| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: hat perion network ltd mit einem virus zu tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.06.2013, 15:55
| #1 |
 |  hat perion network ltd mit einem virus zu tun? hallo, jedes Mal wenn ich meinen PC neu starte, öffnet sich ein Fenster in dem Perion Network Ltd fragt, ob Änderungen am Computer vorgenommen werden dürfen. Ich war mir nicht sicher, ob das ein Virus ist und habe erstmal auf "nein" geklickt. Nur als dieses Fenster trotzdem nach jedem Start kam, war ich genervt und klickte irgendwann auf "ja"  . Das war jetzt warscheinlich nicht so schlau, und das Problem ließ sich dadurch auch nicht beheben. Als ich daraufhin im Internet in diversen Foren nach dem gleichen Problem suchte, stieß ich auf beunruhigende Beiträge, in denen stand, dass man bei diesem Fenster besser auf "nein" klicken solle. Nun meine Frage: Handelt es sich hierbei um einen Virus, und wenn ja, wie kann ich ihn entfernen?MFG, Kripa01 |
|
08.06.2013, 16:06
| #2 |
| /// Malware-holic   | hat perion network ltd mit einem virus zu tun? Hi,
__________________Adware eher. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
09.06.2013, 09:52
| #3 |
| | hat perion network ltd mit einem virus zu tun? Die OTL.txt und die extras.txt sind erstellt, nur weiß ich nicht, wie ich sie zippen soll. 7-zip und winrar habe ich beide, nur hab ich trotzdem noch keine ahnung. Kannst du mir bitte noch sagen wie ich die Dateien zippe und sie so als Anhang hinzufüge?
__________________ |
|
09.06.2013, 18:22
| #4 |
| /// Malware-holic | hat perion network ltd mit einem virus zu tun? kopiere die Logs doch einfach hier rein. zippen is nur nötig wenn sie zu groß sind, bzw teile sie dann auf 2 posts
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 12:29
| #5 |
| | hat perion network ltd mit einem virus zu tun? Okay, dann hier erst mal die OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.06.2013 10:17:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maxim\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 78,40% Memory free 15,90 Gb Paging File | 13,96 Gb Available in Paging File | 87,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,95 Gb Total Space | 318,15 Gb Free Space | 69,78% Space Free | Partition Type: NTFS Drive D: | 456,46 Gb Total Space | 456,35 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: MAXIM-PC | User Name: Maxim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maxim\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\jmdp\stij.exe () PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) PRC - C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - C:\Windows\SysWOW64\jmdp\stij.exe () MOD - C:\Windows\SysWOW64\jmdp\lmrn.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Windows\SysWOW64\jmdp\sqlite3.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Users\Maxim\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll () MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () ========== Services (SafeList) ========== SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (0020681355933756mcinstcleanup) -- C:\Users\Maxim\AppData\Local\Temp\002068~1.EXE (McAfee, Inc.) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276 IE - HKLM\..\SearchScopes\{4D4C8AC6-108A-255F-B8AB-0B55AC24DD2E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276 IE - HKCU\..\SearchScopes\{3070473C-989E-44DD-B273-3BFD348812EE}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Funmoods" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maxim\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maxim\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.04.06 11:08:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.21 18:41:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 17:24:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.21 18:41:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 17:24:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.12.17 20:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxim\AppData\Roaming\mozilla\Extensions [2013.02.03 15:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxim\AppData\Roaming\mozilla\Firefox\Profiles\mmyhaeko.default\extensions [2012.12.20 17:42:53 | 000,002,331 | ---- | M] () -- C:\Users\Maxim\AppData\Roaming\mozilla\firefox\profiles\mmyhaeko.default\searchplugins\Funmoods.xml [2013.06.06 13:13:34 | 000,002,120 | ---- | M] () -- C:\Users\Maxim\AppData\Roaming\mozilla\firefox\profiles\mmyhaeko.default\searchplugins\MyStart.xml [2012.12.19 19:10:29 | 000,003,915 | ---- | M] () -- C:\Users\Maxim\AppData\Roaming\mozilla\firefox\profiles\mmyhaeko.default\searchplugins\sweetim.xml [2013.02.21 18:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.02.21 18:41:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: https://www.google.de/webhp?source=search_app CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Maxim\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Maxim\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Maxim\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Maxim\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: Google Drive = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Drive = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5786D022-540E-4699-B350-B4BE0AE94B79} - No CLSID value found. O4 - HKLM..\Run: [Arctosa] C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978DBA13-2620-4B97-B5E1-60F3B687614C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 10:13:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maxim\Desktop\OTL.exe [2013.06.02 17:26:08 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.06.02 17:26:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2013.06.02 17:26:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.06.02 17:26:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [2013.05.24 18:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.05.24 18:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.05.16 17:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.14 14:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Robot Karol [2013.05.14 14:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RobotKarol [2013.05.10 17:45:21 | 000,000,000 | ---D | C] -- C:\Users\Maxim\AppData\Roaming\TS3Client [2013.05.10 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 10:18:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.09 10:13:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maxim\Desktop\OTL.exe [2013.06.09 10:05:04 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 10:05:04 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 10:03:14 | 001,614,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.09 10:03:14 | 000,697,090 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.09 10:03:14 | 000,652,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.09 10:03:14 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.09 10:03:14 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.09 09:57:43 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.09 09:57:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 09:57:29 | 2107,056,127 | -HS- | M] () -- C:\hiberfil.sys [2013.06.08 16:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.08 16:23:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876425596-1576428904-3266098967-1000UA.job [2013.06.08 08:56:51 | 000,002,372 | ---- | M] () -- C:\Users\Maxim\Desktop\Google Chrome.lnk [2013.06.06 15:26:56 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876425596-1576428904-3266098967-1000Core.job [2013.06.04 16:13:40 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.04 16:13:40 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.21 18:24:55 | 000,000,222 | ---- | M] () -- C:\Users\Maxim\Desktop\Transformers Fall of Cybertron.url [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.05.16 15:10:42 | 000,295,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.14 14:31:44 | 000,000,418 | ---- | M] () -- C:\Users\Maxim\Documents\original nr.2 maxim.kdp [2013.05.14 14:24:13 | 000,000,902 | ---- | M] () -- C:\Users\Maxim\Desktop\Robot Karol.lnk [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.04 16:13:40 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.04 16:13:40 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.02 17:26:08 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013.05.21 18:24:55 | 000,000,222 | ---- | C] () -- C:\Users\Maxim\Desktop\Transformers Fall of Cybertron.url [2013.05.14 14:31:44 | 000,000,418 | ---- | C] () -- C:\Users\Maxim\Documents\original nr.2 maxim.kdp [2013.05.14 14:24:13 | 000,000,902 | ---- | C] () -- C:\Users\Maxim\Desktop\Robot Karol.lnk [2012.12.22 10:22:37 | 000,000,032 | ---- | C] () -- C:\Users\Maxim\.simfy [2012.12.20 14:54:15 | 000,290,500 | ---- | C] () -- C:\Users\Maxim\AppData\Local\funmoods-speeddial_sf.crx [2012.12.20 14:54:15 | 000,031,465 | ---- | C] () -- C:\Users\Maxim\AppData\Local\funmoods.crx [2012.12.17 18:46:27 | 001,591,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.09 14:32:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.11.21 07:00:01 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.21 07:00:01 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.21 06:59:59 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.02 11:20:40 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\.minecraft [2013.01.10 15:38:40 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\1-abc [2013.03.28 11:30:30 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Audacity [2012.12.09 16:22:57 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\clear.fiMVPSDK20 [2013.04.06 11:08:31 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\DVDVideoSoft [2013.02.23 11:21:03 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\DVDVideoSoftIEHelpers [2013.02.24 18:15:16 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\flightgear.org [2013.02.24 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\fltk.org [2013.02.24 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\LOVE [2012.12.09 16:19:12 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\OEM [2012.12.18 16:27:24 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\OpenOffice.org [2012.12.21 12:57:04 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Razer [2012.12.21 14:49:08 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Samsung [2012.12.22 10:22:36 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Simfy [2013.06.08 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\SoftGrid Client [2013.03.12 18:58:18 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Spore [2013.02.24 18:10:05 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Subversion [2012.12.17 20:50:18 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Thunderbird [2012.12.21 13:39:05 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\TP [2012.12.17 18:18:50 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\TP-LINK [2013.06.04 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\TS3Client ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.21 13:45:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.09 14:33:31 | 000,000,000 | -H-D | M] -- C:\book [2013.06.02 17:21:25 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.12.09 16:16:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.01.27 18:46:17 | 000,000,000 | ---D | M] -- C:\Games [2012.12.08 15:32:04 | 000,000,000 | -H-D | M] -- C:\Intel [2012.12.09 16:18:48 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.05.10 10:27:24 | 000,000,000 | R--D | M] -- C:\Program Files [2013.05.24 18:23:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.03.08 18:22:39 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.09 16:16:46 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.09 16:16:46 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.06.09 10:18:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.21 14:54:39 | 000,000,000 | ---D | M] -- C:\Temp [2012.12.09 16:16:48 | 000,000,000 | R--D | M] -- C:\Users [2013.06.04 16:12:34 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.06 13:11:29 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.12.17 19:02:37 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.12.17 19:02:37 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.12.17 19:42:34 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2876425596-1576428904-3266098967-1000Core.job [2012.12.17 19:42:34 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2876425596-1576428904-3266098967-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: AHCIX86S.SYS > [2011.05.20 05:29:52 | 000,229,456 | ---- | M] (Advanced Micro Devices, Inc) MD5=64DBBD157003D7020D70C5D7ECB2163C -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.07.14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.07.14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.07.14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.07.14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.07.14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.07.14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.12.22 10:22:37 | 000,000,032 | ---- | M] () -- C:\Users\Maxim\.simfy [2013.06.09 10:24:42 | 002,359,296 | -HS- | M] () -- C:\Users\Maxim\NTUSER.DAT [2013.06.09 10:24:42 | 000,262,144 | -HS- | M] () -- C:\Users\Maxim\ntuser.dat.LOG1 [2012.12.09 16:16:48 | 000,000,000 | -HS- | M] () -- C:\Users\Maxim\ntuser.dat.LOG2 [2012.12.09 16:51:37 | 000,065,536 | -HS- | M] () -- C:\Users\Maxim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.12.09 16:51:37 | 000,524,288 | -HS- | M] () -- C:\Users\Maxim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.12.09 16:51:37 | 000,524,288 | -HS- | M] () -- C:\Users\Maxim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.09 16:16:48 | 000,000,020 | -HS- | M] () -- C:\Users\Maxim\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
