Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner auf Laptop

GVU Trojaner auf Laptop


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner auf Laptop

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 05.06.2013, 15:18   #1
Margel
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


Hallo,
Leider habe ich mir gestern den GVU-Trojaner gefangen, bzw. er wurde gestern auf meinem Laptop (Acer Aspire 5750G) aktiviert . Da ich mich nicht sonderlich gut mit Computern auskenne habe ich mich erst mal im Internet umgesehen und beschlossen, hier um Rat zu fragen.

Die Ausgangssituation sieht folgendermaßen aus:
Nach dem Anmelden auf dem (leider einzigen) Benutzerkonto kommt der typische Sperrbildschirm (mit IP-Adresse, einem Webcamfoto, der Zahlungsaufforderung, den Paragraphen aus dem Gesetzbuch/Drohungen usw.) und man kann nichts mehr machen. Anhand von Bildervergleich vermute ich, dass es die 2.12 Version ist.
Im Abgesicherten Modus starten ist ebenfalls nicht möglich, er fährt sofort wieder runter. Außer den Abgesicherten Modus auszuprobieren habe ich noch keine Maßnahmen getroffen.
Ich besitze einen weiteren internet-und brennfähigen PC (sollte hoffentlich helfen).

Falls ihr mir helfen könnt, bitte etwas genauer erklären, damit es keine Missverständnisse gibt, wie gesagt ich kenn mich nicht soooo gut aus
Danke im Vorraus!

Alt 05.06.2013, 15:19   #2
markusg
/// Malware-holic
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


Hi,
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-isoburner/
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________
Alt 06.06.2013, 15:44   #3
Margel
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


Ich habe nun mehrmals probiert von der CD zu Booten. Nach dem REATOGO-X-PE wird gestartet- Bildschirm kam jedes mal kurz der Startbildschirm von Windows XP und dann die Fehlermeldung:
A problem has been detected and Windows has been shut down to prevent damage to your computer... usw...
Technical information:
*** STOP: 0x0000007B (0xF78DA528, 0x00000000, 0x00000000)

Ich besitze die Möglichkeit meinen Desktop durch einen Bug mit Steam beim Abmelden (ein Glück ist das scheiß Programm so lahm) die Möglichkeit meinen Desktop zurückzugewinnen und so das Programm auf der CD auszuführen. Soll ich es mal auf diese Weise probieren? (Ich hab es jetzt noch nicht ausprobiert, wollt erst fragen).
__________________
Alt 08.06.2013, 17:17   #4
markusg
/// Malware-holic
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


hi
wenn du auf den desktop kommst:

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 11:27   #5
Margel
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


Hi,
Nach etlichen versuchen, meinen Desktop zurückzugewinnen (war anscheinend nur Zufall) oder doch noch von der CD zu booten, was beides nicht geklappt hat, hatte ich dann doch glück. Nach den Xten ab- und anmelden kam statt des erwarteten Sperrbildschirms eine Meldung von Microsoft Security Essentials, es habe einen Trojaner gefunden und unter Quarantäne gestellt. Ich habe nun wieder vollen Zugriff auf den PC . Da höchstwahrscheinlich aber noch genug Reste des Trojaners auf dem PC sind (und andere Sicherheitslücken) habe ich natürlich trotzdem einen OTL-Scan gemacht. Hier die Logfiles:

OTL.txt

Code:
ATTFilter
OTL logfile created on: 09.06.2013 11:44:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.86 Gb Total Physical Memory | 5.67 Gb Available Physical Memory | 72.17% Memory free
15.71 Gb Paging File | 13.38 Gb Available in Paging File | 85.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.54 Gb Total Space | 296.22 Gb Free Space | 43.53% Space Free | Partition Type: NTFS
Drive D: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 120.03 Mb Total Space | 69.56 Mb Free Space | 57.95% Space Free | Partition Type: FAT
 
Computer Name: MD-19970514 | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.09 10:11:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013.05.04 01:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.02.07 18:37:32 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.12.21 06:31:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.31 22:19:18 | 000,200,784 | ---- | M] (Somoto) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
PRC - [2012.05.04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2011.12.01 18:11:48 | 000,743,936 | ---- | M] () -- C:\Program Files (x86)\CPUCooL\CooLSrv.exe
PRC - [2011.08.26 15:14:40 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011.08.24 19:03:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.08.24 19:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011.07.01 04:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.07.01 04:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.07.01 04:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.05.12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011.04.24 03:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.04 01:35:30 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.04.24 04:30:08 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.10.03 00:21:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.24 19:03:42 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.08.24 19:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011.04.24 03:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.16 17:31:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.12 13:00:21 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.07 18:37:32 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.12.21 06:31:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2012.01.11 03:39:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.12.01 18:11:48 | 000,743,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CPUCooL\CooLSrv.exe -- (CPUCooLServer)
SRV - [2011.08.02 12:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.06.21 13:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.06.07 13:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.03.29 06:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.29 16:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.21 04:39:21 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.10.03 00:21:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.24 22:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012.07.24 22:11:52 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.07.17 16:50:08 | 000,310,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.07.17 16:49:38 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.11 03:38:40 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012.01.11 03:38:40 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012.01.11 03:38:40 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.09.20 12:02:55 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.09.20 12:02:55 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011.07.20 00:33:04 | 002,755,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.07.14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 20:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.16 15:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011.05.10 05:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.05.06 11:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.05 13:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.02.10 08:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 08:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.20 19:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011.01.20 19:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2010.11.29 16:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.11 21:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.04.10 09:43:54 | 000,004,608 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\mbmiodrvr.sys -- (mbmiodrvr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.privitize.com/?aff=7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{AD74A0B0-78A6-43C5-9E4E-C35F9CC142E8}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={C0D7A44E-D294-11E1-9CFC-DC0EA125C6FC}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{AD74A0B0-78A6-43C5-9E4E-C35F9CC142E8}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={C0D7A44E-D294-11E1-9CFC-DC0EA125C6FC}
IE - HKCU\..\SearchScopes\{B90D2AE5-37CC-4494-9E3C-CB93408FFEBA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8B43ED04-65A8-4D21-B3EC-B60C13A3E8D3&apn_sauid=ACE9DEE8-DEC1-45EB-8966-0902EA46192C
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.08 02:05:24 | 000,037,909 | ---- | M] ()
 
[2012.08.19 00:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.08.19 00:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.07.20 19:59:15 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.08.19 00:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.08.19 00:30:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.31 22:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com
[2012.08.19 00:30:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.09 00:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HD Video Player = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmimoidopbghbcmdmpkjaffffmcbmbg\1.5_1\
CHR - Extension: Battlefield Play4Free = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HD Video Player = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmimoidopbghbcmdmpkjaffffmcbmbg\1.5_1\
CHR - Extension: Battlefield Play4Free = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Giant Savings Extension) - {11111111-1111-1111-1111-110211181110} - C:\Program Files (x86)\Giant Savings Extension\Giant Savings Extension.dll (215 Apps)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.134.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B7F2F84-982A-49EA-9368-45FB5BC144D9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0EF4A0D-C7C9-4ECB-ABF9-137EE410D468}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{52912471-0beb-11e2-85f5-6427371ce394}\Shell - "" = AutoRun
O33 - MountPoints2\{52912471-0beb-11e2-85f5-6427371ce394}\Shell\AutoRun\command - "" = E:\autorun.exe index.html
O33 - MountPoints2\{6d57c7fb-3bf1-11e1-ae70-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d57c7fb-3bf1-11e1-ae70-806e6f6e6963}\Shell\AutoRun\command - "" = D:\MLLaunch.exe
O33 - MountPoints2\{9117ce66-c126-11e1-93fd-dc0ea125c6fc}\Shell - "" = AutoRun
O33 - MountPoints2\{9117ce66-c126-11e1-93fd-dc0ea125c6fc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 11:36:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.06.02 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\VLN
[2013.05.31 19:48:01 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Amnesia
[2013.05.31 19:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2013.05.27 19:12:10 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\24h
[2013.05.25 15:33:09 | 000,000,000 | ---D | C] -- C:\GTR2
[2013.05.25 13:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.25 13:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.05.20 20:26:57 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\GTR2
[2013.05.11 16:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.11 16:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.11 16:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.11 16:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 14:08:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 14:08:20 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 11:34:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.09 11:34:13 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.09 11:31:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 11:17:11 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 11:17:11 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 10:21:45 | 000,000,004 | ---- | M] () -- C:\Users\*****\AppData\Roaming\skype.ini
[2013.06.09 10:18:11 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.09 10:18:11 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.09 10:18:11 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.09 10:18:11 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.09 10:18:11 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.09 10:11:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.06.06 16:01:23 | 000,000,000 | ---- | M] () -- C:\END
[2013.06.02 16:59:03 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.02 16:59:03 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.02 16:58:34 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.27 18:55:25 | 075,092,888 | ---- | M] () -- C:\Users\*****\Desktop\Audi TT-R DTM 2003-2004 by GMT for GTR V1.0.rar
[2013.05.27 18:46:09 | 037,411,303 | ---- | M] () -- C:\Users\*****\Desktop\VW.Golf.IV.R32.v2.0.GTR2.rar
[2013.05.27 18:43:54 | 119,780,644 | ---- | M] () -- C:\Users\*****\Desktop\WTCC.Extreme.Challenge.v2.0.GTR2.rar
[2013.05.27 18:30:28 | 106,250,945 | ---- | M] () -- C:\Users\*****\Desktop\TRC.Audi.Sportwagen.Mod.v2.0.GTR2.rar
[2013.05.18 22:31:20 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2013.05.15 21:02:06 | 005,051,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.11 16:02:08 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.04 16:49:52 | 000,000,004 | ---- | C] () -- C:\Users\*****\AppData\Roaming\skype.ini
[2013.05.27 18:53:58 | 075,092,888 | ---- | C] () -- C:\Users\*****\Desktop\Audi TT-R DTM 2003-2004 by GMT for GTR V1.0.rar
[2013.05.27 18:39:32 | 119,780,644 | ---- | C] () -- C:\Users\*****\Desktop\WTCC.Extreme.Challenge.v2.0.GTR2.rar
[2013.05.27 18:37:53 | 037,411,303 | ---- | C] () -- C:\Users\*****\Desktop\VW.Golf.IV.R32.v2.0.GTR2.rar
[2013.05.27 18:26:38 | 106,250,945 | ---- | C] () -- C:\Users\*****\Desktop\TRC.Audi.Sportwagen.Mod.v2.0.GTR2.rar
[2013.05.17 16:52:44 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2013.05.11 16:02:08 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.29 17:09:51 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.29 17:13:36 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.05.25 13:37:43 | 000,000,568 | ---- | C] () -- C:\Windows\wininit.ini
[2012.04.27 19:25:45 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.23 20:39:13 | 000,007,596 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2012.03.18 12:17:23 | 000,000,680 | RHS- | C] () -- C:\Users\*****\ntuser.pol
[2012.03.09 17:55:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.14 05:57:35 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.14 05:57:34 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.14 05:57:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.14 05:57:31 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.14 05:57:30 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.24 11:55:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2012.10.09 00:48:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2012.04.16 16:16:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BlackBean
[2013.02.07 21:08:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.12.21 10:39:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2013.02.08 15:07:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DSite
[2013.03.21 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2012.08.18 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FloodLightGames
[2012.03.21 17:57:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FoozKids
[2012.05.24 19:08:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2013.03.21 16:45:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mp3jam
[2013.02.01 23:23:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mystery of Mortlake Mansion
[2012.09.06 22:13:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Need for Speed World
[2012.12.01 15:10:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2012.04.10 20:26:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PowerCinema
[2012.06.28 15:46:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PowerISO
[2012.12.21 05:34:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PunkBuster
[2012.02.24 20:50:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Screensaver
[2013.02.07 22:05:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.04 12:00:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\The Creative Assembly
[2013.05.13 18:05:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2013.06.01 11:45:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.01 20:47:51 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.11 03:18:41 | 000,000,000 | -H-D | M] -- C:\book
[2013.05.25 13:00:48 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.02.24 20:47:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.11 03:48:57 | 000,000,000 | ---D | M] -- C:\Dolby PCEE4
[2011.06.23 08:15:57 | 000,000,000 | ---D | M] -- C:\Extras
[2013.05.25 15:37:42 | 000,000,000 | ---D | M] -- C:\GTR2
[2012.01.11 03:15:10 | 000,000,000 | -H-D | M] -- C:\Intel
[2013.01.23 15:50:41 | 000,000,000 | ---D | M] -- C:\minecraft save backups
[2012.02.24 21:55:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.02.24 21:52:24 | 000,000,000 | ---D | M] -- C:\MS_HuP_MW
[2012.10.19 17:05:20 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.08.04 13:23:08 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.13 18:05:19 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.09 11:42:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.05.11 16:01:28 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.02.24 20:47:31 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.24 20:47:31 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.05.25 15:40:44 | 000,000,000 | ---D | M] -- C:\Schule
[2013.06.09 11:46:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.19 17:11:03 | 000,000,000 | R--D | M] -- C:\Users
[2013.06.04 17:09:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.04 13:42:54 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.08.23 14:08:39 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.08.23 14:08:39 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.07.14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.07.14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.07.14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.07.14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.07.14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.07.14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.06.09 11:57:51 | 007,077,888 | -HS- | M] () -- C:\Users\*****\ntuser.dat
[2013.06.09 11:57:51 | 000,262,144 | -HS- | M] () -- C:\Users\*****\ntuser.dat.LOG1
[2012.02.24 20:47:41 | 000,000,000 | -HS- | M] () -- C:\Users\*****\ntuser.dat.LOG2
[2012.02.24 21:16:28 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.02.24 21:16:28 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.02.24 21:16:28 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.06.11 19:10:08 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{8c44e1f7-b3e6-11e1-b3a2-dc0ea125c6fc}.TM.blf
[2012.06.11 19:10:08 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{8c44e1f7-b3e6-11e1-b3a2-dc0ea125c6fc}.TMContainer00000000000000000001.regtrans-ms
[2012.06.11 19:10:08 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{8c44e1f7-b3e6-11e1-b3a2-dc0ea125c6fc}.TMContainer00000000000000000002.regtrans-ms
[2012.06.11 21:19:26 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{e47ce362-b3e8-11e1-a4f7-dc0ea125c6fc}.TM.blf
[2012.06.11 21:19:26 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{e47ce362-b3e8-11e1-a4f7-dc0ea125c6fc}.TMContainer00000000000000000001.regtrans-ms
[2012.06.11 21:19:26 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{e47ce362-b3e8-11e1-a4f7-dc0ea125c6fc}.TMContainer00000000000000000002.regtrans-ms
[2012.08.11 12:09:15 | 000,065,536 | -HS- | M] () -- C:\Users\*****\ntuser.dat{fb17caae-e398-11e1-9439-dc0ea125c6fc}.TM.blf
[2012.08.11 12:09:15 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{fb17caae-e398-11e1-9439-dc0ea125c6fc}.TMContainer00000000000000000001.regtrans-ms
[2012.08.11 12:09:15 | 000,524,288 | -HS- | M] () -- C:\Users\*****\ntuser.dat{fb17caae-e398-11e1-9439-dc0ea125c6fc}.TMContainer00000000000000000002.regtrans-ms
[2012.02.24 20:47:41 | 000,000,020 | -HS- | M] () -- C:\Users\*****\ntuser.ini
[2012.10.27 22:05:57 | 000,000,680 | RHS- | M] () -- C:\Users\*****\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >


