partition2 - ok
14:46:52.0415 2072 ============================================================
14:46:52.0415 2072 Scan finished
14:46:52.0415 2072 ============================================================
14:46:52.0434 0688 Detected object count: 3
14:46:52.0434 0688 Actual detected object count: 3
14:47:13.0447 0688 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:13.0447 0688 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:13.0448 0688 LicCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:13.0448 0688 LicCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:13.0448 0688 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:13.0448 0688 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
28.05.2013, 13:50
| #4 |
| /// Malware-holic | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 15:52
| #5 |
| | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Auch Combofix ist jetzt durchgelaufen, hier die Logfile: Code:
ATTFilter ComboFix 13-05-28.02 - *** 28.05.2013 16:37:15.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3764.2325 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-28 bis 2013-05-28 ))))))))))))))))))))))))))))))
.
.
2013-05-28 14:45 . 2013-05-28 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-28 10:13 . 2013-05-28 10:13 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-05-28 10:13 . 2013-05-28 10:13 -------- d-----w- c:\programdata\Malwarebytes
2013-05-28 10:13 . 2013-05-28 10:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-28 10:13 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-28 08:05 . 2013-05-28 08:05 -------- d-----w- c:\users\***\AppData\Local\{BE960C05-EB43-4F17-82F2-DC2171A06762}
2013-05-28 07:20 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6F17C6F-2954-4BE7-9D51-F2F66F088CA0}\mpengine.dll
2013-05-27 08:00 . 2013-05-27 08:01 -------- d-----w- c:\users\***\AppData\Local\{8A24FF27-909D-43CA-B23F-0E651CEA0C37}
2013-05-26 09:57 . 2013-05-26 09:57 -------- d-----w- c:\users\***\AppData\Local\{70B55D86-F18F-45F2-AA38-C226983AD6B1}
2013-05-25 12:50 . 2013-05-25 12:51 -------- d-----w- c:\users\***\AppData\Local\{80CD9A1B-7CB6-4AC1-A49C-D444A9B6278C}
2013-05-24 09:25 . 2013-05-24 09:26 -------- d-----w- c:\users\***\AppData\Local\{A3CD1F48-A6BD-478A-BF5F-D44700F8FD67}
2013-05-23 07:07 . 2013-05-23 07:07 -------- d-----w- c:\users\***\AppData\Local\{5A2660A5-E07A-4471-A934-79F4E96370DC}
2013-05-21 22:29 . 2013-05-21 22:29 -------- d-----w- c:\users\***\AppData\Local\{88B2E5AE-E51D-4715-9878-EF6E1F68CAD4}
2013-05-21 09:43 . 2013-05-21 09:43 -------- d-----w- c:\users\***\AppData\Local\{4207ABB0-1805-4BAD-92C2-B251A2BC0299}
2013-05-20 17:14 . 2013-05-20 17:15 -------- d-----w- c:\users\***\AppData\Local\{ABF4ED34-7FC2-4B88-A52E-92C7D96BC88A}
2013-05-15 21:09 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-15 21:09 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 21:09 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-15 21:08 . 2013-04-05 01:55 182896 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-05-15 21:08 . 2013-04-05 00:51 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-15 21:08 . 2013-04-04 22:47 149632 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-05-15 21:08 . 2013-04-05 00:58 548864 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-05-15 21:08 . 2013-04-05 00:54 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-05-15 21:08 . 2013-04-04 22:00 768512 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-15 21:08 . 2013-04-04 22:00 194560 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-05-15 21:08 . 2013-04-04 21:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-15 20:50 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 08:45 . 2013-05-15 08:45 -------- d-----w- c:\users\***\AppData\Local\{6F415FFF-0198-416C-8241-8FE31DF2A29D}
2013-05-15 07:55 . 2013-05-15 07:55 -------- d-----w- c:\users\***\AppData\Local\{A1411827-AFE7-4F45-A84A-CA0FCC7F6B3F}
2013-05-14 12:11 . 2013-05-14 12:11 -------- d-----w- c:\users\***\AppData\Local\{6AF18987-0C7D-4C10-BB41-CF68F046601E}