10.06.2013, 12:30
| #6 |
| | hat perion network ltd mit einem virus zu tun? Und hier die Extras.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 10:17:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maxim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 78,40% Memory free
15,90 Gb Paging File | 13,96 Gb Available in Paging File | 87,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 318,15 Gb Free Space | 69,78% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 456,35 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Computer Name: MAXIM-PC | User Name: Maxim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.6AJLLPMZPI3GEDYTVDLCA5R6IY] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D3F2DE-19EA-46C1-A0B6-FDFF3E2C1638}" = rport=445 | protocol=6 | dir=out | app=system |
"{0F70B92B-12A0-4E8E-908C-FF8C36048665}" = rport=139 | protocol=6 | dir=out | app=system |
"{1253490B-A049-4D95-BE42-31EFE917AAD3}" = lport=445 | protocol=6 | dir=in | app=system |
"{19345AC0-9BC1-4ABD-A9D4-7739E61DC722}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{25E23EBF-AEF0-455E-B835-8B81E67D17CF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3B8CB1C9-D503-4B99-A4A3-1063CC5FF11C}" = rport=137 | protocol=17 | dir=out | app=system |
"{573F82A3-C319-4CD6-8C68-06743A34E6E9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{57E8ABDA-58A4-4961-B540-E15F8507FA40}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AF4AFF7-514A-4AAA-A62D-8BA3FD8C5D25}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0FBFA21-A2A0-4073-815D-1533164BDD80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6A0F453-D7C1-490F-8CA0-C17E3F10B5AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A97A4397-24D9-498A-92D0-274A903802B4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0FA9753-FF33-480A-889A-6D47CEA982D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2E81E00-B024-408D-90D1-C5EB155DCDEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBADA639-5E63-4917-BBB5-7AB62139CFFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C93500FD-A9C8-4EFB-8AB5-719E7C02259D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC851222-FCF6-4B7B-8CC2-C4B78A4EBCBC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE28DABB-AC8B-48E7-AB7C-2F64F40E547D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1008990-13F3-4A30-A7CA-940489B44996}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD435458-4F93-47AA-9593-23EFB3E9890A}" = lport=138 | protocol=17 | dir=in | app=system |
"{E670585C-BDA1-4F99-BECA-66F7028E76A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{EF8A74DA-43FE-4184-84F7-13A0F315DC24}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F39AB713-778D-481F-8946-724EB45D3990}" = lport=139 | protocol=6 | dir=in | app=system |
"{FD00D908-3B46-471D-AAFF-45A98D638E23}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00491E8B-C25C-49DB-82B8-3C649758E454}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0059C5BF-7E5B-413F-9834-E1650B59B8FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{090CF26C-FBD5-4A72-8629-1D776E751C63}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0B34945D-00EE-4943-A8C7-5BE35F131E9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D5C3EBB-4665-4BAB-ABEB-41018C58E893}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{133D0066-7B6F-4900-8A7D-FBE0488C6317}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{1621ADA9-8DCB-4017-BF51-68DC58F5F5A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1AED610E-D9F6-4C39-80CA-70B87BB46A13}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B792BC4-4A5A-45CB-9133-9BDE4FFCD5E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{1BC58855-D5BA-4764-9388-DFE6D4B5B336}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{2274FC1D-3CF4-4F81-B466-826EE9468DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{254C557D-40BD-4EB1-B066-D56D08D05B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{25609CE5-4473-47CC-9EEC-D0EAE17A6110}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A0E154C-DC64-4DD0-A0F9-8C0F50788254}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah\hellyeah.exe |
"{2A373F01-DC9E-463E-8F6A-02EFFABD8A53}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{323E005F-96E3-430F-BC34-937F67F46847}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{34FB40BF-9044-49C6-9BEF-109EC060B579}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed undercover\support\ea help\electronic_arts_technical_support.htm |
"{378BBC84-335B-4F55-ADE9-58AA42C01C86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{3EF0FE08-5A8D-4EB3-BFCD-EFCBAD8056FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42A193CB-C033-4D8C-B1A1-04383AF04A99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hell yeah\hellyeah.exe |
"{44A9F57F-763C-4BE5-A8CD-7A65A5A9A019}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4CA014CD-0E7B-4279-8C34-8E02CECA33E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{4DA755DC-423C-4BA2-9BAD-E2F6C3787C86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe |
"{51C47DDF-5CA4-4BA5-84CF-72D0DAC77046}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{522E02B5-9219-44FF-B8BC-EE0498535C2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{559CFB1B-18C0-4CBF-AEFB-A3A70F1DD3C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5D3B3AEE-3789-45E0-8003-FBE72CDFE36B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{61B051FF-6108-42D2-B135-CE500FCE543B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{654E40B1-CE68-438A-BB3C-8900ABC11112}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{6AC31914-0739-4A74-8886-BB8450417C4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{7558D86C-09C6-4EE9-9E0E-E58AF0B296FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77E70214-15F4-4195-8345-15E40324DF11}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe |
"{78B96736-F508-47A2-A3A8-689BB5535DB5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7A672B8A-3B6B-4510-9D62-FE5AFB4E0335}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7AC3A79E-528C-4CF0-9331-1B6DCAA975A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{7B49F53A-1C8E-441B-9DE0-CB6599526E55}" = protocol=58 | dir=in | app=system |
"{7CF0B2B7-A6E7-4298-80DA-DF1D11C32E8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E33003C-41B5-4A62-872A-19EF7DC1D256}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{84C64DE8-4E08-474E-A72E-F94F60D8B93C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\transformers fall of cybertron\binaries\tfoc.exe |
"{870C33DD-A76B-45DB-9288-95A36F5111DE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{87DE3538-D20E-4752-8A15-BD0B0D986994}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{87E1ECBF-6FBF-4FAE-9C33-38B87973726C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8EAE4012-6715-47DF-A43A-C117A1CAF634}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{91432AF9-C168-4409-B9A5-9817EF228B2F}" = protocol=6 | dir=out | app=system |
"{916F3548-A7B8-4428-BDBC-9F0AF8034193}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{95F24661-795B-439F-9DC1-156829B78CB8}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{96F2CF8D-A325-4EDE-93A7-99A9C0C025C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{98FBECA5-9ED1-497A-991E-FFA8AE000EA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{99164855-BD8B-4ACF-B6F3-DAA894AFE28E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{A00014D4-C72F-4D96-B54C-4E0A0FA0938E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{A92E8D4E-9C08-4CFE-9995-B4F5BCFCD512}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AAE6F336-B501-46A2-A3DA-91214916D2EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{AC12B6E7-B327-4CC3-8E4B-DBB8F94D6882}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{AC95DE2C-4B58-404D-B07D-910F51083230}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD664EE2-91BB-4470-9E10-B32D94F3C2AE}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{AE2352D5-44B1-4272-94F7-09BC147EE32D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{AE2ADB3D-1F68-41A1-9EEF-BC68D36B9D40}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B238AF53-4451-4B1D-9AD5-61D9D994863B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{B4AFF3F3-F1C0-4D4B-A7E7-921D39048CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B4DDE31B-063E-4DC2-8E19-A93301814DCD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\transformers fall of cybertron\binaries\tfoc.exe |
"{B4FF52A7-738C-4A1D-B2EC-9F3EE1BB1367}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B60C1416-D462-4569-AEFB-F883391827CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B7FE3F04-A6B2-4EA3-B691-B660F68065DD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B98C8299-7A9C-423A-A8C0-F9F2CE972800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB692C4F-5101-498F-870E-0C389247EBED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BDCA6A23-9EFC-468F-B201-A4970E6DBE14}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BE33CCDB-CFE7-472E-BB99-A0B2A6BB5036}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BF706714-AC60-4C2A-ABDE-5492EB34F56B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed undercover\nfs.exe |
"{C6C519A8-D2C4-4446-9EA6-3F3BFE8B2FB1}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{CA8A1C2B-2DAC-46FB-9B6D-409C8DC45D55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{CD0CF17C-5DA8-4B76-889A-FA59C062970E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{CD68152E-0656-422D-93F5-28626F971179}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{CFBB6581-BFCC-45EB-9ED6-5EBE9D55B8BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{D8C80C7A-15C7-4F5E-A28B-279C28555F6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{D92F7D56-7946-4ADC-BBC9-8049DB68D552}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DC20DAA6-6F51-4854-A6C4-32E5388556F1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{DED1BEA6-54EB-4F88-9F81-627BEDC305A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E0766F77-C54D-4D7F-BCF3-9A90E17AE69A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{E142D513-8AAC-473E-924B-B5E80C1D9B10}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{E462946A-06A3-4D2E-88D0-C0CE220E00DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{E756CC9B-D211-4B5B-BCD7-57D477E049E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E85EF1BD-47A0-4691-B58E-2E57BE4062DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe |
"{E8C12FFF-82BA-4B3F-B30D-20D6A3E62D8B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E9E4CE10-1555-4FD4-B6A5-F2D22C7844A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed undercover\support\ea help\electronic_arts_technical_support.htm |
"{EA5A5275-41A5-4EF5-98B9-BC06F13CC588}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EE621363-DB39-40C9-ADC8-DEEE1E760E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{F7A0946E-82EF-402A-8C54-2D3F02819F89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{F8990E4D-E5DD-46BE-9AB4-1551F80CD997}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed undercover\nfs.exe |
"TCP Query User{7415DE01-23F7-40A8-8F1C-9D17D828AADE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{9BC1FED7-DAB1-4E17-B06C-D21256A7BF50}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{493189C7-6642-4F19-BD79-CD3D2853D311}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{BCD0F0A9-CF0B-44E3-9736-4CB10D4D7EBC}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17106CA8-E65A-4D02-95BE-79AF8C698935}" = Microsoft_VC100_CRT_x64