Alt 09.06.2013, 11:28   #6
Margel
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


2. Teil

Extras.txt

[CODE]Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 09.06.2013 11:44:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.86 Gb Total Physical Memory | 5.67 Gb Available Physical Memory | 72.17% Memory free
15.71 Gb Paging File | 13.38 Gb Available in Paging File | 85.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.54 Gb Total Space | 296.22 Gb Free Space | 43.53% Space Free | Partition Type: NTFS
Drive D: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 120.03 Mb Total Space | 69.56 Mb Free Space | 57.95% Space Free | Partition Type: FAT
 
Computer Name: MD-19970514 | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D106B7-78BD-4768-A0F9-148160513043}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{090A5E9D-366B-49F5-B6B7-3C38B7DF4752}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{109F20EA-4A35-4181-947F-1A349E431131}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3155CD3A-B2D7-4E26-B283-9F40719781C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A15D4B4-22F3-4702-9C99-6C18C2A40DD9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3DD82B8A-4153-4CCB-BBD3-E0C96630B0C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4078C6FC-7792-4BCC-8137-D80E51020212}" = rport=137 | protocol=17 | dir=out | app=system | 
"{48B86847-6928-47A8-90EB-02A1B1D1F665}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4CA64B2B-A13F-4996-9254-D3ECE3186AD1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{51059A9D-BBF4-4011-8515-162E9AB988FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5E9A5518-BF9C-402C-8B91-BA5033C9DD19}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5EDFF17F-597B-4BC9-BE38-AD96755554C4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6EE7A3E0-CA30-426D-A03F-7E7C588BD849}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{76028B88-8BB7-477D-A71C-C928D616FCA9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CE23C7F-A35C-498E-9809-FAE3AB3E899F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F815F50-02D7-4CB1-A104-6CABCFD6C1C2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8461F1AA-B2E5-46EE-8CCD-947657515DB5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{84F89909-75E5-407E-A70B-F0C0390C33D9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{86362DF8-B840-43AE-A2D7-45BAB41F95E5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9A897406-C7D7-4615-9854-73243580C038}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9AFABA92-475A-4407-9B3A-645FED3708F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A420EF3E-951C-46DD-81EA-780174A8E935}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B81B3B60-AE08-411F-9A53-483836887BF5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B8CDFDC7-42EF-4F22-80D8-DBEF0E755A42}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B97AF401-3627-478B-ABFD-B373EB732436}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{BB26A02E-F7D0-4B43-8C19-8E19DE5C952E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C4AEC1B9-A1EE-4A88-8B06-6B047A940C0F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5F99D07-717F-4A13-888E-A0B6D8CD6776}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{C89A2C68-894B-4572-9E46-4610929D9D4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E403F2D0-6E43-42BA-A093-8D8CED19B773}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EE7A8F90-6761-4D7C-B971-A8A529239E91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F64D5D2E-A586-44EC-945C-3B8FD5714415}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8AD15ED-6D3F-4E91-AA40-45FB8C9760F4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F9C2DB85-9F34-43C7-AAA9-2BE5C87436D9}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0176F0C0-66CB-46E5-8E61-B163F06A791C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{01875DE9-76F5-4162-870E-01ED11249671}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0395A986-FF46-4E7D-8AB2-3FD4F6EA4540}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{04F242CC-1855-4267-9BC8-62DE39169566}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{0A232DD8-9713-4DFA-9574-3A005CAFA4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{0EE60540-BEA1-4614-A36B-91F93B1B8879}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0FCA11EC-0E80-4DB8-BE1E-3324758416F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1458D64C-C906-4D1A-8AB7-854B5432CD72}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{15EEEFDD-C32B-40A9-8585-0C6F7DDE29CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{173722A9-C27E-45D8-BDFD-0AD48F59ECCD}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{19570E8B-8C04-49E1-943B-B1B0C708F028}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mx vs atv reflex\mxsettings.exe | 
"{22C24196-9CB4-4848-91F4-72CA3E3DF731}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{26A1BC16-ABE1-49B2-9520-9E270D8568A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spectraball\spectraball.exe | 
"{26C234C8-9146-4E4B-8EF5-E7554FC0D2FD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2AC4CA6D-F68A-4EE3-B028-F9A4D637327C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 de\maxpayne2.exe | 
"{2D994F35-E297-48CC-9916-4E01ABA8B130}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{2F7F2029-7BF4-475B-BF08-2DC4B2F56BDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{309231F1-217C-4066-B2EB-6E130BFDD537}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{317EB741-1F87-4E38-80D3-40B1E47A0039}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{31A2BF94-6089-41E8-8AB2-B83EFC77DC8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{3335B19A-8BB4-4491-82C5-72C6C93FA0FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3424BC3F-59C3-4F35-96AF-4A1955264B34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\modding\show.bat | 
"{359CA32E-5160-4595-BDCD-D86E0301F205}" = protocol=17 | dir=in | app=c:\program files\total war\bfp4f.exe | 
"{3B6B4B42-B62A-4996-A3CD-F95339243793}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{3BD72DC6-5E6D-4D99-BCC9-838A12308BF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{3C290EE9-80E6-4A8F-AF2C-26396316C3A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3D3B93FA-15F9-4419-888D-35475FD7C0C4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{3E852A4A-9C13-46BE-8970-53612940B383}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{40434119-7ECC-4082-906F-4FD3E7A3699A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{429EE910-9C73-48A6-AB4C-1C53C0A3B1DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mx vs atv reflex\mxsettings.exe | 
"{43C1B48A-B9F0-44B0-9308-B4103D1EE00C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mx vs atv reflex\mxreflex.exe | 
"{4C5FB708-CA72-4838-A3F2-4430F2E125B8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4D584752-38A5-4E61-8ECD-622CAD249D9A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4FCAAAF5-097D-4BA5-90DF-07C751FF3C10}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{4FFFB6F9-15D1-41DF-8C62-EF47A1021964}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{5155BD43-9799-4CB8-B2DA-DE81A1F51B91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{51E96613-AEC0-43F8-BFF5-5C25F8862566}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{56B471B3-CCE0-4530-A612-00EEB287010C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{57DF7827-CD47-489A-92B6-315588D5D3E2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{5959467F-D077-4F3C-B6CF-E6E43FC1E6BA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{59A4ABEB-AC85-49B0-8E23-1E0896680298}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5B8EBF2E-F6FA-4B83-AA63-B1EFA66AE4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{5EC8BB34-CC66-4329-935B-89036EF5679A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{6199220F-033A-41E8-A94D-90D20D1FD871}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{62EAEF82-2DF1-4B80-97F8-29B34E30128C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{65E264F8-C126-44F7-B69E-B131420EF86E}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{660B551C-5B55-4417-ADA5-FB670E0987DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{669121A0-EB29-48D5-B962-D8BD84510B21}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{6702875E-3DE3-4266-9741-B65FF8192242}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{69490A5B-7839-4DC0-B544-7D471A51C331}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6CB29A22-6030-4A16-A18B-7AF8D0C03D63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{6ED43AA6-7225-4C7F-A3CD-351FBBAB35F0}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{70C45A7E-0237-4322-962D-065002AF96A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{726A9DA4-074D-49C4-A7AC-1F99674956E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spectraball\spectraball.exe | 
"{72B25A79-15E1-410F-94BD-31C36AB9F225}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{72FE5DEE-03CE-4C3F-8C1C-843C3FD7518C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{74820C62-D273-406B-8786-817CD893F4A0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{74978CF8-C3E3-4A3F-AFE1-ECFF6A0E3B35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | 
"{76ED8F8C-02B3-4591-AD65-C6FFC4EE2034}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{781ACA7C-867F-4494-B59F-C981B2694D94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\modding\show.bat | 
"{7D8092A0-BADA-4EE6-ACC5-700E598372BC}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{83918EB0-4595-4117-A2A1-21D7BACE1F98}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{8AAC7F0B-7DA5-41F2-AA27-8ED90446F59F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8DACAD18-60AB-4CD9-AEAE-9D1EE451290B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{9226B0ED-44DA-4B84-BD9E-94E09E301619}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{9416F722-FB68-425F-BD0F-723FEB85A57D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | 
"{95A1D332-F6CB-4350-8E5C-369AE38FFC90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mx vs atv reflex\mxreflex.exe | 
"{99C72073-CDB6-42B3-A527-13F54EC7A610}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{9A346816-3831-4057-B2DC-76E7DDC9866D}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{9C66EE1A-5E8E-4565-850A-EC46FA77B657}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{9CC42253-FA3D-4643-88D4-AEB11B688B63}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9FFB9EFC-BA60-44BC-AB1B-994D5F6CAE93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A142250E-D0CE-4181-BA08-ED15019072D3}" = protocol=6 | dir=in | app=c:\program files\total war\bfp4f.exe | 
"{A2A13ABC-26EC-4110-B585-C11FC9DE819A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 de\maxpayne2.exe | 
"{A32C48E5-F021-4C6C-B7A2-13E496472478}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3346265-346A-44FC-9F54-E022E11EA580}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A3D0E772-7B7A-4159-A5ED-09CE2CC82D2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AA5AA2E4-3720-43A6-ABFA-B98BE12993D6}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{ACC02C4A-386F-49C5-9B6E-F887C9C75503}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{AF33C26F-3959-4F97-A23B-8D8938827307}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B6C3FCF6-B656-4EB2-BA3E-E62478919BF6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B7A03896-36D4-4473-8CE7-22F923293069}" = protocol=6 | dir=out | app=system | 
"{B88920A9-82B8-4782-9DBB-695BB20B4675}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{BE6BCE0C-829E-47DB-8C16-F4D14D4E3843}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{C06B1D9F-7C1B-4BB8-8FC7-28F3A9331D44}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C407B10B-9E15-43CD-9CCA-0A77FEFF35EA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C5A18E71-3217-432E-A615-6DD4607ABEC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | 
"{C64141BD-BF51-49C1-9A37-1B0F98066902}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{C8393F11-7B64-4B96-B241-D2949550EB4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{D3925191-FC3B-4670-BEC3-7B486E5BC83D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{D4ADBF9E-8BF2-492B-A5A8-000D6132C7C4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{D8D32C3D-32F1-47AE-9D28-F84A5385BC91}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DCFC60D0-55E0-4418-ABA0-F514724831AF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DE906806-7482-4F7D-82A2-C6ADFB3D70C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{DE95CA4D-BCB8-4E06-A316-C4605710831C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DF00C173-53D2-4C3F-A391-CEC976A134AD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{E04F6635-0881-4758-8304-6B88D5E8074B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E11FF750-87BD-42F4-BD99-275E655253F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E27B4691-F253-4C40-B292-06E8865BF64F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{E2B70F5A-8A67-45E7-A509-112AB1BB7B31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{E34F8DDC-0937-4EB6-B22E-6B718B08B15E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{F26C7406-74B2-45D3-8FCF-92B05D7A6EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{F58023B5-49E0-404D-86BD-467C47E3AD44}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin light\bradmlight.exe | 
"{FA568399-9785-46A2-A684-CB223FF72E9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FAF03B8C-BF96-4421-8E8D-7A89536AD16B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1E8E2E54-EA50-478C-B06A-03F3F66AEC82}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{220DD0FB-E91A-43EE-A7CE-E52FE1C6C6BA}C:\schule\kot\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\schule\kot\call of duty 4\iw3mp.exe | 
"TCP Query User{26A20A80-9E9A-486E-BA5B-F7C15E1FB607}C:\schule\kot\call of duty 4\call of duty 4_multiplayer\iw3mp_multiplayer1.7.exe" = protocol=6 | dir=in | app=c:\schule\kot\call of duty 4\call of duty 4_multiplayer\iw3mp_multiplayer1.7.exe | 
"TCP Query User{2F317B34-05CE-4A48-80D8-08C483098C2E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{3982176D-53AC-457E-BA6B-5FD28462D8F3}C:\schule\kot\farcry 3\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\schule\kot\farcry 3\farcry 3\bin\farcry3_d3d11.exe | 
"TCP Query User{3FD6CC0C-F44E-4A06-8A13-7B8819118787}C:\program files\total war\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\total war\bfp4f.exe | 
"TCP Query User{4AFB9C54-9605-4ED2-8908-8D12D409546B}C:\schule\kot\farcry 3\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\schule\kot\farcry 3\farcry 3\bin\farcry3.exe | 
"TCP Query User{5155DCCC-2440-4395-B70B-71668C71C416}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{55535207-4B8C-4A24-B400-854B5F7BDDC1}C:\schule\kot\farcry 3\farcry 3\bin\fc3editor.exe" = protocol=6 | dir=in | app=c:\schule\kot\farcry 3\farcry 3\bin\fc3editor.exe | 
"TCP Query User{56ADB34F-BB86-4294-9880-A7A9D259F2F3}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"TCP Query User{5DBB4CC2-459C-4075-87FE-49F69F7B61B6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{61279791-F5E2-461A-8571-190CF3778985}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{62054D80-F29B-414F-94A3-C6B188B80602}C:\schule\kot\call of duty 4\call of duty 4_multiplayer\iw3mp_multiplayer1.7.exe" = protocol=6 | dir=in | app=c:\schule\kot\call of duty 4\call of duty 4_multiplayer\iw3mp_multiplayer1.7.exe | 
"TCP Query User{6376F340-0160-4823-8EC8-291F88088C86}C:\schule\kot\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\schule\kot\left 4 dead 2\left4dead2.exe | 
"TCP Query User{698F9A87-CDEA-4579-BD89-F408BDBA2A2B}C:\schule\kot\cod 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\schule\kot\cod 2\cod2mp_s.exe | 
"TCP Query User{6C189FFE-E98B-4342-B047-C81897C9040F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{716A4E02-354F-43FA-9CBE-9C4BDA6151D1}C:\schule\kot\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\schule\kot\call of duty 4\iw3mp.exe | 
"TCP Query User{7260FDC4-FF1E-48B5-B9D0-AEB312EB1B8D}C:\users\*****\desktop\udk\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\udk\binaries\win32\udk.exe | 
"TCP Query User{906320B3-01BA-4E16-8140-14432FE5DAD9}C:\users\*****\desktop\udk\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\udk\binaries\win64\udk.exe | 
"TCP Query User{A6949AE2-0574-429F-85AC-4E9A2BCD8796}C:\schule\kot\assassin's creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=c:\schule\kot\assassin's creed brotherhood\acbsp.exe | 
"TCP Query User{AEB8A5D0-4518-4738-B789-7F4ADB44CB49}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"TCP Query User{C10A0BCE-217D-46B3-9D35-09BEA86319A2}C:\schule\kot\udk\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\schule\kot\udk\binaries\win64\udk.exe | 
"TCP Query User{D3531119-D220-4D13-9CC3-E9696A111DE6}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{EBCFED14-6FED-4A36-866C-F656F6F95BC9}C:\schule\kot\call of duty 4\iw3mp_multiplayer1.7.exe" = protocol=6 | dir=in | app=c:\schule\kot\call of duty 4\iw3mp_multiplayer1.7.exe | 
"TCP Query User{EF0CF31B-5228-4A66-946E-17F08D0C4598}C:\udk\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\binaries\win64\udk.exe | 
"UDP Query User{0220180B-B070-4364-9F26-5FF2964BE49D}C:\schule\kot\assassin's creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=c:\schule\kot\assassin's creed brotherhood\acbsp.exe | 
"UDP Query User{1633B73E-B725-4EFF-9F2E-8BC3860D3319}C:\udk\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\binaries\win64\udk.exe | 
"UDP Query User{1C0D568B-13EF-430D-9141-3DCC04E5817C}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"UDP Query User{253E3D58-746D-4C85-9894-56F0346A6D4E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{27F515CC-2692-4494-AEF9-521A9D8D88E4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{28EF64AC-CEBE-433B-89FD-514327F5AA7F}C:\schule\kot\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\schule\kot\call of duty 4\iw3mp.exe | 
"UDP Query User{2D2C86AA-6984-47C1-BA28-B379CB755F65}C:\schule\kot\call of duty 4\call of duty 4_multiplayer\iw3mp_multiplayer1.7.exe" = protocol=17 | dir=in | app=c:\schule\kot\call of duty 4\call of duty 4_multiplayer\iw3mp_multiplayer1.7.exe | 
"UDP Query User{2ED35C0D-A22C-4978-AFC0-D7697DAC9505}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{334DBF9F-3968-4EE1-AC0A-8B214EC7E696}C:\users\*****\desktop\udk\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\udk\binaries\win64\udk.exe | 
"UDP Query User{3E2F21FB-F1E4-4C57-8762-D1C6D3671D4F}C:\schule\kot\cod 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\schule\kot\cod 2\cod2mp_s.exe | 
"UDP Query User{442FCB94-7656-46A4-9AB9-4438B199E96C}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{45998C7A-EA83-4B12-AD4A-6F644D675F52}C:\schule\kot\farcry 3\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\schule\kot\farcry 3\farcry 3\bin\farcry3.exe | 
"UDP Query User{4A1AFE80-4958-43BE-B042-F099AC7D205A}C:\schule\kot\farcry 3\farcry 3\bin\fc3editor.exe" = protocol=17 | dir=in | app=c:\schule\kot\farcry 3\farcry 3\bin\fc3editor.exe | 
"UDP Query User{4B959009-110E-44AE-A21D-006CDF5A2D26}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{4CC937BA-5554-4967-9EB4-756000E88919}C:\schule\kot\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\schule\kot\left 4 dead 2\left4dead2.exe | 
"UDP Query User{521D80F7-D3B2-4106-BADF-BE91438482AF}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{556F64FA-2443-4EDF-8AAB-6EB4C0AFD317}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{5736ED65-6396-48A0-82D4-69327AE10D9D}C:\users\*****\desktop\udk\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\udk\binaries\win32\udk.exe | 
"UDP Query User{6F57B85B-619A-4F3E-B664-0BA4DCAEA979}C:\program files\total war\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\total war\bfp4f.exe | 
"UDP Query User{72BAA2DF-B857-40D5-A6C9-FCC6E8082E14}C:\schule\kot\farcry 3\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\schule\kot\farcry 3\farcry 3\bin\farcry3_d3d11.exe | 
"UDP Query User{849EBA77-7563-4C71-8955-2940C20ACB35}C:\schule\kot\call of duty 4\call of duty 4_multiplayer\iw3mp_multiplayer1.7.exe" = protocol=17 | dir=in | app=c:\schule\kot\call of duty 4\call of duty 4_multiplayer\iw3mp_multiplayer1.7.exe | 
"UDP Query User{87EBDE66-5C68-4937-9791-A1C15D2186BD}C:\schule\kot\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\schule\kot\call of duty 4\iw3mp.exe | 
"UDP Query User{B9B2CA77-D476-4241-99C3-7DFBF83B4297}C:\schule\kot\call of duty 4\iw3mp_multiplayer1.7.exe" = protocol=17 | dir=in | app=c:\schule\kot\call of duty 4\iw3mp_multiplayer1.7.exe | 
"UDP Query User{BC52E6E9-3CC8-4DEE-A40E-00ECD3D8D71A}C:\schule\kot\udk\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\schule\kot\udk\binaries\win64\udk.exe | 
"UDP Query User{F6EEE792-594E-47C8-8EA2-DB80111DF7A1}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-2ae2371f-c2ea-47e9-a73f-df18370ddbac" = Unreal Development Kit: 2012-02
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1BE249CC-2A97-4FD2-AF8C-80D027ADD8A5}" = DayZ Commander
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4C774C35-E0AF-72E1-136A-2BF666702268}" = Fooz Kids
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8A03FE64-0C8B-4E8F-B488-F36BA40A8640}" = Shogun - Total War - Gold Edition
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DCD9CA6-E4AE-4CE7-85AC-58DC35B38242}" = SBK®X Superbike World Championship
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{94838967-2844-4F7B-BB98-22E61654503C}" = SBK®X Superbike World Championship
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.23.0003
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CPUCooL" = CPUCooL (remove only)
"ESN Sonar-0.70.4" = ESN Sonar
"FilesFrog Update Checker" = FilesFrog Update Checker
"FoozKids" = Fooz Kids
"Giant Savings Extension" = Giant Savings Extension
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"MP3jam_is1" = MP3jam 1.0.0.5
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Sniper Elite V2_is1" = Sniper Elite V2
"Steam App 18300" = Spectraball
"Steam App 202920" = Total War: Shogun 2 - TEd
"Steam App 202930" = Total War: Shogun 2 - Assembly Kit
"Steam App 210410" = Max Payne 2 DE
"Steam App 212800" = Super Crate Box
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 21970" = R.U.S.E
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 55140" = MX vs ATV Reflex
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.2
"Wajam" = Wajam
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"DSite" = Update for PDF Reader
"SOE-C:/Users/*****/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
"soe-PlanetSide 2 PSG (2)" = PlanetSide 2 (2)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2013 16:15:43 | Computer Name = MD-19970514 | Source = Application Hang | ID = 1002
Description = Programm GTR2.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1134    Startzeit:
 01ce608cadb8c30e    Endzeit: 219    Anwendungspfad: C:\GTR2\GTR2.exe    Berichts-ID:   
 
Error - 04.06.2013 09:34:52 | Computer Name = MD-19970514 | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.06.2013 10:53:00 | Computer Name = MD-19970514 | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.06.2013 11:00:25 | Computer Name = MD-19970514 | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2013 09:14:01 | Computer Name = MD-19970514 | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2013 09:32:39 | Computer Name = MD-19970514 | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.06.2013 10:00:53 | Computer Name = MD-19970514 | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.06.2013 14:43:18 | Computer Name = MD-19970514 | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.06.2013 08:07:40 | Computer Name = MD-19970514 | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.06.2013 04:16:03 | Computer Name = MD-19970514 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000028000
ID
 des fehlerhaften Prozesses: 0xe20  Startzeit der fehlerhaften Anwendung: 0x01ce64e991b6e046
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: d2b1fa47-d0dc-11e2-85a6-dc0ea125c6fc
 