2013-05-13 20:08 . 2013-05-13 20:09 -------- d-----w- c:\users\***\AppData\Local\{487E4C33-7739-48D2-A78C-F755D47AE2CE}
2013-05-13 07:52 . 2013-05-13 07:52 -------- d-----w- c:\users\***\AppData\Local\{334BD2C4-3334-4A6E-A06C-EB858D38E881}
2013-05-12 14:55 . 2013-05-12 14:55 -------- d-----w- c:\users\***\AppData\Local\{E0C73AEB-065E-4AC4-AD27-83F5E9B2144E}
2013-05-11 09:42 . 2013-05-11 09:42 -------- d-----w- c:\users\***\AppData\Local\{D2BDC13C-D0B3-4A08-9ACA-4B6EAD57EDD7}
2013-05-10 08:03 . 2013-05-10 08:03 -------- d-----w- c:\users\***\AppData\Local\{64F77BCE-7D81-4FCC-9CA2-54C4F7E3ACE1}
2013-05-09 10:21 . 2013-05-09 10:21 -------- d-----w- c:\users\***\AppData\Local\{8EFE75B8-988D-4BA6-A449-159706DA8C28}
2013-05-08 12:29 . 2013-05-08 12:29 -------- d-----w- c:\users\***\AppData\Local\{309D653F-2D10-43A2-A1E0-6B06E00332A5}
2013-05-08 12:28 . 2013-05-08 12:28 -------- d-----w- c:\users\***\AppData\Local\{EC7D15DB-B315-40BE-8309-22276B5BAF69}
2013-05-07 20:41 . 2013-05-07 20:41 -------- d-----w- c:\users\***\AppData\Local\{DCFF68B4-0690-424A-9795-8051E7BA4A18}
2013-05-07 13:39 . 2013-05-07 13:38 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-07 07:39 . 2013-05-07 07:39 -------- d-----w- c:\users\***\AppData\Local\{F4330BCA-FD91-47C1-9F53-16836D6B080A}
2013-05-06 07:40 . 2013-05-06 07:40 -------- d-----w- c:\users\***\AppData\Local\{60DFAD30-973F-469F-9AFB-99BE44FAA6DC}
2013-05-05 13:34 . 2013-05-05 13:35 -------- d-----w- c:\users\***\AppData\Local\{9FEAF07E-4942-4B9E-B6D2-DCB91118D62A}
2013-05-04 18:51 . 2013-05-04 18:51 -------- d-----w- c:\users\***\AppData\Local\{4F9CA7E6-3718-48DD-856E-16383910B348}
2013-05-04 15:07 . 2013-05-04 15:07 -------- d-----w- c:\users\***\AppData\Local\Risen
2013-05-04 15:02 . 2013-05-04 15:02 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-05-04 15:02 . 2013-05-04 15:02 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-05-04 15:02 . 2013-05-04 15:02 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-05-04 15:02 . 2013-05-04 15:02 -------- d-----w- c:\windows\SysWow64\AGEIA
2013-05-04 15:02 . 2013-05-04 15:02 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-04 14:55 . 2013-05-04 14:55 -------- d-----w- c:\program files (x86)\Deep Silver
2013-05-03 07:17 . 2013-05-03 07:18 -------- d-----w- c:\users\***\AppData\Local\{5BFDE256-2DA9-40FC-BDCC-F5B35EB088ED}
2013-05-02 19:00 . 2013-05-02 19:00 -------- d-----w- c:\users\***\AppData\Local\{09E38A5D-0B68-48C4-82AE-BD99836436D9}
2013-05-02 12:10 . 2013-05-02 12:10 -------- d-----w- c:\users\***\AppData\Local\{CBF772A7-9AC2-49BA-91AE-4184B9DFD4B9}
2013-05-02 08:11 . 2013-05-02 08:11 -------- d-----w- c:\users\***\AppData\Local\{8A343F5E-E6A3-4B91-8268-4C5ADF71DEDA}
2013-05-02 07:49 . 2013-05-02 07:49 -------- d-----w- c:\users\***\AppData\Local\{59E680AF-63ED-4E00-A8AF-725CA13076EB}
2013-05-01 09:49 . 2013-05-01 09:49 -------- d-----w- c:\users\***\AppData\Local\{3393BF22-EA44-41EB-9614-D3EC989EBB9D}
2013-04-30 22:36 . 2013-04-30 22:36 -------- d-----w- c:\users\***\AppData\Local\{DAFD2228-145C-4C71-AFF6-62A443D11805}
2013-04-30 10:33 . 2013-04-30 10:33 -------- d-----w- c:\users\***\AppData\Local\{CFC71369-5D00-4947-8B48-B13F5E9D626E}
2013-04-29 10:41 . 2013-04-29 10:41 -------- d-----w- c:\users\***\AppData\Local\{9C71E391-F19D-44B0-8D7A-A031F7FA07A6}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 21:14 . 2012-07-08 14:40 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 19:25 . 2012-07-08 13:06 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 19:25 . 2012-01-10 12:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 10:15 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 20:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 20:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 20:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 20:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 20:50 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 20:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 08:22 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-03 11:31 . 