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{41F41196-D050-A938-B1E4-7478160C091F}" = AMD Drag and Drop Transcoding
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{66B57223-522B-F018-CB82-04478543A9A9}" = AMD Media Foundation Decoders
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7C4EEB43-480E-2A06-2E06-3EABFE6CD68E}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DEDB22C7-C2A6-FE67-8EE8-F68419CE2351}" = AMD AVIVO64 Codecs
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1BAAC418-61ED-A9BF-88B4-4150905E077D}" = CCC Help Czech
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2354721E-EDA1-66BB-B755-19F647013B9A}" = CCC Help Polish
"{23561A29-1FCA-7797-4E4F-77DB769DBBC7}" = CCC Help Chinese Traditional
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D562EE1-26F5-A195-3F22-742F1E8E19C1}" = CCC Help Spanish
"{2D9C81F2-CF30-47F9-860E-58DACF92ABC9}" = Razer Arctosa
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK-Konfigurationstool
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3465C127-18FF-6B5F-859A-B0535E6222A8}" = CCC Help Thai
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3748B706-ED0E-2E00-3C2E-1EEC3C4AADF5}" = CCC Help Greek
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{403C4540-234F-C4BB-8E55-FAD4B99D0885}" = CCC Help Chinese Standard
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A53FD99-30A3-7B82-5182-4E9721CE9B4C}" = CCC Help Russian
"{4A8A9C55-1A58-4E41-F8B6-129C2FFAC1BB}" = CCC Help Danish
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4C3F221A-10AF-8DDE-B0CB-4F24A0B072A7}" = CCC Help Portuguese
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D5610C3-0F08-14CF-5E1A-D50951181DFF}" = CCC Help Norwegian
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5FC83AC7-99AA-47B4-4BB7-251F6030DCD4}" = CCC Help English
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62157F8A-7815-5745-F908-C094A621B24F}" = CCC Help Japanese
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{62FE0726-9652-4CD2-9F09-C769D8699C21}" = TP-LINK TL-WN821N_WN822N Treiber
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{88E5DC49-1610-947E-B789-756DEE8C103C}" = CCC Help French
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D105DA-8BA8-CBE0-584D-768F70AE3A37}" = CCC Help Finnish
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9640032F-BC7A-5091-4DCC-999AB125865B}" = Catalyst Control Center
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8F4FBA-1E55-927F-5AE5-77117DC8101D}" = CCC Help German
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FB97172-79F4-EC7B-E923-1610B0780321}" = CCC Help Korean
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4E0D1D-0983-DBCA-E1D0-3C7D0B3CBD5F}" = CCC Help Hungarian
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADB118EC-3B73-41A1-8D07-0AC162C75958}" = Catalyst Control Center - Branding
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C05905B9-775A-4894-A4DF-B57C15250958}" = Razer Imperator
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C90E6406-258E-0F5B-79DC-518AD28B0550}" = CCC Help Italian
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8CCAEA7-A3BE-F0CF-0730-28FC67FD1CFE}" = Catalyst Control Center Localization All
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EC0F900C-C7D6-76C4-98E9-095986BA5378}" = simfy
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE73EE5D-AD14-C6C6-3600-0109091B24A0}" = CCC Help Turkish
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F03F836B-95B8-7900-25F5-EB897B27869D}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE18CE47-FC66-A80E-EC14-5EA4D78652B4}" = CCC Help Swedish
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"funmoods" = Funmoods
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Simfy" = simfy
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 17390" = Spore
"Steam App 17410" = Mirror's Edge
"Steam App 17430" = Need for Speed: Undercover
"Steam App 17440" = Spore: Creepy & Cute Parts Pack
"Steam App 200710" = Torchlight II
"Steam App 205230" = Hell Yeah!
"Steam App 213120" = Transformers: Fall of Cybertron
"Steam App 220440" = DmC Devil May Cry
"Steam App 224540" = Ace of Spades
"Steam App 24980" = Mass Effect 2
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"WinLiveSuite" = Windows Live Essentials
"WNLT" = IB Updater Service
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.06.2013 13:30:56 | Computer Name = Maxim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 002068~1.EXE, Version: 6.6.116.0,
Zeitstempel: 0x4fda21e1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006e0069 ID des fehlerhaften
Prozesses: 0x6d0 Startzeit der fehlerhaften Anwendung: 0x01ce63a4ba77a353 Pfad der
fehlerhaften Anwendung: C:\Users\Maxim\AppData\Local\Temp\002068~1.EXE Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 02157909-cf98-11e2-b697-e840f297abca
Error - 07.06.2013 13:32:26 | Computer Name = Maxim-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.06.2013 02:54:39 | Computer Name = Maxim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 002068~1.EXE, Version: 6.6.116.0,
Zeitstempel: 0x4fda21e1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006e0069 ID des fehlerhaften
Prozesses: 0x6c8 Startzeit der fehlerhaften Anwendung: 0x01ce641501291839 Pfad der
fehlerhaften Anwendung: C:\Users\Maxim\AppData\Local\Temp\002068~1.EXE Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 4950c712-d008-11e2-af15-e840f297abca
Error - 08.06.2013 02:56:05 | Computer Name = Maxim-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.06.2013 09:54:04 | Computer Name = Maxim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 002068~1.EXE, Version: 6.6.116.0,
Zeitstempel: 0x4fda21e1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006e0069 ID des fehlerhaften
Prozesses: 0x6fc Startzeit der fehlerhaften Anwendung: 0x01ce644f9a5d4294 Pfad der
fehlerhaften Anwendung: C:\Users\Maxim\AppData\Local\Temp\002068~1.EXE Pfad des
fehlerhaften Moduls: unknown Berichtskennung: e1028761-d042-11e2-b6a9-e840f297abca
Error - 08.06.2013 09:55:36 | Computer Name = Maxim-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.06.2013 09:58:25 | Computer Name = Maxim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 002068~1.EXE, Version: 6.6.116.0,
Zeitstempel: 0x4fda21e1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006e0069 ID des fehlerhaften
Prozesses: 0x6e0 Startzeit der fehlerhaften Anwendung: 0x01ce6450338f8572 Pfad der
fehlerhaften Anwendung: C:\Users\Maxim\AppData\Local\Temp\002068~1.EXE Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 7c7b092f-d043-11e2-b6a9-e840f297abca
Error - 08.06.2013 09:59:55 | Computer Name = Maxim-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.06.2013 03:57:59 | Computer Name = Maxim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 002068~1.EXE, Version: 6.6.116.0,
Zeitstempel: 0x4fda21e1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006e0069 ID des fehlerhaften
Prozesses: 0x6b8 Startzeit der fehlerhaften Anwendung: 0x01ce64e7015a4912 Pfad der
fehlerhaften Anwendung: C:\Users\Maxim\AppData\Local\Temp\002068~1.EXE Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 4cfa3ebd-d0da-11e2-974b-e840f297abca
Error - 09.06.2013 03:59:24 | Computer Name = Maxim-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 05.05.2013 12:52:28 | Computer Name = Maxim-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Application Installer Cleanup (0020681355933756)" wurde
unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 06.05.2013 09:39:32 | Computer Name = Maxim-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 06.05.2013 09:40:17 | Computer Name = Maxim-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Application Installer Cleanup (0020681355933756)" wurde
unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 07.05.2013 10:25:14 | Computer Name = Maxim-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 07.05.2013 10:25:38 | Computer Name = Maxim-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Application Installer Cleanup (0020681355933756)" wurde
unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 07.05.2013 10:26:21 | Computer Name = Maxim-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 07.05.2013 10:26:21 | Computer Name = Maxim-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.05.2013 07:33:59 | Computer Name = Maxim-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 08.05.2013 07:34:47 | Computer Name = Maxim-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Application Installer Cleanup (0020681355933756)" wurde
unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 09.05.2013 09:14:19 | Computer Name = Maxim-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
< End of report >
|
|
10.06.2013, 15:32
| #7 |
| /// Malware-holic | hat perion network ltd mit einem virus zu tun? Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.06.2013, 15:14
| #8 |
| | hat perion network ltd mit einem virus zu tun?Code:
ATTFilter 16:09:09.0653 0580 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:09:09.0829 0580 ============================================================
16:09:09.0829 0580 Current date / time: 2013/06/11 16:09:09.0829
16:09:09.0829 0580 SystemInfo:
16:09:09.0829 0580
16:09:09.0829 0580 OS Version: 6.1.7601 ServicePack: 1.0
16:09:09.0829 0580 Product type: Workstation
16:09:09.0829 0580 ComputerName: MAXIM-PC
16:09:09.0829 0580 UserName: Maxim
16:09:09.0829 0580 Windows directory: C:\Windows
16:09:09.0829 0580 System windows directory: C:\Windows
16:09:09.0829 0580 Running under WOW64
16:09:09.0829 0580 Processor architecture: Intel x64
16:09:09.0829 0580 Number of processors: 4
16:09:09.0829 0580 Page size: 0x1000
16:09:09.0829 0580 Boot type: Normal boot
16:09:09.0829 0580 ============================================================
16:09:10.0365 0580 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:09:10.0408 0580 ============================================================
16:09:10.0409 0580 \Device\Harddisk0\DR0:
16:09:10.0409 0580 MBR partitions:
16:09:10.0409 0580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
16:09:10.0409 0580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x38FE7000
16:09:10.0409 0580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B619800, BlocksNum 0x390EC800
16:09:10.0409 0580 ============================================================
16:09:10.0440 0580 C: <-> \Device\Harddisk0\DR0\Partition2
16:09:10.0464 0580 D: <-> \Device\Harddisk0\DR0\Partition3
16:09:10.0464 0580 ============================================================
16:09:10.0464 0580 Initialize success
16:09:10.0464 0580 ============================================================
16:12:17.0848 5160 ============================================================
16:12:17.0848 5160 Scan started
16:12:17.0848 5160 Mode: Manual; SigCheck; TDLFS;
16:12:17.0848 5160 ============================================================
16:12:18.0332 5160 ================ Scan system memory ========================
16:12:18.0332 5160 System memory - ok
16:12:18.0332 5160 ================ Scan services =============================
16:12:18.0457 5160 0020681355933756mcinstcleanup - ok
16:12:18.0535 5160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:12:18.0644 5160 1394ohci - ok
16:12:18.0660 5160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:12:18.0675 5160 ACPI - ok
16:12:18.0691 5160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:12:18.0722 5160 AcpiPmi - ok
16:12:18.0784 5160 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:12:18.0800 5160 AdobeARMservice - ok
16:12:18.0862 5160 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:12:18.0878 5160 AdobeFlashPlayerUpdateSvc - ok
16:12:18.0894 5160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:12:18.0925 5160 adp94xx - ok
16:12:18.0940 5160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:12:18.0956 5160 adpahci - ok
16:12:18.0956 5160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:12:18.0972 5160 adpu320 - ok
16:12:19.0003 5160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:12:19.0034 5160 AeLookupSvc - ok
16:12:19.0050 5160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:12:19.0065 5160 AFD - ok
16:12:19.0081 5160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:12:19.0096 5160 agp440 - ok
16:12:19.0096 5160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:12:19.0112 5160 ALG - ok
16:12:19.0128 5160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:12:19.0143 5160 aliide - ok
16:12:19.0159 5160 [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:12:19.0190 5160 AMD External Events Utility - ok
16:12:19.0190 5160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:12:19.0206 5160 amdide - ok