Error - 09.06.2013 08:10:08 | Computer Name = MD-19970514 | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.06.2013 04:23:43 | Computer Name = MD-19970514 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1115
 
Error - 09.06.2013 04:23:44 | Computer Name = MD-19970514 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet:   %%1062
 
Error - 09.06.2013 08:08:36 | Computer Name = MD-19970514 | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 09.06.2013 08:08:36 | Computer Name = MD-19970514 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 09.06.2013 08:08:58 | Computer Name = MD-19970514 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   mbmiodrvr
 
Error - 09.06.2013 08:09:02 | Computer Name = MD-19970514 | Source = ipnathlp | ID = 34001
Description = 
 
Error - 09.06.2013 08:09:02 | Computer Name = MD-19970514 | Source = ipnathlp | ID = 30013
Description = 
 
Error - 09.06.2013 08:09:58 | Computer Name = MD-19970514 | Source = DCOM | ID = 10016
Description = 
 
Error - 09.06.2013 05:34:37 | Computer Name = MD-19970514 | Source = ipnathlp | ID = 31004
Description = 
 
Error - 09.06.2013 05:34:41 | Computer Name = MD-19970514 | Source = ipnathlp | ID = 30013
Description = 
 
 
< End of report >
Edit:
Was ich noch wissen wollte:
Was soll ich mit dem Trojaner in der Quarantäne machen. Erst mal drin lassen oder Löschen?
Geändert von Margel (09.06.2013 um 12:06 Uhr)

Alt 09.06.2013, 18:17   #7
markusg
/// Malware-holic
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.06.2013, 14:36   #8
Margel
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


So nach kurzer Pause wegen Zeitmangels hier die Scan-Ergebnisse des TDSSKillers:

Ich hätte noch Fragen.
1. Während der Infektion war eine SD Karte im Laptop, kann ich diese Gefahrlos benutzen, oder sollte ich sie erst scannen?
2. Zum Scan: Was ist der WajamUpdater, bzw. das Programm Wajam? Ich habe es schön öfter gesehen, habe aber nicht gewusst was es ist und nun wurde der WajamUpdater vom Killer als Suspecious erkannt. Kann ich das löschen?