2013-04-03 11:31 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-03 11:31 . 2012-07-07 14:29 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-03 11:31 . 2012-07-07 14:29 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-28 09:45 . 2013-03-28 09:45 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 09:45 . 2013-03-28 09:45 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-28 09:45 . 2013-03-28 09:45 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-10 08:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 08:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 08:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 08:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 08:16 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-18 23:34 . 2013-03-18 23:34 126976 ----a-w- c:\windows\lcmmfu.cpl
2013-03-18 23:34 . 2013-03-18 23:34 48640 ----a-w- c:\windows\mmfs.dll
2013-03-18 23:34 . 2013-03-18 23:34 2560 ----a-w- c:\windows\Runservice.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-04-19 1097808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UVS10 Preload"="c:\program files (x86)\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2012-07-12 155648]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2012-1-10 723560]
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-7-9 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2013-03-18 2560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 19:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-20 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-20 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ncbypbyq.default\
FF - ExtSQL: 2013-05-15 21:28; helper@savefrom.net; c:\users\Ralf Schönfelder\AppData\Roaming\Mozilla\Firefox\Profiles\ncbypbyq.default\extensions\helper@savefrom.net.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Free AVI Video Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2663514295-945132651-3534600787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Œ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2663514295-945132651-3534600787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Œ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2663514295-945132651-3534600787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**Œ]
"0"=hex:44,3a,5c,56,69,64,65,6f,73,5c,4b,61,6c,6b,6f,66,65,73,20,4d,61,74,74,
73,63,68,65,69,62,65,20,2d,20,42,61,62,61,72,61,20,53,61,6c,65,73,63,68,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-28 16:49:54
ComboFix-quarantined-files.txt 2013-05-28 14:49
.
Vor Suchlauf: 10 Verzeichnis(se), 23.638.847.488 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 23.794.200.576 Bytes frei
.
- - End Of File - - 1436AE85A61D4A834E705647CE321452
|
|
28.05.2013, 16:27
| #6 |
| /// Malware-holic | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Hi, waren das alle Malwarebytes logs mit Funden? falls nein benötige ich alle. http://www.trojaner-board.de/125889-...en-posten.html
__________________ --> Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" |
|
28.05.2013, 16:36
| #7 |
| | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Sorry, ich dachte, es ist nur der Teil wichtig, der sich auf die Ransomware bezieht und habe den Rest rauseditiert. Hier der komplette Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: SCHREIBMASCHINE [Administrator] 28.05.2013 12:15:18 mbam-log-2013-05-28 (12-15-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 400767 Laufzeit: 1 Stunde(n), 14 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\***\DOSBox-Verzeichnis in Windows Explorer öffnen.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\***\Installationsverzeichnis in Windows Explorer öffnen.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\skype.dat (Trojan.Ransom.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
28.05.2013, 16:38
| #8 |