16:12:19.0206 5160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:12:19.0237 5160 AmdK8 - ok
16:12:19.0362 5160 [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:12:19.0533 5160 amdkmdag - ok
16:12:19.0549 5160 [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:12:19.0564 5160 amdkmdap - ok
16:12:19.0580 5160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:12:19.0596 5160 AmdPPM - ok
16:12:19.0596 5160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:12:19.0611 5160 amdsata - ok
16:12:19.0627 5160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:12:19.0627 5160 amdsbs - ok
16:12:19.0642 5160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:12:19.0642 5160 amdxata - ok
16:12:19.0705 5160 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:12:19.0720 5160 AntiVirSchedulerService - ok
16:12:19.0736 5160 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:12:19.0752 5160 AntiVirService - ok
16:12:19.0767 5160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:12:19.0798 5160 AppID - ok
16:12:19.0814 5160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:12:19.0845 5160 AppIDSvc - ok
16:12:19.0876 5160 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
16:12:19.0892 5160 Appinfo - ok
16:12:19.0908 5160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:12:19.0908 5160 arc - ok
16:12:19.0923 5160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:12:19.0939 5160 arcsas - ok
16:12:20.0001 5160 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:12:20.0017 5160 aspnet_state - ok
16:12:20.0032 5160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:20.0079 5160 AsyncMac - ok
16:12:20.0079 5160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:12:20.0095 5160 atapi - ok
16:12:20.0126 5160 [ 417B9BAB376E8E50F6770196656FD348 ] athur C:\Windows\system32\DRIVERS\athurx.sys
16:12:20.0157 5160 athur - ok
16:12:20.0204 5160 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:12:20.0235 5160 AtiHDAudioService - ok
16:12:20.0266 5160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:12:20.0313 5160 AudioEndpointBuilder - ok
16:12:20.0329 5160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:12:20.0344 5160 AudioSrv - ok
16:12:20.0360 5160 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:12:20.0376 5160 avgntflt - ok
16:12:20.0391 5160 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:12:20.0391 5160 avipbb - ok
16:12:20.0407 5160 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:12:20.0422 5160 avkmgr - ok
16:12:20.0422 5160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:12:20.0454 5160 AxInstSV - ok
16:12:20.0469 5160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:12:20.0485 5160 b06bdrv - ok
16:12:20.0500 5160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:12:20.0532 5160 b57nd60a - ok
16:12:20.0547 5160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:12:20.0563 5160 BDESVC - ok
16:12:20.0563 5160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:12:20.0594 5160 Beep - ok
16:12:20.0641 5160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:12:20.0688 5160 BFE - ok
16:12:20.0719 5160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:12:20.0766 5160 BITS - ok
16:12:20.0797 5160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:12:20.0828 5160 blbdrive - ok
16:12:20.0828 5160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:12:20.0859 5160 bowser - ok
16:12:20.0875 5160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:12:20.0890 5160 BrFiltLo - ok
16:12:20.0890 5160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:12:20.0906 5160 BrFiltUp - ok
16:12:20.0922 5160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:12:20.0937 5160 Browser - ok
16:12:20.0953 5160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:12:20.0984 5160 Brserid - ok
16:12:20.0984 5160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:12:21.0015 5160 BrSerWdm - ok
16:12:21.0031 5160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:12:21.0046 5160 BrUsbMdm - ok
16:12:21.0062 5160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:12:21.0078 5160 BrUsbSer - ok
16:12:21.0093 5160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:12:21.0109 5160 BTHMODEM - ok
16:12:21.0109 5160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:12:21.0140 5160 bthserv - ok
16:12:21.0156 5160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:12:21.0187 5160 cdfs - ok
16:12:21.0218 5160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:12:21.0218 5160 cdrom - ok
16:12:21.0234 5160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:12:21.0280 5160 CertPropSvc - ok
16:12:21.0296 5160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:12:21.0312 5160 circlass - ok
16:12:21.0312 5160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:12:21.0327 5160 CLFS - ok
16:12:21.0358 5160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:12:21.0358 5160 clr_optimization_v2.0.50727_32 - ok
16:12:21.0390 5160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:12:21.0390 5160 clr_optimization_v2.0.50727_64 - ok
16:12:21.0452 5160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:12:21.0452 5160 clr_optimization_v4.0.30319_32 - ok
16:12:21.0468 5160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:12:21.0483 5160 clr_optimization_v4.0.30319_64 - ok
16:12:21.0499 5160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:12:21.0514 5160 CmBatt - ok
16:12:21.0514 5160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:12:21.0530 5160 cmdide - ok
16:12:21.0561 5160 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:12:21.0608 5160 CNG - ok
16:12:21.0608 5160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:12:21.0624 5160 Compbatt - ok
16:12:21.0639 5160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:12:21.0655 5160 CompositeBus - ok
16:12:21.0655 5160 COMSysApp - ok
16:12:21.0670 5160 cpuz136 - ok
16:12:21.0686 5160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:12:21.0686 5160 crcdisk - ok
16:12:21.0717 5160 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:12:21.0748 5160 CryptSvc - ok
16:12:21.0842 5160 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:12:21.0873 5160 cvhsvc - ok
16:12:21.0904 5160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:12:21.0936 5160 DcomLaunch - ok
16:12:21.0967 5160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:12:22.0014 5160 defragsvc - ok
16:12:22.0045 5160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:12:22.0076 5160 DfsC - ok
16:12:22.0092 5160 [ DEF365F0F6E017888C4B869D3BA4B8E0 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
16:12:22.0092 5160 dgderdrv - ok
16:12:22.0123 5160 [ 0B3F6C8F93C5C25977EA5A8B2E656357 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
16:12:22.0138 5160 dg_ssudbus - ok
16:12:22.0154 5160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:12:22.0170 5160 Dhcp - ok
16:12:22.0185 5160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:12:22.0216 5160 discache - ok
16:12:22.0232 5160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:12:22.0248 5160 Disk - ok
16:12:22.0263 5160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:12:22.0263 5160 Dnscache - ok
16:12:22.0279 5160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:12:22.0310 5160 dot3svc - ok
16:12:22.0326 5160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:12:22.0357 5160 DPS - ok
16:12:22.0372 5160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:12:22.0388 5160 drmkaud - ok
16:12:22.0450 5160 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
16:12:22.0466 5160 DrvAgent64 - ok
16:12:22.0497 5160 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:12:22.0528 5160 DXGKrnl - ok
16:12:22.0544 5160 [ 1BEF2C2E229452EC49FFE5A27283341D ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
16:12:22.0560 5160 e1cexpress - ok
16:12:22.0575 5160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:12:22.0606 5160 EapHost - ok
16:12:22.0653 5160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:12:22.0731 5160 ebdrv - ok
16:12:22.0747 5160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:12:22.0762 5160 EFS - ok
16:12:22.0794 5160 [ 5332EC2BA1C112BD4BB1F38127848FEF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
16:12:22.0794 5160 EgisTec Ticket Service - ok
16:12:22.0825 5160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:12:22.0840 5160 ehRecvr - ok
16:12:22.0856 5160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:12:22.0872 5160 ehSched - ok
16:12:22.0903 5160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:12:22.0918 5160 elxstor - ok
16:12:22.0918 5160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:12:22.0950 5160 ErrDev - ok
16:12:22.0965 5160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:12:22.0996 5160 EventSystem - ok
16:12:23.0012 5160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:12:23.0028 5160 exfat - ok
16:12:23.0043 5160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:12:23.0074 5160 fastfat - ok
16:12:23.0090 5160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:12:23.0106 5160 Fax - ok
16:12:23.0121 5160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:12:23.0121 5160 fdc - ok
16:12:23.0137 5160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:12:23.0168 5160 fdPHost - ok
16:12:23.0168 5160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:12:23.0199 5160 FDResPub - ok
16:12:23.0199 5160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:12:23.0215 5160 FileInfo - ok
16:12:23.0215 5160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:12:23.0246 5160 Filetrace - ok
16:12:23.0246 5160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:12:23.0262 5160 flpydisk - ok
16:12:23.0277 5160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:12:23.0293 5160 FltMgr - ok
16:12:23.0324 5160 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:12:23.0340 5160 FontCache - ok
16:12:23.0371 5160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:12:23.0371 5160 FontCache3.0.0.0 - ok
16:12:23.0386 5160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:12:23.0386 5160 FsDepends - ok
16:12:23.0402 5160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:12:23.0402 5160 Fs_Rec - ok
16:12:23.0480 5160 [ B99C240DEA85007044E178C1C9C75659 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
16:12:23.0496 5160 Futuremark SystemInfo Service - ok
16:12:23.0511 5160 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:12:23.0542 5160 fvevol - ok
16:12:23.0542 5160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:12:23.0574 5160 gagp30kx - ok
16:12:23.0589 5160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:12:23.0636 5160 gpsvc - ok
16:12:23.0683 5160 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
16:12:23.0698 5160 GREGService - ok
16:12:23.0714 5160 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:12:23.0730 5160 gupdate - ok
16:12:23.0730 5160 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:12:23.0745 5160 gupdatem - ok
16:12:23.0761 5160 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:12:23.0776 5160 hamachi - ok
16:12:23.0854 5160 [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
16:12:23.0917 5160 Hamachi2Svc - ok
16:12:23.0917 5160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:12:23.0932 5160 hcw85cir - ok
16:12:23.0948 5160 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:12:23.0964 5160 HdAudAddService - ok
16:12:23.0979 5160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:12:23.0995 5160 HDAudBus - ok
16:12:24.0010 5160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:12:24.0026 5160 HidBatt - ok
16:12:24.0042 5160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:12:24.0057 5160 HidBth - ok
16:12:24.0057 5160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:12:24.0073 5160 HidIr - ok
16:12:24.0088 5160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:12:24.0120 5160 hidserv - ok
16:12:24.0120 5160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:12:24.0135 5160 HidUsb - ok
16:12:24.0135 5160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:12:24.0182 5160 hkmsvc - ok
16:12:24.0182 5160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:12:24.0198 5160 HomeGroupListener - ok
16:12:24.0229 5160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:12:24.0244 5160 HomeGroupProvider - ok
16:12:24.0244 5160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:12:24.0260 5160 HpSAMD - ok
16:12:24.0291 5160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:12:24.0322 5160 HTTP - ok
16:12:24.0322 5160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:12:24.0338 5160 hwpolicy - ok
16:12:24.0338 5160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:12:24.0354 5160 i8042prt - ok