Code:
ATTFilter
15:25:58.0120 7000  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:25:58.0247 7000  ============================================================
15:25:58.0247 7000  Current date / time: 2013/06/11 15:25:58.0247
15:25:58.0247 7000  SystemInfo:
15:25:58.0247 7000  
15:25:58.0248 7000  OS Version: 6.1.7601 ServicePack: 1.0
15:25:58.0248 7000  Product type: Workstation
15:25:58.0248 7000  ComputerName: MD-19970514
15:25:58.0248 7000  UserName: Marius
15:25:58.0248 7000  Windows directory: C:\Windows
15:25:58.0248 7000  System windows directory: C:\Windows
15:25:58.0248 7000  Running under WOW64
15:25:58.0248 7000  Processor architecture: Intel x64
15:25:58.0248 7000  Number of processors: 8
15:25:58.0248 7000  Page size: 0x1000
15:25:58.0249 7000  Boot type: Normal boot
15:25:58.0249 7000  ============================================================
15:25:59.0050 7000  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:25:59.0066 7000  ============================================================
15:25:59.0066 7000  \Device\Harddisk0\DR0:
15:25:59.0066 7000  MBR partitions:
15:25:59.0066 7000  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
15:25:59.0066 7000  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x55113000
15:25:59.0066 7000  ============================================================
15:25:59.0092 7000  C: <-> \Device\Harddisk0\DR0\Partition2
15:25:59.0092 7000  ============================================================
15:25:59.0092 7000  Initialize success
15:25:59.0092 7000  ============================================================
15:27:37.0316 6436  ============================================================
15:27:37.0316 6436  Scan started
15:27:37.0316 6436  Mode: Manual; SigCheck; TDLFS; 
15:27:37.0316 6436  ============================================================
15:27:37.0463 6436  ================ Scan system memory ========================
15:27:37.0463 6436  System memory - ok
15:27:37.0464 6436  ================ Scan services =============================
15:27:37.0659 6436  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:27:37.0756 6436  1394ohci - ok
15:27:37.0792 6436  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:27:37.0828 6436  ACPI - ok
15:27:37.0836 6436  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:27:37.0875 6436  AcpiPmi - ok
15:27:37.0960 6436  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:27:37.0983 6436  AdobeARMservice - ok
15:27:38.0101 6436  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:38.0112 6436  AdobeFlashPlayerUpdateSvc - ok
15:27:38.0151 6436  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:27:38.0187 6436  adp94xx - ok
15:27:38.0215 6436  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:27:38.0229 6436  adpahci - ok
15:27:38.0242 6436  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:27:38.0253 6436  adpu320 - ok
15:27:38.0268 6436  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:27:38.0315 6436  AeLookupSvc - ok
15:27:38.0362 6436  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:27:38.0399 6436  AFD - ok
15:27:38.0416 6436  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:27:38.0428 6436  agp440 - ok
15:27:38.0439 6436  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:27:38.0520 6436  ALG - ok
15:27:38.0525 6436  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:27:38.0540 6436  aliide - ok
15:27:38.0545 6436  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:27:38.0552 6436  amdide - ok
15:27:38.0575 6436  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:27:38.0586 6436  AmdK8 - ok
15:27:38.0594 6436  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:27:38.0619 6436  AmdPPM - ok
15:27:38.0644 6436  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:27:38.0653 6436  amdsata - ok
15:27:38.0664 6436  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:27:38.0675 6436  amdsbs - ok
15:27:38.0689 6436  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:27:38.0697 6436  amdxata - ok
15:27:38.0721 6436  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:27:38.0786 6436  AppID - ok
15:27:38.0812 6436  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:27:38.0894 6436  AppIDSvc - ok
15:27:38.0941 6436  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:27:38.0989 6436  Appinfo - ok
15:27:39.0064 6436  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:27:39.0089 6436  Apple Mobile Device - ok
15:27:39.0119 6436  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:27:39.0135 6436  arc - ok
15:27:39.0145 6436  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:27:39.0162 6436  arcsas - ok
15:27:39.0182 6436  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:39.0254 6436  AsyncMac - ok
15:27:39.0276 6436  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:27:39.0283 6436  atapi - ok
15:27:39.0372 6436  [ 956BC6EB96AA09478BD897AF8DF55A62 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:27:39.0500 6436  athr - ok
15:27:39.0580 6436  [ F88EF61BCD43ADDF2C9555430C16CD96 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
15:27:39.0617 6436  atksgt - ok
15:27:39.0663 6436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:27:39.0710 6436  AudioEndpointBuilder - ok
15:27:39.0720 6436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:27:39.0749 6436  AudioSrv - ok
15:27:39.0778 6436  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:27:39.0808 6436  AxInstSV - ok
15:27:39.0843 6436  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:27:39.0913 6436  b06bdrv - ok
15:27:39.0946 6436  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:27:39.0986 6436  b57nd60a - ok
15:27:40.0018 6436  [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
15:27:40.0027 6436  b57xdbd - ok
15:27:40.0034 6436  [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
15:27:40.0041 6436  b57xdmp - ok
15:27:40.0088 6436  [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:27:40.0099 6436  BBSvc - ok
15:27:40.0131 6436  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:27:40.0161 6436  BBUpdate - ok
15:27:40.0203 6436  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:27:40.0259 6436  BDESVC - ok
15:27:40.0276 6436  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:27:40.0343 6436  Beep - ok
15:27:40.0392 6436  [ C8373A882757AE2CD0745D8279782200 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
15:27:40.0423 6436  BEService ( UnsignedFile.Multi.Generic ) - warning
15:27:40.0424 6436  BEService - detected UnsignedFile.Multi.Generic (1)
15:27:40.0484 6436  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:27:40.0573 6436  BFE - ok
15:27:40.0606 6436  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:27:40.0662 6436  BITS - ok
15:27:40.0692 6436  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:27:40.0731 6436  blbdrive - ok
15:27:40.0803 6436  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:27:40.0834 6436  Bonjour Service - ok
15:27:40.0858 6436  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:27:40.0896 6436  bowser - ok
15:27:40.0918 6436  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:27:40.0968 6436  BrFiltLo - ok
15:27:40.0995 6436  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:27:41.0047 6436  BrFiltUp - ok
15:27:41.0089 6436  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:27:41.0121 6436  Browser - ok
15:27:41.0130 6436  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:27:41.0174 6436  Brserid - ok
15:27:41.0180 6436  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:27:41.0212 6436  BrSerWdm - ok
15:27:41.0217 6436  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:27:41.0246 6436  BrUsbMdm - ok
15:27:41.0250 6436  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:27:41.0266 6436  BrUsbSer - ok
15:27:41.0307 6436  [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
15:27:41.0331 6436  bScsiMSa - ok
15:27:41.0355 6436  [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
15:27:41.0369 6436  bScsiSDa - ok
15:27:41.0381 6436  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:27:41.0416 6436  BTHMODEM - ok
15:27:41.0453 6436  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:27:41.0506 6436  bthserv - ok
15:27:41.0526 6436  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:27:41.0600 6436  cdfs - ok
15:27:41.0633 6436  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:27:41.0686 6436  cdrom - ok
15:27:41.0722 6436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:27:41.0801 6436  CertPropSvc - ok
15:27:41.0824 6436  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:27:41.0871 6436  circlass - ok
15:27:41.0901 6436  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:27:41.0934 6436  CLFS - ok
15:27:41.0983 6436  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:42.0004 6436  clr_optimization_v2.0.50727_32 - ok
15:27:42.0029 6436  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:27:42.0050 6436  clr_optimization_v2.0.50727_64 - ok
15:27:42.0113 6436  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:42.0141 6436  clr_optimization_v4.0.30319_32 - ok
15:27:42.0171 6436  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:27:42.0197 6436  clr_optimization_v4.0.30319_64 - ok
15:27:42.0219 6436  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:27:42.0251 6436  CmBatt - ok
15:27:42.0270 6436  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:27:42.0282 6436  cmdide - ok
15:27:42.0329 6436  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:27:42.0359 6436  CNG - ok
15:27:42.0378 6436  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:27:42.0385 6436  Compbatt - ok
15:27:42.0396 6436  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:27:42.0422 6436  CompositeBus - ok
15:27:42.0440 6436  COMSysApp - ok
15:27:42.0445 6436  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:27:42.0452 6436  crcdisk - ok
15:27:42.0486 6436  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:27:42.0550 6436  CryptSvc - ok
15:27:42.0578 6436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:27:42.0642 6436  DcomLaunch - ok
15:27:42.0681 6436  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:27:42.0756 6436  defragsvc - ok
15:27:42.0786 6436  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:27:42.0854 6436  DfsC - ok
15:27:42.0892 6436  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:27:42.0976 6436  Dhcp - ok
15:27:42.0992 6436  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:27:43.0026 6436  discache - ok
15:27:43.0045 6436  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:27:43.0053 6436  Disk - ok
15:27:43.0070 6436  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:27:43.0130 6436  Dnscache - ok
15:27:43.0157 6436  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:27:43.0241 6436  dot3svc - ok
15:27:43.0270 6436  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:27:43.0342 6436  DPS - ok
15:27:43.0382 6436  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:27:43.0432 6436  drmkaud - ok
15:27:43.0498 6436  [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:27:43.0529 6436  DsiWMIService - ok
15:27:43.0569 6436  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:27:43.0586 6436  dtsoftbus01 - ok
15:27:43.0639 6436  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:27:43.0711 6436  DXGKrnl - ok
15:27:43.0742 6436  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:27:43.0808 6436  EapHost - ok
15:27:43.0902 6436  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:27:44.0043 6436  ebdrv - ok
15:27:44.0078 6436  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:27:44.0109 6436  EFS - ok
15:27:44.0156 6436  [ 5332EC2BA1C112BD4BB1F38127848FEF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:27:44.0183 6436  EgisTec Ticket Service - ok
15:27:44.0242 6436  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:27:44.0343 6436  ehRecvr - ok
15:27:44.0355 6436  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:27:44.0402 6436  ehSched - ok
15:27:44.0466 6436  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:27:44.0497 6436  elxstor - ok
15:27:44.0563 6436  [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:27:44.0610 6436  ePowerSvc - ok
15:27:44.0613 6436  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:27:44.0642 6436  ErrDev - ok
15:27:44.0676 6436  [ DBAA0C650C9549DC5C599D1E81DEDAAD ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
15:27:44.0687 6436  ETD - ok
15:27:44.0714 6436  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:27:44.0766 6436  EventSystem - ok
15:27:44.0809 6436  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:27:44.0858 6436  exfat - ok
15:27:44.0894 6436  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:27:44.0969 6436  fastfat - ok
15:27:45.0008 6436  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:27:45.0073 6436  Fax - ok
15:27:45.0085 6436  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:27:45.0101 6436  fdc - ok
15:27:45.0118 6436  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:27:45.0182 6436  fdPHost - ok
15:27:45.0213 6436  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:27:45.0279 6436  FDResPub - ok
15:27:45.0309 6436  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:27:45.0318 6436  FileInfo - ok
15:27:45.0323 6436  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:27:45.0351 6436  Filetrace - ok
15:27:45.0375 6436  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:27:45.0394 6436  FLEXnet Licensing Service - ok
15:27:45.0408 6436  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:27:45.0417 6436  flpydisk - ok
15:27:45.0429 6436  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:27:45.0442 6436  FltMgr - ok
15:27:45.0470 6436  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:27:45.0545 6436  FontCache - ok
15:27:45.0591 6436  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:27:45.0611 6436  FontCache3.0.0.0 - ok
15:27:45.0625 6436  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:27:45.0641 6436  FsDepends - ok
15:27:45.0663 6436  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:27:45.0678 6436  Fs_Rec - ok
15:27:45.0725 6436  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:27:45.0757 6436  fvevol - ok
15:27:45.0786 6436  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:27:45.0801 6436  gagp30kx - ok
15:27:45.0830 6436  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:27:45.0842 6436  GEARAspiWDM - ok
15:27:45.0872 6436  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:27:45.0916 6436  gpsvc - ok
15:27:45.0961 6436  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:27:45.0982 6436  GREGService - ok
15:27:46.0036 6436  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:27:46.0052 6436  gupdate - ok
15:27:46.0077 6436  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:27:46.0095 6436  gupdatem - ok
15:27:46.0130 6436  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:27:46.0144 6436  hamachi - ok
15:27:46.0167 6436  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:27:46.0226 6436  hcw85cir - ok
15:27:46.0253 6436  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:27:46.0304 6436  HdAudAddService - ok
15:27:46.0336 6436  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:27:46.0374 6436  HDAudBus - ok
15:27:46.0377 6436  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:27:46.0397 6436  HidBatt - ok
15:27:46.0419 6436  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:27:46.0468 6436  HidBth - ok
15:27:46.0486 6436  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:27:46.0504 6436  HidIr - ok
15:27:46.0525 6436  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:27:46.0564 6436  hidserv - ok
15:27:46.0584 6436  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:27:46.0594 6436  HidUsb - ok
15:27:46.0609 6436  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:27:46.0655 6436  hkmsvc - ok
15:27:46.0681 6436  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:27:46.0699 6436  HomeGroupListener - ok
15:27:46.0727 6436  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:27:46.0760 6436  HomeGroupProvider - ok
15:27:46.0793 6436  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:27:46.0804 6436  HpSAMD - ok
15:27:46.0843 6436  [ BBC89DA4065BDCE34257BE95B2F636EE ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
15:27:46.0853 6436  HssDRV6 - ok
15:27:46.0874 6436  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:27:46.0941 6436  HTTP - ok
15:27:46.0968 6436  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:27:46.0975 6436  hwpolicy - ok
15:27:46.0994 6436  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:27:47.0004 6436  i8042prt - ok
15:27:47.0028 6436  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:27:47.0041 6436  iaStor - ok
15:27:47.0087 6436  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:27:47.0093 6436  IAStorDataMgrSvc - ok