| /// Malware-holic | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Hi, es ist immer alles an Funden wichtig. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 17:16
| #9 |
| | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Alles klar, bin die Liste durchgegangen. Da meine PC-Kenntnisse rudimentär sind, gibt es manche Programme, die mir zwar nichts sagen, deren Name aber koscher klingt. Z.B. die ganzen Acer-Programme. Diese habe ich mit "notwendig, nehme ich an" gekennzeichnet. Code:
ATTFilter Acer Backup Manager NTI Corporation 10.01.2012 336 MB 3.0.0.99 notwendig (nehme ich an) Acer Crystal Eye Webcam CyberLink Corp. 25.02.2012 33,7 MB 1.0.1904 notwendig (nehme ich an) Acer ePower Management Acer Incorporated 25.02.2012 6.00.3007 notwendig (nehme ich an) Acer eRecovery Management Acer Incorporated 10.01.2012 5.00.3502 notwendig (nehme ich an) Acer Registration Acer Incorporated 25.02.2012 1.04.3505 notwendig (nehme ich an) Acer ScreenSaver Acer Incorporated 25.02.2012 1.1.0517.2011 notwendig (nehme ich an) Acer Updater Acer Incorporated 10.01.2012 1.02.3500 notwendig (nehme ich an) Acer VCM Acer Incorporated 10.01.2012 4.05.3501 notwendig (nehme ich an) ActiveX контрола на Windows Live Mesh за отдалечени връзки Microsoft Corporation 08.07.2012 5,57 MB 15.4.5722.2 notwendig ActiveX-kontroll för fjärranslutningar för Windows Live Mesh Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.05.2013 6,00 MB 11.7.700.202 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.05.2013 6,00 MB 11.7.700.202 notwendig Adobe Photoshop 7.0 Adobe Systems, Inc. 09.07.2012 7.0 notwendig Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 07.07.2012 121 MB 10.1.3 notwendig Avira Free Antivirus Avira 07.05.2013 137 MB 13.0.0.3640 notwendig Bing Bar Microsoft Corporation 25.02.2012 27,0 MB 7.0.765.0 unbekannt Broadcom NetLink Controller Broadcom Corporation 10.01.2012 508 KB 14.8.4.1 unbekannt CCleaner Piriform 24.05.2013 4.02 notwendig Civilization III 28.04.2013 notwendig Control ActiveX de Windows Live Mesh para conexiones remotas Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 notwendig (nehme ich an) Control ActiveX del Windows Live Mesh per a connexions remotes Microsoft Corporation 08.07.2012 5,57 MB 15.4.5722.2 notwendig (nehme ich an) Control ActiveX Windows Live Mesh pentru conexiuni la distanță Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 notwendig (nehme ich an) Controle ActiveX do Windows Live Mesh para Conexões Remotas Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 notwendig (nehme ich an) Controlo ActiveX do Windows Live Mesh para Ligações Remotas Microsoft Corporation 08.07.2012 5,38 MB 15.4.5722.2 notwendig (nehme ich an) Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 notwendig (nehme ich an) Corel WinDVD Corel Inc. 25.02.2012 291 MB 10.0.5.899 unnötig DivX-Setup DivX, LLC 12.07.2012 2.6.1.9 notwendig Dropbox Dropbox, Inc. 28.03.2013 1.6.18 notwendig DVD Flick 1.3.0.6 Dennis Meuwissen 07.07.2012 1.3.0.6 notwendig ElsterFormular Landesfinanzdirektion Thüringen 22.03.2013 188 MB 14.1.20130301 notwendig eMule 07.07.2012 notwendig Evernote v. 4.5.1 Evernote Corp. 10.01.2012 151 MB 4.5.1.5451 unnötig ffdshow v1.2.4422 [2012-04-09] 12.07.2012 13,3 MB 1.2.4422.0 notwendig Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 notwendig (nehme ich an) Free AVI Video Converter version 5.0.21.1212 DVDVideoSoft Ltd. 13.01.2013 75,9 MB 5.0.21.1212 notwendig Free FLV Converter V 7.5.0 Koyote Soft 24.11.2012 17,6 MB 7.5.0.0 notwendig Free M4a to MP3 Converter 7.0 ManiacTools.com 17.12.2012 3,95 MB notwendig Free YouTube Download version 3.2.1.320 DVDVideoSoft Ltd. 02.04.2013 70,7 MB 3.2.1.320 notwendig Haali Media Splitter 12.07.2012 notwendig Identity Card Acer Incorporated 25.02.2012 1.00.3501 notwendig (nehme ich an) Indeo® software 12.07.2012 notwendig Install Absolute Data Protect Absolute Software 07.07.2012 642 KB 1.0.0.42 notwendig (nehme ich an) Intel(R) Control Center Intel Corporation 25.02.2012 1.2.1.1007 notwendig (nehme ich