16:12:24.0369 5160 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:12:24.0369 5160 iaStor - ok
16:12:24.0416 5160 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:12:24.0416 5160 IAStorDataMgrSvc - ok
16:12:24.0432 5160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:12:24.0447 5160 iaStorV - ok
16:12:24.0494 5160 [ C58305AC412A2DE95D461072E0AF5AAF ] IBUpdaterService C:\Windows\system32\dmwu.exe
16:12:24.0556 5160 IBUpdaterService - ok
16:12:24.0588 5160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:12:24.0619 5160 idsvc - ok
16:12:24.0634 5160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:12:24.0634 5160 iirsp - ok
16:12:24.0666 5160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:12:24.0697 5160 IKEEXT - ok
16:12:24.0697 5160 IntcAzAudAddService - ok
16:12:24.0728 5160 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:12:24.0759 5160 Intel(R) Capability Licensing Service Interface - ok
16:12:24.0759 5160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:12:24.0759 5160 intelide - ok
16:12:24.0775 5160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:12:24.0790 5160 intelppm - ok
16:12:24.0790 5160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:12:24.0837 5160 IPBusEnum - ok
16:12:24.0837 5160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:12:24.0868 5160 IpFilterDriver - ok
16:12:24.0884 5160 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:12:24.0915 5160 iphlpsvc - ok
16:12:24.0915 5160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:12:24.0931 5160 IPMIDRV - ok
16:12:24.0946 5160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:12:24.0978 5160 IPNAT - ok
16:12:24.0978 5160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:12:24.0993 5160 IRENUM - ok
16:12:24.0993 5160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:12:25.0009 5160 isapnp - ok
16:12:25.0024 5160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:12:25.0040 5160 iScsiPrt - ok
16:12:25.0056 5160 [ DC0DBA5164F657DE2AE94B9D1FF75DA4 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:12:25.0071 5160 iusb3hcs - ok
16:12:25.0087 5160 [ BA4F3A70F03584E5B907DA815677727D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:12:25.0102 5160 iusb3hub - ok
16:12:25.0118 5160 [ E6130F70D61867C7EFC13A2F808EDC58 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:12:25.0134 5160 iusb3xhc - ok
16:12:25.0165 5160 [ 468F7516B4030603BA9D1427CCEACDF9 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:12:25.0180 5160 jhi_service - ok
16:12:25.0180 5160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:12:25.0196 5160 kbdclass - ok
16:12:25.0196 5160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:12:25.0212 5160 kbdhid - ok
16:12:25.0227 5160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:12:25.0243 5160 KeyIso - ok
16:12:25.0258 5160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:12:25.0258 5160 KSecDD - ok
16:12:25.0290 5160 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:12:25.0321 5160 KSecPkg - ok
16:12:25.0321 5160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:12:25.0368 5160 ksthunk - ok
16:12:25.0383 5160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:12:25.0414 5160 KtmRm - ok
16:12:25.0446 5160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:12:25.0492 5160 LanmanServer - ok
16:12:25.0508 5160 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:12:25.0524 5160 LanmanWorkstation - ok
16:12:25.0555 5160 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:12:25.0555 5160 Live Updater Service - ok
16:12:25.0586 5160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:12:25.0633 5160 lltdio - ok
16:12:25.0648 5160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:12:25.0695 5160 lltdsvc - ok
16:12:25.0695 5160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:12:25.0726 5160 lmhosts - ok
16:12:25.0726 5160 [ B114B200CCDEBC7EBD8EF5D783819386 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:12:25.0742 5160 LMS - ok
16:12:25.0758 5160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:12:25.0758 5160 LSI_FC - ok
16:12:25.0773 5160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:12:25.0773 5160 LSI_SAS - ok
16:12:25.0789 5160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:12:25.0804 5160 LSI_SAS2 - ok
16:12:25.0804 5160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:12:25.0820 5160 LSI_SCSI - ok
16:12:25.0836 5160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:12:25.0867 5160 luafv - ok
16:12:25.0867 5160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:12:25.0882 5160 Mcx2Svc - ok
16:12:25.0898 5160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:12:25.0914 5160 megasas - ok
16:12:25.0914 5160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:12:25.0929 5160 MegaSR - ok
16:12:25.0945 5160 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:12:25.0945 5160 MEIx64 - ok
16:12:25.0960 5160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:12:25.0976 5160 MMCSS - ok
16:12:25.0992 5160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:12:26.0023 5160 Modem - ok
16:12:26.0038 5160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:12:26.0054 5160 monitor - ok
16:12:26.0070 5160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:12:26.0085 5160 mouclass - ok
16:12:26.0085 5160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:12:26.0101 5160 mouhid - ok
16:12:26.0101 5160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:12:26.0101 5160 mountmgr - ok
16:12:26.0132 5160 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:12:26.0163 5160 MozillaMaintenance - ok
16:12:26.0163 5160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:12:26.0179 5160 mpio - ok
16:12:26.0194 5160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:12:26.0226 5160 mpsdrv - ok
16:12:26.0241 5160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:12:26.0272 5160 MpsSvc - ok
16:12:26.0288 5160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:12:26.0304 5160 MRxDAV - ok
16:12:26.0319 5160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:12:26.0335 5160 mrxsmb - ok
16:12:26.0350 5160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:12:26.0366 5160 mrxsmb10 - ok
16:12:26.0366 5160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:12:26.0382 5160 mrxsmb20 - ok
16:12:26.0382 5160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:12:26.0397 5160 msahci - ok
16:12:26.0413 5160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:12:26.0413 5160 msdsm - ok
16:12:26.0428 5160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:12:26.0444 5160 MSDTC - ok
16:12:26.0460 5160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:12:26.0475 5160 Msfs - ok
16:12:26.0491 5160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:12:26.0506 5160 mshidkmdf - ok
16:12:26.0522 5160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:12:26.0522 5160 msisadrv - ok
16:12:26.0538 5160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:12:26.0569 5160 MSiSCSI - ok
16:12:26.0569 5160 msiserver - ok
16:12:26.0584 5160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:12:26.0600 5160 MSKSSRV - ok
16:12:26.0600 5160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:12:26.0647 5160 MSPCLOCK - ok
16:12:26.0647 5160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:12:26.0662 5160 MSPQM - ok
16:12:26.0678 5160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:12:26.0694 5160 MsRPC - ok
16:12:26.0694 5160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:12:26.0709 5160 mssmbios - ok
16:12:26.0709 5160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:12:26.0740 5160 MSTEE - ok
16:12:26.0740 5160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:12:26.0756 5160 MTConfig - ok
16:12:26.0756 5160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:12:26.0772 5160 Mup - ok
16:12:26.0772 5160 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:12:26.0787 5160 mwlPSDFilter - ok
16:12:26.0787 5160 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:12:26.0787 5160 mwlPSDNServ - ok
16:12:26.0803 5160 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:12:26.0803 5160 mwlPSDVDisk - ok
16:12:26.0818 5160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:12:26.0850 5160 napagent - ok
16:12:26.0865 5160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:12:26.0881 5160 NativeWifiP - ok
16:12:26.0928 5160 [ 7F79DA9E719D0774BDBC3622ABD3AFD9 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
16:12:26.0959 5160 NAUpdate - ok
16:12:26.0974 5160 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:12:26.0990 5160 NDIS - ok
16:12:27.0006 5160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:12:27.0021 5160 NdisCap - ok
16:12:27.0037 5160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:12:27.0052 5160 NdisTapi - ok
16:12:27.0068 5160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:12:27.0099 5160 Ndisuio - ok
16:12:27.0099 5160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:12:27.0130 5160 NdisWan - ok
16:12:27.0130 5160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:12:27.0162 5160 NDProxy - ok
16:12:27.0162 5160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:12:27.0193 5160 NetBIOS - ok
16:12:27.0193 5160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:12:27.0224 5160 NetBT - ok
16:12:27.0224 5160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:12:27.0240 5160 Netlogon - ok
16:12:27.0255 5160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:12:27.0286 5160 Netman - ok
16:12:27.0333 5160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:12:27.0349 5160 NetMsmqActivator - ok
16:12:27.0349 5160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:12:27.0364 5160 NetPipeActivator - ok
16:12:27.0380 5160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:12:27.0427 5160 netprofm - ok
16:12:27.0427 5160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:12:27.0442 5160 NetTcpActivator - ok
16:12:27.0442 5160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:12:27.0442 5160 NetTcpPortSharing - ok
16:12:27.0458 5160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:12:27.0474 5160 nfrd960 - ok
16:12:27.0489 5160 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:12:27.0505 5160 NlaSvc - ok
16:12:27.0520 5160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:12:27.0536 5160 Npfs - ok
16:12:27.0552 5160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:12:27.0567 5160 nsi - ok
16:12:27.0583 5160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:12:27.0598 5160 nsiproxy - ok
16:12:27.0645 5160 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:12:27.0692 5160 Ntfs - ok
16:12:27.0692 5160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:12:27.0723 5160 Null - ok
16:12:27.0739 5160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:12:27.0739 5160 nvraid - ok
16:12:27.0754 5160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:12:27.0754 5160 nvstor - ok
16:12:27.0754 5160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:12:27.0770 5160 nv_agp - ok
16:12:27.0770 5160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:12:27.0786 5160 ohci1394 - ok
16:12:27.0832 5160 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:12:27.0848 5160 ose - ok
16:12:27.0957 5160 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:12:28.0066 5160 osppsvc - ok
16:12:28.0082 5160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:12:28.0098 5160 p2pimsvc - ok
16:12:28.0098 5160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:12:28.0113 5160 p2psvc - ok
16:12:28.0113 5160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:12:28.0129 5160 Parport - ok
16:12:28.0144 5160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:12:28.0160 5160 partmgr - ok
16:12:28.0160 5160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:12:28.0176 5160 PcaSvc - ok
16:12:28.0191 5160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:12:28.0207 5160 pci - ok
16:12:28.0207 5160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:12:28.0222 5160 pciide - ok
16:12:28.0238 5160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:12:28.0238 5160 pcmcia - ok
16:12:28.0254 5160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:12:28.0254 5160 pcw - ok
16:12:28.0269 5160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:12:28.0300 5160 PEAUTH - ok
16:12:28.0363 5160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:12:28.0378 5160 PerfHost - ok
16:12:28.0410 5160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:12:28.0503 5160 pla - ok
16:12:28.0519 5160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:12:28.0534 5160 PlugPlay - ok