15:27:47.0115 6436  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:27:47.0131 6436  iaStorV - ok
15:27:47.0166 6436  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:27:47.0188 6436  idsvc - ok
15:27:47.0396 6436  [ 9937600A1584FF00565D5379EB4C9EDB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:27:47.0756 6436  igfx - ok
15:27:47.0790 6436  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:27:47.0799 6436  iirsp - ok
15:27:47.0830 6436  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:27:47.0886 6436  IKEEXT - ok
15:27:47.0982 6436  [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:27:48.0065 6436  IntcAzAudAddService - ok
15:27:48.0106 6436  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:27:48.0119 6436  IntcDAud - ok
15:27:48.0122 6436  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:27:48.0129 6436  intelide - ok
15:27:48.0162 6436  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:27:48.0202 6436  intelppm - ok
15:27:48.0250 6436  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:27:48.0333 6436  IPBusEnum - ok
15:27:48.0353 6436  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:48.0397 6436  IpFilterDriver - ok
15:27:48.0444 6436  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:27:48.0484 6436  iphlpsvc - ok
15:27:48.0504 6436  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:27:48.0540 6436  IPMIDRV - ok
15:27:48.0562 6436  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:27:48.0621 6436  IPNAT - ok
15:27:48.0703 6436  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:27:48.0747 6436  iPod Service - ok
15:27:48.0764 6436  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:27:48.0779 6436  IRENUM - ok
15:27:48.0786 6436  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:27:48.0795 6436  isapnp - ok
15:27:48.0808 6436  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:27:48.0823 6436  iScsiPrt - ok
15:27:48.0856 6436  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
15:27:48.0874 6436  k57nd60a - ok
15:27:48.0896 6436  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:27:48.0908 6436  kbdclass - ok
15:27:48.0919 6436  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:27:48.0946 6436  kbdhid - ok
15:27:48.0971 6436  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:27:48.0983 6436  KeyIso - ok
15:27:49.0000 6436  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:27:49.0013 6436  KSecDD - ok
15:27:49.0037 6436  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:27:49.0052 6436  KSecPkg - ok
15:27:49.0072 6436  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:27:49.0129 6436  ksthunk - ok
15:27:49.0163 6436  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:27:49.0253 6436  KtmRm - ok
15:27:49.0303 6436  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:27:49.0383 6436  LanmanServer - ok
15:27:49.0402 6436  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:27:49.0446 6436  LanmanWorkstation - ok
15:27:49.0518 6436  [ 8E4CA9AFD55EF6B509C80A8715ABF8C6 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
15:27:49.0537 6436  lirsgt - ok
15:27:49.0580 6436  [ 93B73DED2BC688F140C6AE2FBAD45789 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:27:49.0599 6436  Live Updater Service - ok
15:27:49.0627 6436  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:27:49.0688 6436  lltdio - ok
15:27:49.0718 6436  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:27:49.0774 6436  lltdsvc - ok
15:27:49.0795 6436  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:27:49.0845 6436  lmhosts - ok
15:27:49.0885 6436  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:27:49.0917 6436  LMS - ok
15:27:49.0946 6436  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:27:49.0959 6436  LSI_FC - ok
15:27:49.0980 6436  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:27:49.0992 6436  LSI_SAS - ok
15:27:50.0006 6436  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:27:50.0018 6436  LSI_SAS2 - ok
15:27:50.0025 6436  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:27:50.0036 6436  LSI_SCSI - ok
15:27:50.0045 6436  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:27:50.0092 6436  luafv - ok
15:27:50.0178 6436  [ 2E1652D8AB971403EAADDC921800B1FA ] mbmiodrvr       C:\Windows\syswow64\mbmiodrvr.sys
15:27:50.0206 6436  mbmiodrvr ( UnsignedFile.Multi.Generic ) - warning
15:27:50.0206 6436  mbmiodrvr - detected UnsignedFile.Multi.Generic (1)
15:27:50.0242 6436  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:27:50.0288 6436  Mcx2Svc - ok
15:27:50.0315 6436  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:27:50.0340 6436  megasas - ok
15:27:50.0381 6436  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:27:50.0403 6436  MegaSR - ok
15:27:50.0445 6436  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:27:50.0459 6436  MEIx64 - ok
15:27:50.0523 6436  Microsoft SharePoint Workspace Audit Service - ok
15:27:50.0548 6436  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:27:50.0617 6436  MMCSS - ok
15:27:50.0620 6436  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:27:50.0673 6436  Modem - ok
15:27:50.0708 6436  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:27:50.0757 6436  monitor - ok
15:27:50.0778 6436  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:27:50.0788 6436  mouclass - ok
15:27:50.0802 6436  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:27:50.0827 6436  mouhid - ok
15:27:50.0859 6436  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:27:50.0870 6436  mountmgr - ok
15:27:50.0918 6436  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:27:50.0951 6436  MpFilter - ok
15:27:50.0964 6436  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:27:50.0977 6436  mpio - ok
15:27:50.0987 6436  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:27:51.0015 6436  mpsdrv - ok
15:27:51.0045 6436  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:27:51.0083 6436  MpsSvc - ok
15:27:51.0097 6436  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:27:51.0149 6436  MRxDAV - ok
15:27:51.0177 6436  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:51.0211 6436  mrxsmb - ok
15:27:51.0237 6436  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:51.0259 6436  mrxsmb10 - ok
15:27:51.0274 6436  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:51.0313 6436  mrxsmb20 - ok
15:27:51.0335 6436  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:27:51.0358 6436  msahci - ok
15:27:51.0371 6436  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:27:51.0389 6436  msdsm - ok
15:27:51.0416 6436  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:27:51.0437 6436  MSDTC - ok
15:27:51.0456 6436  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:27:51.0488 6436  Msfs - ok
15:27:51.0502 6436  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:27:51.0560 6436  mshidkmdf - ok
15:27:51.0577 6436  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:27:51.0585 6436  msisadrv - ok
15:27:51.0602 6436  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:27:51.0647 6436  MSiSCSI - ok
15:27:51.0650 6436  msiserver - ok
15:27:51.0673 6436  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:27:51.0700 6436  MSKSSRV - ok
15:27:51.0761 6436  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:27:51.0788 6436  MsMpSvc - ok
15:27:51.0815 6436  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:51.0887 6436  MSPCLOCK - ok
15:27:51.0909 6436  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:27:51.0977 6436  MSPQM - ok
15:27:52.0005 6436  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:27:52.0019 6436  MsRPC - ok
15:27:52.0032 6436  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:27:52.0039 6436  mssmbios - ok
15:27:52.0054 6436  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:27:52.0125 6436  MSTEE - ok
15:27:52.0149 6436  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:27:52.0157 6436  MTConfig - ok
15:27:52.0167 6436  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:27:52.0176 6436  Mup - ok
15:27:52.0194 6436  [ C009123B206C56854F4E88596035231D ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:27:52.0201 6436  mwlPSDFilter - ok
15:27:52.0206 6436  [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:27:52.0213 6436  mwlPSDNServ - ok
15:27:52.0221 6436  [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:27:52.0229 6436  mwlPSDVDisk - ok
15:27:52.0250 6436  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:27:52.0298 6436  napagent - ok
15:27:52.0345 6436  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:27:52.0408 6436  NativeWifiP - ok
15:27:52.0457 6436  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:27:52.0512 6436  NDIS - ok
15:27:52.0538 6436  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:27:52.0576 6436  NdisCap - ok
15:27:52.0598 6436  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:27:52.0624 6436  NdisTapi - ok
15:27:52.0635 6436  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:27:52.0662 6436  Ndisuio - ok
15:27:52.0673 6436  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:27:52.0723 6436  NdisWan - ok
15:27:52.0743 6436  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:27:52.0769 6436  NDProxy - ok
15:27:52.0780 6436  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:27:52.0828 6436  NetBIOS - ok
15:27:52.0851 6436  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:27:52.0879 6436  NetBT - ok
15:27:52.0899 6436  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:27:52.0908 6436  Netlogon - ok
15:27:52.0929 6436  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:27:52.0976 6436  Netman - ok
15:27:53.0001 6436  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:27:53.0077 6436  netprofm - ok
15:27:53.0103 6436  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:27:53.0110 6436  NetTcpPortSharing - ok
15:27:53.0138 6436  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:27:53.0148 6436  nfrd960 - ok
15:27:53.0196 6436  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:27:53.0222 6436  NisDrv - ok
15:27:53.0266 6436  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
15:27:53.0290 6436  NisSrv - ok
15:27:53.0335 6436  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:27:53.0390 6436  NlaSvc - ok
15:27:53.0507 6436  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:27:53.0619 6436  NOBU - ok
15:27:53.0640 6436  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:27:53.0666 6436  Npfs - ok
15:27:53.0688 6436  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:27:53.0714 6436  nsi - ok
15:27:53.0725 6436  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:27:53.0766 6436  nsiproxy - ok
15:27:53.0830 6436  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:27:53.0909 6436  Ntfs - ok
15:27:53.0953 6436  [ 1873214666F6F0A883742DF91FBC48C9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
15:27:53.0962 6436  NTI IScheduleSvc - ok
15:27:53.0989 6436  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
15:27:53.0997 6436  NTIDrvr - ok
15:27:54.0013 6436  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:27:54.0066 6436  Null - ok
15:27:54.0094 6436  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
15:27:54.0102 6436  nusb3hub - ok
15:27:54.0129 6436  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:27:54.0155 6436  nusb3xhc - ok
15:27:54.0412 6436  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:27:54.0725 6436  nvlddmkm - ok
15:27:54.0750 6436  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
15:27:54.0758 6436  nvpciflt - ok
15:27:54.0781 6436  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:27:54.0792 6436  nvraid - ok
15:27:54.0800 6436  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:27:54.0812 6436  nvstor - ok
15:27:54.0860 6436  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:27:54.0883 6436  nvsvc - ok
15:27:54.0952 6436  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:27:55.0013 6436  nvUpdatusService - ok
15:27:55.0028 6436  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:27:55.0037 6436  nv_agp - ok
15:27:55.0053 6436  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:27:55.0094 6436  ohci1394 - ok
15:27:55.0166 6436  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:55.0192 6436  ose - ok
15:27:55.0357 6436  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:27:55.0505 6436  osppsvc - ok
15:27:55.0535 6436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:27:55.0553 6436  p2pimsvc - ok
15:27:55.0578 6436  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:27:55.0593 6436  p2psvc - ok
15:27:55.0620 6436  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:27:55.0630 6436  Parport - ok
15:27:55.0654 6436  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:27:55.0663 6436  partmgr - ok
15:27:55.0677 6436  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:27:55.0711 6436  PcaSvc - ok
15:27:55.0733 6436  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:27:55.0744 6436  pci - ok
15:27:55.0753 6436  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:27:55.0760 6436  pciide - ok
15:27:55.0765 6436  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:27:55.0778 6436  pcmcia - ok
15:27:55.0788 6436  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:27:55.0796 6436  pcw - ok
15:27:55.0813 6436  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:27:55.0867 6436  PEAUTH - ok
15:27:55.0895 6436  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:27:55.0927 6436  PerfHost - ok
15:27:55.0977 6436  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:27:56.0033 6436  pla - ok
15:27:56.0075 6436  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:27:56.0123 6436  PlugPlay - ok
15:27:56.0155 6436  PnkBstrA - ok
15:27:56.0180 6436  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:27:56.0229 6436  PNRPAutoReg - ok
15:27:56.0261 6436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:27:56.0286 6436  PNRPsvc - ok
15:27:56.0326 6436  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:27:56.0406 6436  PolicyAgent - ok
15:27:56.0439 6436  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:27:56.0506 6436  Power - ok
15:27:56.0537 6436  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:27:56.0606 6436  PptpMiniport - ok
15:27:56.0640 6436  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:27:56.0690 6436  Processor - ok
15:27:56.0731 6436  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:27:56.0778 6436  ProfSvc - ok
15:27:56.0794 6436  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:27:56.0809 6436  ProtectedStorage - ok
15:27:56.0831 6436  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:27:56.0902 6436  Psched - ok
15:27:56.0971 6436  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:27:57.0035 6436  ql2300 - ok
15:27:57.0054 6436  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:27:57.0065 6436  ql40xx - ok
15:27:57.0086 6436  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:27:57.0103 6436  QWAVE - ok
15:27:57.0113 6436  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:27:57.0141 6436  QWAVEdrv - ok
15:27:57.0158 6436  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:27:57.0184 6436  RasAcd - ok
15:27:57.0211 6436  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:27:57.0252 6436  RasAgileVpn - ok
15:27:57.0279 6436  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:27:57.0348 6436  RasAuto - ok
15:27:57.0374 6436  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:57.0403 6436  Rasl2tp - ok
15:27:57.0430 6436  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:27:57.0479 6436  RasMan - ok
15:27:57.0503 6436  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:57.0548 6436  RasPppoe - ok
15:27:57.0581 6436  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:27:57.0646 6436  RasSstp - ok
15:27:57.0660 6436  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:27:57.0690 6436  rdbss - ok
15:27:57.0699 6436  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:27:57.0727 6436  rdpbus - ok
15:27:57.0745 6436  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:57.0771 6436  RDPCDD - ok
15:27:57.0793 6436  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:27:57.0862 6436  RDPENCDD - ok
15:27:57.0875 6436  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:27:57.0901 6436  RDPREFMP - ok
15:27:57.0949 6436  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:27:58.0010 6436  RdpVideoMiniport - ok
15:27:58.0042 6436  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:27:58.0080 6436  RDPWD - ok
15:27:58.0119 6436  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:27:58.0149 6436  rdyboost - ok
15:27:58.0177 6436  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:27:58.0244 6436  RemoteAccess - ok
15:27:58.0281 6436  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:27:58.0343 6436  RemoteRegistry - ok