an) Intel(R) Management Engine Components Intel Corporation 25.02.2012 6.0.0.1179 notwendig (nehme ich an) Intel(R) Processor Graphics Intel Corporation 25.02.2012 8.15.10.2418 notwendig (nehme ich an) Java 7 Update 17 Oracle 03.04.2013 129 MB 7.0.170 notwendig Java 7 Update 7 (64-bit) Oracle 04.09.2012 127 MB 7.0.70 notwendig JavaFX 2.1.1 Oracle Corporation 07.07.2012 20,8 MB 2.1.1 notwendig JDownloader 0.9 AppWork GmbH 07.07.2012 0.9 notwendig Kontrola Windows Live Mesh ActiveX za daljinske veze Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt Launch Manager Acer Inc. 25.02.2012 6.0.5 notwendig (nehme ich an) LingoPad 2.6 (Build 360) Lingo4you 07.07.2012 2.6 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 28.05.2013 19,2 MB 1.75.0.1300 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.07.2012 38,8 MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 09.07.2012 2,93 MB 4.0.30319 unbekannt Microsoft Office 2010 Microsoft Corporation 25.02.2012 6,31 MB 14.0.4763.1000 notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 10.07.2012 12.0.6612.1000 notwendig Microsoft Silverlight Microsoft Corporation 14.03.2013 50,6 MB 5.1.20125.0 notwendig (nehme ich an) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 08.07.2012 1,69 MB 3.1.0000 notwendig (nehme ich an) Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 08.07.2012 300 KB 8.0.56336 notwendig (nehme ich an) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.01.2012 596 KB 9.0.30729 notwendig (nehme ich an) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 08.07.2012 600 KB 9.0.30729.6161 notwendig (nehme ich an) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 08.07.2012 16,5 MB 10.0.40219 notwendig (nehme ich an) MiKTeX 2.9 MiKTeX.org 11.01.2013 2.9 notwendig Mozilla Firefox 21.0 (x86 de) Mozilla 22.05.2013 44,8 MB 21.0 notwendig Mozilla Maintenance Service Mozilla 22.05.2013 333 KB 21.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.07.2012 1,27 MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 08.07.2012 1,33 MB 4.20.9876.0 unbekannt Nero 8 Lite 8.3.2.1 Updatepack.nl 07.07.2012 8.3.2.1 notwendig newsXpresso esobi Inc. 10.01.2012 7,34 MB 1.0.0.40 unbekannt NTI Media Maker 9 NTI Corporation 25.02.2012 1,60 GB 9.0.2.8942 unbekannt NVIDIA PhysX NVIDIA Corporation 04.05.2013 119 MB 9.09.0203 unbekannt Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení Microsoft Corporation 08.07.2012 5,57 MB 15.4.5722.2 unbekannt Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt Pazera Free MP4 to AVI Converter 1.6 Pazera Jacek 24.11.2012 6,76 MB 1.6 unnötig PDFCreator Frank Heindörfer, Philip Chinery 07.07.2012 1.4.2 notwendig QuickTime Apple Computer, Inc. 12.07.2012 61,4 MB 7.0.3 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 25.02.2012 6.0.1.6392 notwendig Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 10.01.2012 6.1.7600.30127 notwendig Risen Deep Silver 04.05.2013 1.00.0000 notwendig Skype™ 6.2 Skype Technologies S.A. 08.03.2013 20,2 MB 6.2.106 notwendig Spybot - Search & Destroy Safer Networking Limited 07.07.2012 1.6.2 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 25.02.2012 46,4 MB 15.2.17.5 unbekannt TEW2005 19.03.2013 notwendig Texmaker 11.01.2013 notwendig Ulead VideoStudio 10 Ulead Systems 12.07.2012 10.0 notwendig Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt VLC media player 2.0.2 VideoLAN 07.07.2012 2.0.2 notwendig WaveLab 6 Steinberg 18.08.2012 6.1.0.340 notwendig Welcome Center Acer Incorporated 25.02.2012 1.02.3505 notwendig Windows Live Essentials Microsoft Corporation 08.07.2012 15.4.3555.0308 unbekannt Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 08.07.2012 5,57 MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX-objekt til fjernforbindelser Microsoft Corporation 08.07.2012 5,57 MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz Microsoft Corporation 08.07.2012 5,38 MB 15.4.5722.2 unbekannt Windows Live Meshin etäyhteyksien ActiveX-komponentti Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt Windows