16:12:28.0550 5160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:12:28.0581 5160 PNRPAutoReg - ok
16:12:28.0581 5160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:12:28.0581 5160 PNRPsvc - ok
16:12:28.0597 5160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:12:28.0628 5160 PolicyAgent - ok
16:12:28.0644 5160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:12:28.0659 5160 Power - ok
16:12:28.0675 5160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:12:28.0706 5160 PptpMiniport - ok
16:12:28.0706 5160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:12:28.0737 5160 Processor - ok
16:12:28.0753 5160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:12:28.0768 5160 ProfSvc - ok
16:12:28.0784 5160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:12:28.0800 5160 ProtectedStorage - ok
16:12:28.0815 5160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:12:28.0831 5160 Psched - ok
16:12:28.0862 5160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:12:28.0893 5160 ql2300 - ok
16:12:28.0893 5160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:12:28.0909 5160 ql40xx - ok
16:12:28.0924 5160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:12:28.0940 5160 QWAVE - ok
16:12:28.0956 5160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:12:28.0956 5160 QWAVEdrv - ok
16:12:28.0971 5160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:12:28.0987 5160 RasAcd - ok
16:12:29.0002 5160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:12:29.0034 5160 RasAgileVpn - ok
16:12:29.0049 5160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:12:29.0065 5160 RasAuto - ok
16:12:29.0080 5160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:12:29.0112 5160 Rasl2tp - ok
16:12:29.0127 5160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:12:29.0158 5160 RasMan - ok
16:12:29.0174 5160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:12:29.0205 5160 RasPppoe - ok
16:12:29.0205 5160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:12:29.0221 5160 RasSstp - ok
16:12:29.0236 5160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:12:29.0268 5160 rdbss - ok
16:12:29.0268 5160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:12:29.0283 5160 rdpbus - ok
16:12:29.0283 5160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:12:29.0314 5160 RDPCDD - ok
16:12:29.0314 5160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:12:29.0346 5160 RDPENCDD - ok
16:12:29.0361 5160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:12:29.0377 5160 RDPREFMP - ok
16:12:29.0408 5160 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:12:29.0424 5160 RdpVideoMiniport - ok
16:12:29.0455 5160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:12:29.0455 5160 RDPWD - ok
16:12:29.0470 5160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:12:29.0486 5160 rdyboost - ok
16:12:29.0486 5160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:12:29.0517 5160 RemoteAccess - ok
16:12:29.0533 5160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:12:29.0564 5160 RemoteRegistry - ok
16:12:29.0564 5160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:12:29.0595 5160 RpcEptMapper - ok
16:12:29.0611 5160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:12:29.0626 5160 RpcLocator - ok
16:12:29.0642 5160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:12:29.0658 5160 RpcSs - ok
16:12:29.0673 5160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:12:29.0689 5160 rspndr - ok
16:12:29.0704 5160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:12:29.0704 5160 SamSs - ok
16:12:29.0720 5160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:12:29.0736 5160 sbp2port - ok
16:12:29.0736 5160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:12:29.0767 5160 SCardSvr - ok
16:12:29.0767 5160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:12:29.0798 5160 scfilter - ok
16:12:29.0829 5160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:12:29.0860 5160 Schedule - ok
16:12:29.0876 5160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:12:29.0892 5160 SCPolicySvc - ok
16:12:29.0907 5160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:12:29.0923 5160 SDRSVC - ok
16:12:29.0938 5160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:12:29.0954 5160 secdrv - ok
16:12:29.0970 5160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:12:29.0985 5160 seclogon - ok
16:12:30.0001 5160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:12:30.0016 5160 SENS - ok
16:12:30.0032 5160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:12:30.0032 5160 SensrSvc - ok
16:12:30.0063 5160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:12:30.0063 5160 Serenum - ok
16:12:30.0079 5160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:12:30.0079 5160 Serial - ok
16:12:30.0094 5160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:12:30.0110 5160 sermouse - ok
16:12:30.0126 5160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:12:30.0157 5160 SessionEnv - ok
16:12:30.0157 5160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:12:30.0157 5160 sffdisk - ok
16:12:30.0172 5160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:12:30.0172 5160 sffp_mmc - ok
16:12:30.0172 5160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:12:30.0188 5160 sffp_sd - ok
16:12:30.0204 5160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:12:30.0204 5160 sfloppy - ok
16:12:30.0235 5160 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
16:12:30.0266 5160 Sftfs - ok
16:12:30.0297 5160 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:12:30.0328 5160 sftlist - ok
16:12:30.0344 5160 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:12:30.0360 5160 Sftplay - ok
16:12:30.0360 5160 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:12:30.0375 5160 Sftredir - ok
16:12:30.0375 5160 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
16:12:30.0391 5160 Sftvol - ok
16:12:30.0391 5160 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:12:30.0406 5160 sftvsa - ok
16:12:30.0422 5160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:12:30.0453 5160 SharedAccess - ok
16:12:30.0469 5160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:12:30.0500 5160 ShellHWDetection - ok
16:12:30.0500 5160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:12:30.0516 5160 SiSRaid2 - ok
16:12:30.0516 5160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:12:30.0531 5160 SiSRaid4 - ok
16:12:30.0562 5160 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:12:30.0578 5160 SkypeUpdate - ok
16:12:30.0594 5160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:12:30.0625 5160 Smb - ok
16:12:30.0640 5160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:12:30.0656 5160 SNMPTRAP - ok
16:12:30.0672 5160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:12:30.0672 5160 spldr - ok
16:12:30.0687 5160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:12:30.0703 5160 Spooler - ok
16:12:30.0734 5160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:12:30.0796 5160 sppsvc - ok
16:12:30.0812 5160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:12:30.0828 5160 sppuinotify - ok
16:12:30.0843 5160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:12:30.0859 5160 srv - ok
16:12:30.0874 5160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:12:30.0890 5160 srv2 - ok
16:12:30.0906 5160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:12:30.0921 5160 srvnet - ok
16:12:30.0937 5160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:12:30.0952 5160 SSDPSRV - ok
16:12:30.0968 5160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:12:30.0984 5160 SstpSvc - ok
16:12:31.0015 5160 [ EA8F41484CCC5BA6A1455C2AD3D1BE3C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
16:12:31.0030 5160 ssudmdm - ok
16:12:31.0062 5160 [ 58C89A89D4AF0288DCF432EC0B358438 ] ssudserd C:\Windows\system32\DRIVERS\ssudserd.sys
16:12:31.0077 5160 ssudserd - ok
16:12:31.0093 5160 Steam Client Service - ok
16:12:31.0108 5160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:12:31.0124 5160 stexstor - ok
16:12:31.0140 5160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:12:31.0171 5160 stisvc - ok
16:12:31.0186 5160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:12:31.0202 5160 swenum - ok
16:12:31.0218 5160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:12:31.0264 5160 swprv - ok
16:12:31.0311 5160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:12:31.0342 5160 SysMain - ok
16:12:31.0358 5160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:12:31.0374 5160 TabletInputService - ok
16:12:31.0389 5160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:12:31.0405 5160 TapiSrv - ok
16:12:31.0420 5160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:12:31.0436 5160 TBS - ok
16:12:31.0467 5160 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:12:31.0530 5160 Tcpip - ok
16:12:31.0545 5160 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:12:31.0561 5160 TCPIP6 - ok
16:12:31.0576 5160 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:12:31.0592 5160 tcpipreg - ok
16:12:31.0608 5160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:12:31.0623 5160 TDPIPE - ok
16:12:31.0623 5160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:12:31.0639 5160 TDTCP - ok
16:12:31.0654 5160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:12:31.0670 5160 tdx - ok
16:12:31.0686 5160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:12:31.0686 5160 TermDD - ok
16:12:31.0701 5160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:12:31.0732 5160 TermService - ok
16:12:31.0748 5160 [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
16:12:31.0748 5160 TFsExDisk - ok
16:12:31.0764 5160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:12:31.0764 5160 Themes - ok
16:12:31.0779 5160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:12:31.0810 5160 THREADORDER - ok
16:12:31.0810 5160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:12:31.0842 5160 TrkWks - ok
16:12:31.0873 5160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:12:31.0904 5160 TrustedInstaller - ok
16:12:31.0920 5160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:12:31.0935 5160 tssecsrv - ok
16:12:31.0966 5160 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:12:31.0982 5160 TsUsbFlt - ok
16:12:31.0998 5160 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:12:32.0013 5160 TsUsbGD - ok
16:12:32.0029 5160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:12:32.0076 5160 tunnel - ok
16:12:32.0076 5160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:12:32.0091 5160 uagp35 - ok
16:12:32.0107 5160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:12:32.0138 5160 udfs - ok
16:12:32.0154 5160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:12:32.0154 5160 UI0Detect - ok
16:12:32.0169 5160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:12:32.0185 5160 uliagpkx - ok
16:12:32.0185 5160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:12:32.0216 5160 umbus - ok
16:12:32.0216 5160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:12:32.0232 5160 UmPass - ok
16:12:32.0294 5160 [ 6617E7CC9DC6729A11BFF54C47CEA7D0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:12:32.0310 5160 UNS - ok
16:12:32.0310 5160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:12:32.0356 5160 upnphost - ok
16:12:32.0356 5160 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:12:32.0372 5160 usbccgp - ok
16:12:32.0388 5160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:12:32.0403 5160 usbcir - ok
16:12:32.0403 5160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:12:32.0419 5160 usbehci - ok
16:12:32.0434 5160 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
16:12:32.0450 5160 usbhub - ok
16:12:32.0466 5160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:12:32.0481 5160 usbohci - ok
16:12:32.0481 5160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:12:32.0497 5160 usbprint - ok
16:12:32.0512 5160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:12:32.0528 5160 USBSTOR - ok
16:12:32.0528 5160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:12:32.0559 5160 usbuhci - ok
16:12:32.0559 5160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:12:32.0606 5160 UxSms - ok
16:12:32.0606 5160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:12:32.0622 5160 VaultSvc - ok
16:12:32.0622 5160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:12:32.0637 5160 vdrvroot - ok
16:12:32.0653 5160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:12:32.0684 5160 vds - ok
16:12:32.0700 5160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:12:32.0700 5160 vga - ok
16:12:32.0715 5160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:12:32.0731 5160 VgaSave - ok