15:27:58.0366 6436  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:27:58.0440 6436  RpcEptMapper - ok
15:27:58.0463 6436  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:27:58.0493 6436  RpcLocator - ok
15:27:58.0521 6436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:27:58.0549 6436  RpcSs - ok
15:27:58.0572 6436  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:27:58.0635 6436  rspndr - ok
15:27:58.0655 6436  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:27:58.0663 6436  SamSs - ok
15:27:58.0673 6436  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:27:58.0682 6436  sbp2port - ok
15:27:58.0695 6436  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:27:58.0725 6436  SCardSvr - ok
15:27:58.0731 6436  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:27:58.0778 6436  scfilter - ok
15:27:58.0811 6436  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:27:58.0868 6436  Schedule - ok
15:27:58.0892 6436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:27:58.0917 6436  SCPolicySvc - ok
15:27:58.0930 6436  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:27:58.0958 6436  sdbus - ok
15:27:58.0979 6436  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:27:59.0038 6436  SDRSVC - ok
15:27:59.0054 6436  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:27:59.0107 6436  secdrv - ok
15:27:59.0129 6436  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:27:59.0174 6436  seclogon - ok
15:27:59.0197 6436  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:27:59.0225 6436  SENS - ok
15:27:59.0250 6436  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:27:59.0311 6436  SensrSvc - ok
15:27:59.0320 6436  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:27:59.0358 6436  Serenum - ok
15:27:59.0406 6436  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:27:59.0455 6436  Serial - ok
15:27:59.0475 6436  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:27:59.0508 6436  sermouse - ok
15:27:59.0549 6436  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:27:59.0622 6436  SessionEnv - ok
15:27:59.0646 6436  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:27:59.0696 6436  sffdisk - ok
15:27:59.0699 6436  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:27:59.0722 6436  sffp_mmc - ok
15:27:59.0726 6436  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:27:59.0750 6436  sffp_sd - ok
15:27:59.0772 6436  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:27:59.0815 6436  sfloppy - ok
15:27:59.0864 6436  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:27:59.0929 6436  SharedAccess - ok
15:27:59.0962 6436  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:28:00.0040 6436  ShellHWDetection - ok
15:28:00.0066 6436  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:28:00.0075 6436  SiSRaid2 - ok
15:28:00.0084 6436  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:28:00.0093 6436  SiSRaid4 - ok
15:28:00.0137 6436  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:28:00.0145 6436  SkypeUpdate - ok
15:28:00.0160 6436  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:28:00.0201 6436  Smb - ok
15:28:00.0236 6436  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:28:00.0288 6436  SNMPTRAP - ok
15:28:00.0309 6436  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:28:00.0317 6436  spldr - ok
15:28:00.0353 6436  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:28:00.0402 6436  Spooler - ok
15:28:00.0486 6436  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:28:00.0603 6436  sppsvc - ok
15:28:00.0624 6436  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:28:00.0651 6436  sppuinotify - ok
15:28:00.0666 6436  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:28:00.0698 6436  srv - ok
15:28:00.0736 6436  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:28:00.0766 6436  srv2 - ok
15:28:00.0788 6436  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:28:00.0799 6436  srvnet - ok
15:28:00.0831 6436  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:28:00.0921 6436  SSDPSRV - ok
15:28:00.0978 6436  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:28:01.0028 6436  SstpSvc - ok
15:28:01.0067 6436  Steam Client Service - ok
15:28:01.0075 6436  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:28:01.0083 6436  stexstor - ok
15:28:01.0121 6436  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:28:01.0161 6436  stisvc - ok
15:28:01.0193 6436  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:28:01.0214 6436  swenum - ok
15:28:01.0240 6436  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:28:01.0310 6436  swprv - ok
15:28:01.0372 6436  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:28:01.0459 6436  SysMain - ok
15:28:01.0481 6436  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:28:01.0504 6436  TabletInputService - ok
15:28:01.0538 6436  [ B70DF208E97536CA9F29289E609F5B16 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
15:28:01.0551 6436  taphss - ok
15:28:01.0565 6436  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:28:01.0612 6436  TapiSrv - ok
15:28:01.0633 6436  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:28:01.0711 6436  TBS - ok
15:28:01.0778 6436  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:28:01.0865 6436  Tcpip - ok
15:28:01.0923 6436  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:28:01.0961 6436  TCPIP6 - ok
15:28:02.0007 6436  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:28:02.0035 6436  tcpipreg - ok
15:28:02.0053 6436  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:28:02.0080 6436  TDPIPE - ok
15:28:02.0101 6436  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:28:02.0115 6436  TDTCP - ok
15:28:02.0134 6436  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:28:02.0169 6436  tdx - ok
15:28:02.0178 6436  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:28:02.0187 6436  TermDD - ok
15:28:02.0218 6436  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:28:02.0249 6436  TermService - ok
15:28:02.0262 6436  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:28:02.0276 6436  Themes - ok
15:28:02.0298 6436  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:28:02.0325 6436  THREADORDER - ok
15:28:02.0342 6436  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:28:02.0370 6436  TrkWks - ok
15:28:02.0406 6436  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:28:02.0435 6436  TrustedInstaller - ok
15:28:02.0446 6436  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:28:02.0486 6436  tssecsrv - ok
15:28:02.0528 6436  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:28:02.0597 6436  TsUsbFlt - ok
15:28:02.0626 6436  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:28:02.0642 6436  TsUsbGD - ok
15:28:02.0672 6436  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:28:02.0726 6436  tunnel - ok
15:28:02.0738 6436  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
15:28:02.0746 6436  TurboB - ok
15:28:02.0768 6436  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:28:02.0777 6436  TurboBoost - ok
15:28:02.0786 6436  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:28:02.0795 6436  uagp35 - ok
15:28:02.0802 6436  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:28:02.0809 6436  UBHelper - ok
15:28:02.0825 6436  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:28:02.0874 6436  udfs - ok
15:28:02.0908 6436  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:28:02.0919 6436  UI0Detect - ok
15:28:02.0944 6436  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:28:02.0953 6436  uliagpkx - ok
15:28:02.0970 6436  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:28:02.0996 6436  umbus - ok
15:28:03.0017 6436  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:28:03.0051 6436  UmPass - ok
15:28:03.0166 6436  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:28:03.0274 6436  UNS - ok
15:28:03.0295 6436  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:28:03.0346 6436  upnphost - ok
15:28:03.0381 6436  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:28:03.0387 6436  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
15:28:03.0387 6436  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
15:28:03.0411 6436  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:28:03.0437 6436  usbccgp - ok
15:28:03.0458 6436  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:28:03.0479 6436  usbcir - ok
15:28:03.0503 6436  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:28:03.0536 6436  usbehci - ok
15:28:03.0579 6436  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
15:28:03.0620 6436  usbhub - ok
15:28:03.0641 6436  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:28:03.0677 6436  usbohci - ok
15:28:03.0707 6436  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:28:03.0753 6436  usbprint - ok
15:28:03.0780 6436  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:28:03.0799 6436  USBSTOR - ok
15:28:03.0814 6436  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:28:03.0856 6436  usbuhci - ok
15:28:03.0892 6436  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:28:03.0928 6436  usbvideo - ok
15:28:03.0944 6436  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:28:03.0988 6436  UxSms - ok
15:28:04.0007 6436  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:28:04.0016 6436  VaultSvc - ok
15:28:04.0039 6436  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:28:04.0048 6436  vdrvroot - ok
15:28:04.0070 6436  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:28:04.0105 6436  vds - ok
15:28:04.0117 6436  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:28:04.0129 6436  vga - ok
15:28:04.0131 6436  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:28:04.0173 6436  VgaSave - ok
15:28:04.0195 6436  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:28:04.0207 6436  vhdmp - ok
15:28:04.0210 6436  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:28:04.0217 6436  viaide - ok
15:28:04.0227 6436  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:28:04.0236 6436  volmgr - ok
15:28:04.0253 6436  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:28:04.0267 6436  volmgrx - ok
15:28:04.0284 6436  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:28:04.0294 6436  volsnap - ok
15:28:04.0320 6436  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:28:04.0332 6436  vsmraid - ok
15:28:04.0372 6436  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:28:04.0446 6436  VSS - ok
15:28:04.0464 6436  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:28:04.0476 6436  vwifibus - ok
15:28:04.0499 6436  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:28:04.0529 6436  vwififlt - ok
15:28:04.0558 6436  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:28:04.0572 6436  vwifimp - ok
15:28:04.0583 6436  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:28:04.0615 6436  W32Time - ok
15:28:04.0634 6436  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:28:04.0662 6436  WacomPen - ok
15:28:04.0733 6436  [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
15:28:04.0767 6436  WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
15:28:04.0767 6436  WajamUpdater - detected UnsignedFile.Multi.Generic (1)
15:28:04.0802 6436  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:28:04.0869 6436  WANARP - ok
15:28:04.0891 6436  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:28:04.0917 6436  Wanarpv6 - ok
15:28:04.0978 6436  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:28:05.0039 6436  WatAdminSvc - ok
15:28:05.0076 6436  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:28:05.0156 6436  wbengine - ok
15:28:05.0165 6436  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:28:05.0182 6436  WbioSrvc - ok
15:28:05.0195 6436  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:28:05.0214 6436  wcncsvc - ok
15:28:05.0293 6436  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:28:05.0335 6436  WcsPlugInService - ok
15:28:05.0354 6436  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:28:05.0370 6436  Wd - ok
15:28:05.0413 6436  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:28:05.0454 6436  Wdf01000 - ok
15:28:05.0477 6436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:28:05.0581 6436  WdiServiceHost - ok
15:28:05.0584 6436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:28:05.0604 6436  WdiSystemHost - ok
15:28:05.0620 6436  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:28:05.0657 6436  WebClient - ok
15:28:05.0678 6436  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:28:05.0740 6436  Wecsvc - ok
15:28:05.0761 6436  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:28:05.0789 6436  wercplsupport - ok
15:28:05.0812 6436  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:28:05.0840 6436  WerSvc - ok
15:28:05.0858 6436  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:28:05.0884 6436  WfpLwf - ok
15:28:05.0895 6436  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:28:05.0902 6436  WIMMount - ok
15:28:05.0916 6436  WinDefend - ok
15:28:05.0919 6436  WinHttpAutoProxySvc - ok
15:28:05.0956 6436  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:28:05.0986 6436  Winmgmt - ok
15:28:06.0027 6436  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:28:06.0092 6436  WinRM - ok
15:28:06.0122 6436  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:28:06.0166 6436  Wlansvc - ok
15:28:06.0226 6436  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:28:06.0245 6436  wlcrasvc - ok
15:28:06.0326 6436  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:28:06.0415 6436  wlidsvc - ok
15:28:06.0437 6436  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:28:06.0473 6436  WmiAcpi - ok
15:28:06.0508 6436  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:28:06.0557 6436  wmiApSrv - ok
15:28:06.0599 6436  WMPNetworkSvc - ok
15:28:06.0616 6436  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:28:06.0637 6436  WPCSvc - ok
15:28:06.0652 6436  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:28:06.0672 6436  WPDBusEnum - ok
15:28:06.0689 6436  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:28:06.0727 6436  ws2ifsl - ok
15:28:06.0742 6436  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:28:06.0774 6436  wscsvc - ok
15:28:06.0803 6436  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:28:06.0833 6436  WSDPrintDevice - ok
15:28:06.0837 6436  WSearch - ok
15:28:06.0893 6436  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:28:06.0988 6436  wuauserv - ok
15:28:07.0018 6436  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:28:07.0065 6436  WudfPf - ok
15:28:07.0102 6436  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:28:07.0133 6436  WUDFRd - ok
15:28:07.0144 6436  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:28:07.0181 6436  wudfsvc - ok
15:28:07.0216 6436  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:28:07.0250 6436  WwanSvc - ok
15:28:07.0268 6436  ================ Scan global ===============================
15:28:07.0288 6436  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:28:07.0314 6436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:28:07.0325 6436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:28:07.0343 6436  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:28:07.0361 6436  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:28:07.0365 6436  [Global] - ok
15:28:07.0366 6436  ================ Scan MBR ==================================
15:28:07.0386 6436  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:28:07.0914 6436  \Device\Harddisk0\DR0 - ok
15:28:07.0915 6436  ================ Scan VBR ==================================
15:28:07.0920 6436  [ 05493C156F1EDD25F61B5256A83866AC ] \Device\Harddisk0\DR0\Partition1
15:28:07.0924 6436  \Device\Harddisk0\DR0\Partition1 - ok
15:28:07.0957 6436  [ 0FBBCD5491A644E167F54DDB97CDE945 ] \Device\Harddisk0\DR0\Partition2
15:28:07.0961 6436  \Device\Harddisk0\DR0\Partition2 - ok
15:28:07.0962 6436  ============================================================
15:28:07.0962 6436  Scan finished
15:28:07.0962 6436  ============================================================
15:28:07.0978 0772  Detected object count: 4
15:28:07.0978 0772  Actual detected object count: 4
15:28:23.0648 0772  BEService ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:23.0648 0772  BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:23.0649 0772  mbmiodrvr ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:23.0649 0772  mbmiodrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:23.0651 0772  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:23.0652 0772  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:28:23.0654 0772  WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:23.0654 0772  WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:19.0017 4276  Deinitialize success