Media Player Firefox Plugin Microsoft Corp 07.08.2012 296 KB 1.0.0.8 notwendig WinRAR 4.20 (64-Bit) win.rar GmbH 07.07.2012 4.20.0 notwenig Xvid Video Codec Xvid Team 12.07.2012 1.3.2 notwendig Zattoo4 4.0.5 Zattoo Inc. 09.12.2012 4.0.5 notwendig µTorrent 07.07.2012 3.2.0 notwendig Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις Microsoft Corporation 08.07.2012 5,57 MB 15.4.5722.2 unbekannt Элемент управления Windows Live Mesh ActiveX для удаленных подключений Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة Microsoft Corporation 08.07.2012 5,57 MB 15.4.5722.2 unbekannt ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) Microsoft Corporation 08.07.2012 5,37 MB 15.4.5722.2 unbekannt 適用遠端連線的 Windows Live Mesh ActiveX 控制項 Microsoft Corporation 08.07.2012 5,56 MB 15.4.5722.2 unbekannt |
|
28.05.2013, 17:21
| #10 |
| /// Malware-holic | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" bdeinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Bing Control ActiveX : alle Controle : beide Controlo Corel eMule : 1. ist viel Zeug was man dort bekommt illegal, wer erwischt wird muss mit hohen Kosten rechnen. 2. Programme dort enthalten häufig Schadsoftware. Deinstaliere: Evernote Formant Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Kontrola Kontrolnik Ovládací : alle Pazera Spybot : kann weg, ist nicht sinnvoll Uzak Windows Live : alle für dich unnötigen µTorrent : selbe wie bei emule Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 18:01
| #11 |
| | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Wow, ich bin wirklich sehr beeindruckt, Ihr habt es hier echt raus! Eine kurze Zwischenfrage: Du schreibst, ich soll von Windows Live alle für mich Unnötigen deinstallieren. Nun habe ich all diese Windows Live Mash Anwendungen bewusst noch nie benutzt, schon gar nicht die, mit den fremdsprachigen oder orientalischen Zeichen im Namen. Wie ich im Netz gelesen habe, handelt es sich dabei ja um ein Programm, das in irgend einer Weise zum Sychronisieren von Einstellungen verwendet wird. Wie gesagt, habe ich das nie genutzt und wüsste auch nicht, wozu ich das bräuchte. Kann ich also all diese Live-Mesh-Teile deinstallieren, oder haben die irgend eine andere wichtige Funktion? |
|
28.05.2013, 18:15
| #12 |
| /// Malware-holic | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Nö, hau weg. so lange du zb kein Windows live mail nutzt ist das alles unnötig
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 18:21
| #13 |
| | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Aha! Doch, Windows Live Mail nutze ich. Das hängt also mit diesem Live-Mesh zusammen? Dann sollte ich es lieber drauflassen? |
|
28.05.2013, 18:23
| #14 |
| /// Malware-holic | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" na die mit den ausländischen Bezeichnungen können weg der Rest bleibt. wenn dir das zu unsicher ist, lässt halt alle
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 18:39
| #15 |
| | Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" Okay, AdwCleaner hat sein Werk getan. Die Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 28/05/2013 um 19:30:16 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - SCHREIBMASCHINE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ncbypbyq.default\prefs.js
Gelöscht : user_pref("extensions.50e586cd24d8b.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
*************************
AdwCleaner[S1].txt - [1313 octets] - [28/05/2013 19:30:16]
########## EOF - C:\AdwCleaner[S1].txt - [1373 octets] ##########
|
|
| Themen zu Trojaner "Gesellschaft zur Verfügung von Urheberrechtsverletzungen" |
| antivir, autorun, avira, bildschirm, bingbar, browser, fehler, firefox, flash player, gesellschaft zur verfügung von urheberrechtsverletzungen, home, install.exe, installation, laufwerk c, launch, logfile, mozilla, plug-in, realtek, registry, richtlinie, savefrom.net, scan, security, siteadvisor, software, svchost.exe, trojaner, version., windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