16:12:32.0746 5160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:12:32.0762 5160 vhdmp - ok
16:12:32.0762 5160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:12:32.0778 5160 viaide - ok
16:12:32.0778 5160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:12:32.0793 5160 volmgr - ok
16:12:32.0809 5160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:12:32.0809 5160 volmgrx - ok
16:12:32.0824 5160 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:12:32.0840 5160 volsnap - ok
16:12:32.0856 5160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:12:32.0856 5160 vsmraid - ok
16:12:32.0887 5160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:12:32.0965 5160 VSS - ok
16:12:32.0980 5160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:12:33.0012 5160 vwifibus - ok
16:12:33.0027 5160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:12:33.0058 5160 vwififlt - ok
16:12:33.0074 5160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:12:33.0105 5160 W32Time - ok
16:12:33.0121 5160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:12:33.0136 5160 WacomPen - ok
16:12:33.0136 5160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:12:33.0168 5160 WANARP - ok
16:12:33.0168 5160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:12:33.0183 5160 Wanarpv6 - ok
16:12:33.0214 5160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:12:33.0246 5160 wbengine - ok
16:12:33.0277 5160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:12:33.0308 5160 WbioSrvc - ok
16:12:33.0308 5160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:12:33.0339 5160 wcncsvc - ok
16:12:33.0355 5160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:12:33.0370 5160 WcsPlugInService - ok
16:12:33.0386 5160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:12:33.0402 5160 Wd - ok
16:12:33.0433 5160 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:12:33.0464 5160 Wdf01000 - ok
16:12:33.0480 5160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:12:33.0511 5160 WdiServiceHost - ok
16:12:33.0511 5160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:12:33.0526 5160 WdiSystemHost - ok
16:12:33.0542 5160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:12:33.0573 5160 WebClient - ok
16:12:33.0589 5160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:12:33.0636 5160 Wecsvc - ok
16:12:33.0636 5160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:12:33.0667 5160 wercplsupport - ok
16:12:33.0682 5160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:12:33.0698 5160 WerSvc - ok
16:12:33.0698 5160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:12:33.0729 5160 WfpLwf - ok
16:12:33.0729 5160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:12:33.0745 5160 WIMMount - ok
16:12:33.0760 5160 WinDefend - ok
16:12:33.0760 5160 WinHttpAutoProxySvc - ok
16:12:33.0807 5160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:12:33.0838 5160 Winmgmt - ok
16:12:33.0870 5160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:12:33.0916 5160 WinRM - ok
16:12:33.0948 5160 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:12:33.0963 5160 WinUsb - ok
16:12:33.0979 5160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:12:34.0010 5160 Wlansvc - ok
16:12:34.0041 5160 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:12:34.0057 5160 wlcrasvc - ok
16:12:34.0104 5160 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:12:34.0182 5160 wlidsvc - ok
16:12:34.0182 5160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:12:34.0197 5160 WmiAcpi - ok
16:12:34.0213 5160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:12:34.0228 5160 wmiApSrv - ok
16:12:34.0244 5160 WMPNetworkSvc - ok
16:12:34.0260 5160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:12:34.0291 5160 WPCSvc - ok
16:12:34.0291 5160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:12:34.0306 5160 WPDBusEnum - ok
16:12:34.0322 5160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:12:34.0353 5160 ws2ifsl - ok
16:12:34.0353 5160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:12:34.0369 5160 wscsvc - ok
16:12:34.0369 5160 WSearch - ok
16:12:34.0400 5160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:12:34.0447 5160 wuauserv - ok
16:12:34.0478 5160 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:12:34.0478 5160 WudfPf - ok
16:12:34.0494 5160 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:12:34.0509 5160 WUDFRd - ok
16:12:34.0525 5160 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:12:34.0540 5160 wudfsvc - ok
16:12:34.0556 5160 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:12:34.0572 5160 WwanSvc - ok
16:12:34.0603 5160 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
16:12:34.0618 5160 xusb21 - ok
16:12:34.0634 5160 ================ Scan global ===============================
16:12:34.0650 5160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:12:34.0665 5160 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:12:34.0665 5160 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:12:34.0681 5160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:12:34.0696 5160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:12:34.0712 5160 [Global] - ok
16:12:34.0712 5160 ================ Scan MBR ==================================
16:12:34.0728 5160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:12:34.0930 5160 \Device\Harddisk0\DR0 - ok
16:12:34.0930 5160 ================ Scan VBR ==================================
16:12:34.0930 5160 [ CE41796E4142E3A245A5593688C069D7 ] \Device\Harddisk0\DR0\Partition1
16:12:34.0930 5160 \Device\Harddisk0\DR0\Partition1 - ok
16:12:34.0946 5160 [ 10108885B2F564533081DE2235B35D36 ] \Device\Harddisk0\DR0\Partition2
16:12:34.0946 5160 \Device\Harddisk0\DR0\Partition2 - ok
16:12:34.0962 5160 [ FC23C9CE722B764E998DBDE99283B873 ] \Device\Harddisk0\DR0\Partition3
16:12:34.0977 5160 \Device\Harddisk0\DR0\Partition3 - ok
16:12:34.0977 5160 ============================================================
16:12:34.0977 5160 Scan finished
16:12:34.0977 5160 ============================================================
16:12:34.0977 5172 Detected object count: 0
16:12:34.0977 5172 Actual detected object count: 0
16:13:06.0990 2084 Deinitialize success
|
|
11.06.2013, 17:46
| #9 |
| /// Malware-holic | hat perion network ltd mit einem virus zu tun? Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 16:49
| #10 |
| | hat perion network ltd mit einem virus zu tun? Okay! Es gab keinerlei Fehlermeldungen oder sonstiges, alles hat geklappt, wie geschmiert. Code:
ATTFilter ComboFix 13-06-08.02 - Maxim 12.06.2013 17:41:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8141.6209 [GMT 2:00]
ausgeführt von:: c:\users\Maxim\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Funmoods
c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortApp.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortEng.dll
c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe
c:\program files (x86)\Funmoods\1.5.23.22\Sqlite3.dll
c:\program files (x86)\Funmoods\1.5.23.22\uninst.dat
c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
c:\program files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe
c:\users\Maxim\AppData\Roaming\Love
c:\users\Maxim\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\settings.txt
c:\users\Maxim\AppData\Roaming\Love\mari0\options.txt
c:\windows\SysWow64\muzapp.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 15:44 . 2013-06-12 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 14:34 . 2013-06-11 14:34 -------- d-----w- c:\program files (x86)\MyFree Codec
2013-06-11 14:26 . 2013-04-18 10:09 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys
2013-06-11 14:26 . 2013-04-18 10:09 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2013-06-11 14:26 . 2011-06-07 10:14 110592 ----a-w- c:\windows\SysWow64\FsUsbExDevice.Dll
2013-06-11 14:18 . 2013-06-11 15:48 -------- d-----w- c:\users\Maxim\AppData\Roaming\Mp3tag
2013-06-11 14:18 . 2013-06-11 14:18 -------- d-----w- c:\program files (x86)\Mp3tag
2013-06-04 07:15 . 2013-06-04 07:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-04 07:15 . 2013-06-04 07:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-06-02 15:26 . 2013-06-08 13:53 -------- d-----w- c:\windows\SysWow64\WNLT
2013-06-02 15:26 . 2013-06-03 13:50 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-02 15:26 . 2013-06-02 15:26 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-02 15:26 . 2013-05-21 13:31 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-02 15:26 . 2013-05-21 13:30 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-05-24 16:23 . 2013-05-24 16:23 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-05-16 15:24 . 2013-05-17 09:56 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-05-14 12:24 . 2013-05-14 12:24 -------- d-----w- c:\program files (x86)\RobotKarol
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 11:55 . 2012-12-21 09:33 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 12:56 . 2012-03-06 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 12:56 . 2012-03-06 11:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-10 08:25 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-07 14:30 . 2013-05-07 14:30 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-04-18 10:07 . 2011-06-07 10:13 330240 ----a-w- c:\windows\MASetupCaller.dll
2013-04-18 10:06 . 2011-06-07 10:13 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2013-04-13 05:49 . 2013-05-16 10:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 10:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 10:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 10:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 10:32 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 10:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 14:05 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-03-12 16:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-25 15:09 . 2013-03-25 15:10 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-25 15:09 . 2013-03-25 15:10 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-25 15:09 . 2013-03-25 15:10 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-22 16:46 . 2013-03-22 16:46 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2013-03-19 06:04 . 2013-04-10 14:26 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 14:26 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 14:26 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:26 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 14:26 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 14:26 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-05 18:29 280224 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-06-11 844168]
"GoogleChromeAutoLaunch_2224EFB454677649883A81667BB74C2F"="c:\users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-05-29 825808]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-04 291096]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2012-02-07 636520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe" [2012-02-09 979360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK-Konfigurationstool.lnk - c:\program files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0020681355933756mcinstcleanup;McAfee Application Installer Cleanup (0020681355933756);c:\users\Maxim\AppData\Local\Temp\002068~1.EXE;c:\users\Maxim\AppData\Local\Temp\002068~1.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-06 12:56]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 17:02]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 17:02]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2876425596-1576428904-3266098967-1000Core.job
- c:\users\Maxim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-17 17:42]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2876425596-1576428904-3266098967-1000UA.job
- c:\users\Maxim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-17 17:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-05 18:29 339104 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\mmyhaeko.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276&q=
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276&q=
FF - user.js: extensions.funmoods.id - E840F297ABCA9A20
FF - user.js: extensions.funmoods.instlDay - 15694
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:54
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - orgnl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
Toolbar-Locked - (no file)
Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file)
AddRemove-funmoods - c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12 17:45:58
ComboFix-quarantined-files.txt 2013-06-12 15:45
.