Alt 11.06.2013, 17:59   #9
markusg
/// Malware-holic
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


WajamUpdater
kann erst mal bleiben, sd karte is ok
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.06.2013, 18:43   #10
Margel
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


Combofix Log

Code:
ATTFilter
ComboFix 13-06-08.02 - Marius 11.06.2013  19:27:11.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8044.5969 [GMT 2:00]
ausgeführt von:: c:\users\Marius\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\Giant Savings Extension\GiANt savings extension.dll
c:\users\Marius\AppData\Roaming\Microsoft\Windows\Recent\Arma 2 Operation Arrowhead.url
c:\users\Marius\AppData\Roaming\Microsoft\Windows\Recent\Total War SHOGUN 2.url
c:\users\Marius\AppData\Roaming\skype.ini
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\tmp2BD0.tmp
c:\windows\SysWow64\tmp2BF1.tmp
c:\windows\SysWow64\tmp3E2C.tmp
c:\windows\SysWow64\tmp3E4C.tmp
c:\windows\SysWow64\tmpCF40.tmp
c:\windows\SysWow64\tmpCF41.tmp
c:\windows\SysWow64\tmpEC14.tmp
c:\windows\SysWow64\tmpEC24.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-11 bis 2013-06-11  ))))))))))))))))))))))))))))))
.
.
2013-06-11 17:32 . 2013-06-11 17:32	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-11 17:32 . 2013-06-11 17:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-10 19:11 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{165452B3-8216-4D55-84A7-EBC791FD0468}\mpengine.dll
2013-06-09 17:07 . 2013-06-09 17:09	--------	d-----w-	c:\users\Test
2013-06-09 09:19 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-25 13:33 . 2013-05-25 13:37	--------	d-----w-	C:\GTR2
2013-05-21 13:03 . 2013-05-21 13:02	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F11E46F5-D904-4F9F-B233-201B860CF627}\gapaengine.dll
2013-05-15 16:16 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-15 16:16 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-15 16:16 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-15 15:59 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 15:59 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 15:59 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 15:59 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 15:59 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 15:59 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 15:59 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 15:59 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 15:59 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 15:59 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 15:59 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 15:58 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-02 14:59 . 2012-08-29 15:09	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-06-02 14:59 . 2012-03-09 16:14	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-06-02 14:58 . 2012-03-09 15:55	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-05-16 15:31 . 2012-08-04 11:29	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 15:31 . 2012-08-04 11:29	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-03 14:15 . 2012-03-03 07:22	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-02 12:06 . 2012-02-25 19:33	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2013-05-02 12:06 . 2012-02-25 19:33	121880	----a-w-	c:\windows\system32\OpenAL32.dll
2013-05-02 12:06 . 2012-02-25 19:33	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-05-02 12:06 . 2012-02-25 19:33	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-04-24 17:42 . 2012-06-13 11:49	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-15 15:59	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 15:59	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 15:59	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 15:59	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 15:59	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 15:59	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:03	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-11 15:17	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 15:17	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 15:17	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 15:17	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 15:17	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 15:17	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 13:43	1519272	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-05-16 18:37	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2012-05-31 200784]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-09 09:33	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 15:31]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 12:08]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 12:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://web.de/
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://search.privitize.com/?aff=7
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{C0EF4A0D-C7C9-4ECB-ABF9-137EE410D468}\64259445A51224F6870264F6E60275C414E40273339303: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{C0EF4A0D-C7C9-4ECB-ABF9-137EE410D468}\75C414E4D2030313344314434473244354: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110211181110} - c:\program files (x86)\Giant Savings Extension\Giant Savings Extension.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11  19:33:45
ComboFix-quarantined-files.txt  2013-06-11 17:33
.
Vor Suchlauf: 11 Verzeichnis(se), 435.424.731.136 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 434.897.547.264 Bytes frei
.
- - End Of File - - 0A8C3E26C744CE56D3C08EACF7D25F1A
D41D8CD98F00B204E9800998ECF8427E

Alt 11.06.2013, 18:59   #11
markusg
/// Malware-holic
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


hallo,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 14:47   #12
Margel
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


hi,
Hab Malwarbytes sogar fast 2x durchlaufen lassen und es hat nichts gefunden (das erste mal hab ich versehentlich ein paar Minuten vor Schluss abgebrochen, deswegen keine Logfile davon).

Logfile vom 2. Durchgang

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marius :: MD-19970514 [Administrator]

11.06.2013 21:29:07
mbam-log-2013-06-11 (21-29-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 505796
Laufzeit: 1 Stunde(n), 1 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 12.06.2013, 14:49   #13
markusg
/// Malware-holic
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 15:21   #14
Margel
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


Hi,
Hier die Liste mit den Programmen:

Code:
ATTFilter
Acer Backup Manager	NTI Corporation	13.10.2011	336MB	3.0.0.99                                 unbekannt
Acer Crystal Eye Webcam	CyberLink Corp.	11.01.2012	33.7MB	1.0.1904                                 unbekannt
Acer ePower Management	Acer Incorporated	11.01.2012		6.00.3008                        unbekannt
Acer eRecovery Management	Acer Incorporated	13.10.2011		5.00.3504                unbekannt
Acer Registration	Acer Incorporated	11.01.2012		1.04.3504                        unbekannt
Acer ScreenSaver	Acer Incorporated	11.01.2012		1.1.0913.2011                    unbekannt
Acer Updater	Acer Incorporated	13.10.2011		1.02.3500                                unbekannt     
Adobe AIR	Adobe Systems Incorporated	14.10.2011		2.7.1.19610                      unbekannt
Adobe Download Assistant	Adobe Systems Incorporated	07.02.2013		1.2.5            unbekannt
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	16.05.2013	6.00MB	11.7.700.202     notwendig
Adobe Reader X (10.1.0) MUI	Adobe Systems Incorporated	13.10.2011	477MB	10.1.0           notwendig
Apple Application Support	Apple Inc.	11.05.2013	62.7MB	2.3.3                            unbekannt
Apple Mobile Device Support	Apple Inc.	11.05.2013	25.2MB	6.1.0.13                         unbekannt
Apple Software Update	Apple Inc.	02.05.2012	2.38MB	2.1.3.127                                unbekannt
applicationupdater	Sony Online Entertainment	30.11.2012	                                 unbekannt	
Arma 2	Bohemia Interactive	26.02.2013		                                                 notwendig
Arma 2: Operation Arrowhead	Bohemia Interactive	26.02.2013	                                 notwendig	
Arma 2: Operation Arrowhead Beta		26.02.2013		                                 notwendig
Ask Toolbar	Ask.com	28.06.2012	4.93MB	1.15.2.0                                                 unnötig
Ask Toolbar Updater	Ask.com	28.06.2012		1.2.1.23037                                      unnötig
Battlefield 3™	Electronic Arts	13.09.2012		1.4.0.0                                          notwendig
BattlEye for OA Uninstall		27.02.2013                                                       notwendig		
Bing Bar	Microsoft Corporation	11.01.2012	27.0MB	7.0.765.0                                unnötig
Bonjour	Apple Inc.	02.05.2012	2.04MB	3.0.0.10                                                 unbekannt
Broadcom Card Reader Driver Installer	Broadcom Corporation	11.01.2012	2.76MB	14.8.2.2         unbekannt
Broadcom NetLink Controller	Broadcom Corporation	13.10.2011	508KB	14.8.4.1                 unbekannt
CCleaner	Piriform	06.11.2012		3.24                                             notwendig
clear.fi	CyberLink Corp.	11.01.2012	167MB	1.0.2024.00                                      unbekannt
clear.fi Client	Acer Incorporated	11.01.2012		1.00.3500                                unbekannt
DayZ Commander	Dotjosh Studios	27.02.2013	4.01MB	0.92.64                                          notwendig
Dolby Advanced Audio v2	Dolby Laboratories Inc	11.01.2012	12.9MB	7.2.7000.7                       notwendig
ESN Sonar	ESN Social Software AB	01.06.2013		0.70.4                                   unbekannt      
ETDWare PS/2-X64 8.0.6.3_WHQL	ELAN Microelectronic Corp.	11.01.2012		8.0.6.3          unbekannt
Evernote v. 4.5.1	Evernote Corp.	13.10.2011	151MB	4.5.1.5451                               unbekannt
FIFA 10	Electronic Arts	24.05.2012	6.52GB	1.0.0.0                                                  notwendig
FilesFrog Update Checker		06.09.2012                                                       unbekannt		
Fooz Kids	FUHU, Inc.	14.10.2011		3.0.8                                            unbekannt
Fooz Kids Platform	FUHU, Inc.	13.10.2011		2.1                                      unbekannt
gamelauncher-ps2-psg	Sony Online Entertainment	30.11.2012                                       unbekannt	                                 	
Giant Savings Extension	215 Apps	08.02.2013		1.24.151.151                             unbekannt
Google Chrome	Google Inc.	22.10.2012		27.0.1453.110                                    notwendig
Google Earth	Google	26.03.2013	173MB	7.0.3.8542                                               notwendig
GRID	Codemasters	02.05.2013		1.30.0000                                                notwendig 
GTR 2 1.0.0.0	10tacle Studios Publishing AG	25.05.2013		v1.0.0.0                         notwendig
Identity Card	Acer Incorporated	11.01.2012		1.00.3501                                unbekannt
Intel(R) Control Center	Intel Corporation	24.02.2012		1.2.1.1007                       unbekannt
Intel(R) Management Engine Components	Intel Corporation	24.02.2012		7.0.0.1144       unbekannt
Intel(R) Processor Graphics	Intel Corporation	24.02.2012		8.15.10.2418             unbekannt
Intel(R) Rapid Storage Technology	Intel Corporation	24.02.2012		10.5.0.1026      unbekannt
iTunes	Apple Inc.	11.05.2013	187MB	11.0.2.26                                                notwendig
Java 7 Update 7	Oracle	09.10.2012	128MB	7.0.70                                                   notwendig
Java(TM) 6 Update 27 (64-bit)	Oracle	25.04.2012	91.6MB	6.0.270                                  -
Java(TM) 6 Update 31	Oracle	23.04.2012	95.1MB	6.0.310                                          dafuq 3x Java ?
JavaFX 2.1.1	Oracle Corporation	28.06.2012	20.8MB	2.1.1                                    unbekannt
Launch Manager	Acer Inc.	11.01.2012		5.1.7                                            unbekannt                       
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	11.06.2013	19.2MB	1.75.0.1300 notwendig
Max Payne 2 DE		10.03.2013	                                                                 notwendig	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.02.2012	38.8MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	25.02.2012	2.93MB	4.0.30319 unbekannt
Microsoft Chart Controls for Microsoft .NET Framework 3.5	Microsoft Corporation	28.05.2012	13.8MB	3.5.30730.0 unbekannt
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	28.06.2012	31.3MB	3.5.88.0 unbekannt
Microsoft Games for Windows Marketplace	Microsoft Corporation	28.06.2012	6.03MB	3.5.50.0         unbekannt
Microsoft Office 2010	Microsoft Corporation	11.01.2012	6.31MB	14.0.4763.1000                   notwendig
Microsoft Office Professional Plus 2010	Microsoft Corporation	24.02.2012	14.0.6029.1000           notwendig  
Microsoft Security Essentials	Microsoft Corporation	19.02.2013		4.2.223.1                notwendig
Microsoft Silverlight	Microsoft Corporation	14.03.2013	100MB	5.1.20125.0                      unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	13.10.2011	1.69MB	3.1.0000 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.02.2012	300KB	8.0.56336 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	07.02.2013	572KB	8.0.61000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	01.02.2013	252KB	9.0.30729           unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	27.05.2012	778KB	9.0.30729.4148      |
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	28.05.2012	788KB	9.0.30729.6161      |
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	25.02.2012	2.86MB	9.0.21022           |
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	13.10.2011	240KB	9.0.30729           |
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	13.10.2011	596KB	9.0.30729.4148      |
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.02.2012	600KB	9.0.30729.6161      |
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	13.09.2012	13.8MB	10.0.40219          V
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	24.06.2012	15.0MB	10.0.40219          unbekannt
MX vs ATV Reflex	Rainbow\Double Helix	16.12.2012	                                         notwendig	
MyWinLocker Suite	Egis Technology Inc.	11.01.2012	2.63MB	4.0.14.19                        unbekannt
Napoleon: Total War	The Creative Assembly	04.03.2012                                               notwendig      		
Need For Speed™ World	Electronic Arts	06.09.2012	13.6MB	1.0.0.1108                               unnötig
newsXpresso	esobi Inc.	13.10.2011	7.34MB	1.0.0.40                                         unbekannt
Nexus Mod Manager	Black Tree Gaming	28.07.2012	13.4MB	0.19.0                           notwendig
Norton Online Backup	Symantec Corporation	13.10.2011	6.19MB	2.1.17 69                        unnötig
NTI Media Maker 9	NTI Corporation	11.01.2012	0.96GB	9.0.2.9002  306.97                       unbekannt
NVIDIA PhysX-Systemsoftware 9.12.0604	NVIDIA Corporation	19.10.2012		9.12.0604        notwendig
NVIDIA Update 1.10.8	NVIDIA Corporation	19.10.2012		1.10.8                           notwendig
Oblivion	Bethesda Softworks	29.05.2012		1.2.0416                                 notwendig
OpenAL		25.02.2012                                                                               unbekannt		
Origin	Electronic Arts, Inc.	13.09.2012		9.0.11.77                                        notwendig (leider)
PlanetSide 2	Sony Online Entertainment	30.11.2012		1.0.3.181                        notwendig 
PlanetSide 2 (2)	Sony Online Entertainment	30.11.2012		1.0.3.181                2x ?
R.U.S.E	Ubisoft	25.05.2012	                                                                         notwendig	
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	11.01.2012		6.0.1.6438 notwendig
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	11.01.2012	1.01MB	2.0.34.0 notwendig
Rome - Total War - Gold Edition	The Creative Assembly	09.07.2012		1.6                      notwendig
SBK®X Superbike World Championship	Black Bean Games	16.04.2012		1.00.0000        notwendig
Shogun - Total War - Gold Edition	The Creative Assembly	12.03.2012		1.00.0000        notwendig
Skype Click to Call	Skype Technologies S.A.	24.04.2012	8.25MB	5.9.9216                         ubekannt
Skype™ 5.10	Skype Technologies S.A.	27.07.2012	19.3MB	5.10.116                                 notwendig
Spectraball	Flashcube Studios	09.03.2013	                                                 notwednig	
Star Wars Battlefront II	LucasArts	01.09.2012		1.0                              notwendig
Star Wars Empire at War	LucasArts	18.03.2012		1.0                                      notwendig
Star Wars Empire at War Forces of Corruption	LucasArts	18.03.2012		1.0              notwendig
Steam	Valve	25.02.2012	42.1MB	1.0.0.0                                                          notwendig
Super Crate Box		20.02.2013	                                                                 unnötig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	12.05.2013		3.0.10.1                         notwendig
Total War: SHOGUN 2	The Creative Assembly	25.02.2012	                                         notwendig	
Total War: Shogun 2 - Assembly Kit	The Creative Assembly	18.10.2012                           	 unnötig	
Total War: Shogun 2 - TEd	The Creative Assembly	04.01.2013	                                 notwendig
Ubisoft Game Launcher	UBISOFT	21.12.2012	1.0.0.0                                                  unbekannt
Update for PDF Reader		08.02.2013                                                               unbekannt
VirtualDJ Home FREE	Atomix Productions	17.12.2012	53.5MB	7.3                              notwendig
VLC media player 2.0.2	VideoLAN	10.09.2012		2.0.2                                    notwendig
VoiceOver Kit	Apple Inc.	13.05.2012	41.7MB	1.42.128.0                                       unbekannt
Wajam	Wajam	08.02.2013		1.52                                                             unbekannt 
Welcome Center	Acer Incorporated	11.01.2012		1.02.3504                                unbekannt
Windows Live Essentials	Microsoft Corporation	13.10.2011		15.4.3538.0513                   unbekannt
WinRAR 4.11 (64-Bit)	win.rar GmbH	11.04.2012		4.11.0                                   notwendig
Yontoo 1.10.02	Yontoo LLC	08.05.2012	1.27MB	1.10.02                                          unbekannt
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0	Intel	11.01.2012	13.2MB	2.1.23.0         unbekannt

Alt 12.06.2013, 18:07   #15
markusg
/// Malware-holic
 
GVU Trojaner auf Laptop - Standard

GVU Trojaner auf Laptop


deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
applicationupdater
Ask : beide
Evernote
FilesFrog
Java : alledownloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Need For
Norton
Super Crate
Update for
Yontoo

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 1 von 2 1 2

Themen zu GVU Trojaner auf Laptop
abgesicherten, acer, acer aspire, aktiviert, anmelden, aspire, benutzerkonto, computer, computern, ebenfalls, folge, frage, gen, gvu 2.12, gvu-trojaner, hoffe, interne, internet, laptop, laptop befallen, melde, melden, modus, nicht möglich, nichts, sofort, soooo, starte, starten, trojaner, version


« Werbung auf Facebook, Youtube, etc. Instant Saving App deinstallieren! | BKA 100 € /UKASH:Laptop gesperrt, Kasperski Rescue Disk wird nicht erkannt »


Ähnliche Themen: GVU Trojaner auf Laptop


  1. Laptop läuft langsam Win 7, Rechtsklick mit Maus funktioniert nicht, Laptop zickt rum.
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (11)
  2. Lollipop Virus auf Laptop , Laptop wird immer Langsamer! Deinstellieren fehlerhaft
    Log-Analyse und Auswertung - 03.02.2014 (3)
  3. GVU Trojaner auf Win 8 Laptop
    Log-Analyse und Auswertung - 30.07.2013 (24)
  4. GVU-Trojaner auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (9)
  5. GVU Trojaner auf XP Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (1)
  6. GVU-Trojaner - Win XP - Laptop
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (7)
  7. GVU Trojaner auf Laptop mit WIN XP
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (15)
  8. GVU Virus auf Laptop, Laie braucht dringend Hilfe, wie OTL auf verseuchten Laptop bringen?
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (21)
  9. GUV Trojaner am Laptop
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (7)
  10. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  11. Trojaner auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (26)
  12. BKA Trojaner 1.07 auf Laptop! was nun?
    Log-Analyse und Auswertung - 29.06.2012 (2)
  13. BKA Trojaner Laptop
    Plagegeister aller Art und deren Bekämpfung - 11.08.2011 (2)
  14. TAN-Trojaner auf Laptop
    Log-Analyse und Auswertung - 04.05.2011 (7)
  15. TAN-Trojaner auf altem Laptop - Datenübertragung auf neuen Laptop?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2010 (5)
  16. Trojaner auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 21.04.2009 (5)
  17. Trojaner auf dem Laptop :-(
    Log-Analyse und Auswertung - 07.06.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner auf Laptop - Hallo, Leider habe ich mir gestern den GVU-Trojaner gefangen, bzw. er wurde gestern auf meinem Laptop (Acer Aspire 5750G) aktiviert . Da ich mich nicht sonderlich gut mit Computern auskenne - GVU Trojaner auf Laptop...
Archiv
Du betrachtest: GVU Trojaner auf Laptop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19