Vor Suchlauf: 8 Verzeichnis(se), 338.231.001.088 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 339.447.599.104 Bytes frei
.
- - End Of File - - E0AAA09135D55C2AE3B394A3216EDE76
D41D8CD98F00B204E9800998ECF8427E
|
|
12.06.2013, 17:51
| #11 |
| /// Malware-holic | hat perion network ltd mit einem virus zu tun? Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 18:32
| #12 |
| | hat perion network ltd mit einem virus zu tun? Hallo, Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Maxim :: MAXIM-PC [Administrator] Schutz: Aktiviert 12.06.2013 18:56:50 mbam-log-2013-06-12 (18-56-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 379711 Laufzeit: 24 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Daten: hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzyyB0A0B0C0Azy0AtBtDtN0D0Tzu0CtAyDyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1747522276) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 9 C:\$RECYCLE.BIN\S-1-5-21-2876425596-1576428904-3266098967-1000\$RRL5LV7.zip (Malware.Packer.Krunchy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll.vir (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll.vir (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll.vir (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe.vir (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll.vir (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maxim\AppData\Local\Temp\Rar$EXa0.076\sumotori.exe (Malware.Packer.Krunchy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maxim\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maxim\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
12.06.2013, 18:33
| #13 |
| /// Malware-holic | hat perion network ltd mit einem virus zu tun? Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 14:31
| #14 |
| | hat perion network ltd mit einem virus zu tun? Hallo, Code:
ATTFilter Ace of Spades 05.03.2013 notwendig Acer eRecovery Management Acer Incorporated 06.03.2012 5.00.3507 notwendig Acer Registration Acer Incorporated 08.12.2012 1.04.3506 notwendig Acer ScreenSaver Acer Incorporated 08.12.2012 1.1.0609.2011 notwendig Acer Updater Acer Incorporated 06.03.2012 1.02.3501 notwendig Adobe AIR Adobe Systems Incorporated 11.06.2013 3.7.0.2090 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 notwendig Adobe Reader X (10.1.7) MUI Adobe Systems Incorporated 16.05.2013 481MB 10.1.7 notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 20.12.2012 26,2MB 8.0.873.0 notwendig Ashampoo Burning Studio 2012 v.10.0.15 Ashampoo GmbH & Co. KG 17.12.2012 143MB 10.0.15 unnötig Audacity 2.0.3 Audacity Team 21.03.2013 44,1MB 2.0.3 notwendig Avira Free Antivirus Avira 07.05.2013 129MB 13.0.0.3640 notwendig CCleaner Piriform 24.05.2013 4.02 DmC Devil May Cry 30.03.2013 notwendig Free YouTube Download version 3.2.1.320 DVDVideoSoft Ltd. 06.04.2013 70,6MB 3.2.1.320 notwendig Free YouTube to MP3 Converter version 3.12.1.320 DVDVideoSoft Ltd. 06.04.2013 77,2MB 3.12.1.320 notwendig Funmoods 20.12.2012 VIRUS! Futuremark SystemInfo Futuremark Corporation 10.05.2013 4.17.0 unnötig Google Chrome Google Inc. 17.12.2012 27.0.1453.110 notwendig Google Earth Google 17.12.2012 173MB 7.0.2.8415 notwendig Grand Theft Auto: San Andreas Rockstar 29.03.2013 notwendig Hell Yeah! 18.04.2013 notwendig Hotkey Utility Acer Incorporated 09.12.2012 2.05.3510 notwendig IB Updater Service 02.06.2013 3.0.5.4 unbekannt Identity Card Acer Incorporated 08.12.2012 1.00.3501 notwendig Intel(R) Control Center Intel Corporation 09.12.2012 1.2.1.1007 notwendig Intel(R) Management Engine Components Intel Corporation 09.12.2012 8.0.2.1410 notwendig Intel(R) Rapid Storage Technology Intel Corporation 09.12.2012 11.0.0.1032 notwendig Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 09.12.2012 1.0.0.199 notwendig Intel® Trusted Connect Service Client Intel Corporation 09.12.2012 10,6MB 1.23.605.1 notwendig Java 7 Update 21 Oracle 12.03.2013 129MB 7.0.210 notwendig LogMeIn Hamachi LogMeIn, Inc. 24.05.2013 2.1.0.362 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 12.06.2013 19,2MB 1.75.0.1300 Mass Effect 2 BioWare 17.05.2013 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 17.12.2012 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 17.12.2012 2,93MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 17.12.2012 51,9MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 17.12.2012 10,6MB 4.0.30319 notwendig Microsoft Office 2010 Microsoft Corporation 09.12.2012 6,31MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 21.12.2012 14.0.4763.1000 notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 21.12.2012 14.0.5139.5005 notwendig Microsoft Silverlight Microsoft Corporation 13.03.2013 50,6MB 5.1.20125.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 06.03.2012 1,69MB 3.1.0000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.12.2012 300KB 8.0.56336 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 22.12.2012 252KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.12.2012 788KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 28.03.2013 1,41MB 9.0.21022 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.03.2012 596KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.03.2012 592KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.12.2012 600KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 02.06.2013 13,7MB 10.0.30319 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 21.12.2012 12,2MB 10.0.40219 notwendig Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 22.03.2013 7,55MB 3.1.10527.0 notwendig Microsoft XNA Framework Redistributable 4.0 Refresh Microsoft Corporation 24.04.2013 8,03MB 4.0.30901.0 notwendig Microsoft_VC100_CRT_x64 Microsoft 17.12.2012 1,35MB 1.0.0 notwendig Mirror's Edge DICE 10.04.2013 notwendig Mozilla Firefox 18.0.1 (x86 de) Mozilla 25.02.2013 43,2MB 18.0.1 notwendig Mozilla Maintenance Service Mozilla 17.05.2013 331KB 17.0.6 notwendig Mozilla Thunderbird 17.0.6 (x86 de) Mozilla 17.05.2013 41,9MB 17.0.6 notwendig Mp3tag v2.55a Florian Heidenreich 11.06.2013 v2.55a notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.12.2012 1,27MB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.12.2012 1,33MB 4.20.9876.0 notwendig MyFreeCodec 11.06.2013 unbekannt MyWinLocker Suite Egis Technology Inc. 06.03.2012 2,63MB 4.0.14.18 notwendig Need for Speed: Undercover EA Black Box 04.03.2013 notwendig Nero DiscSpeed 10 Nero AG 06.03.2012 7,21MB 6.4.10500.1.100 unbekannt Nero Express 10 Nero AG 06.03.2012 165MB 10.6.10700.5.100 unbekannt Nero Multimedia Suite 10 Essentials Nero AG 06.03.2012 373MB 10.6.10300 unbekannt Nero StartSmart 10 Nero AG 06.03.2012 143MB 10.6.10600.4.100 unbekannt Nexus Mod Manager Black Tree Gaming 07.05.2013 14,0MB 0.44.11 notwendig NVIDIA PhysX v8.10.17 NVIDIA Corporation 12.04.2013 119MB 8.10.17 notwendig OpenAL 24.02.2013 unbekannt OpenOffice.org 3.4.1 Apache Software Foundation 17.12.2012 331MB 3.41.9593 notwendig PlayReady PC Runtime amd64 Microsoft Corporation 09.12.2012 2,05MB 1.3.0 notwendig PlayReady PC Runtime x86 Microsoft Corporation 09.12.2012 1,65MB 1.3.0 notwendig Portal 2 Valve 19.04.2013 notwendig Razer Arctosa Razer USA Ltd. 21.12.2012 1.00.0000 notwendig Razer Imperator Razer USA Ltd. 21.12.2012 14,6MB 2.02.00 notwendig Samsung Kies Samsung Electronics Co., Ltd. 21.12.2012 184MB 2.0.1.11053_99 notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 11.06.2013 47,4MB 1.5.23.0 notwendig simfy simfy AG 13.04.2013 1.7.3 notwendig Skype™ 6.3 Skype Technologies S.A. 17.05.2013 21,1MB 6.3.107 notwendig Spore Maxis 12.03.2013 notwendig Spore: Creepy & Cute Parts Pack Maxis 12.03.2013 notwendig Steam Valve Corporation 17.12.2012 1,77MB 1.0.0.0 notwendig SweetPacks bundle uninstaller SweetIM Technologies Ltd. 19.12.2012 2,46MB 1.0.0000 VIRUS! System Requirements Lab CYRI Husdawg, LLC 17.12.2012 579KB 5.0.6.0 unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 10.05.2013 3.0.10.1 notwendig The Elder Scrolls V: Skyrim Bethesda Game Studios 24.12.2012 notwendig Torchlight II 06.04.2013 notwendig TP-LINK TL-WN821N_WN822N Treiber TP-LINK 17.12.2012 1.2.1 notwendig TP-LINK-Konfigurationstool TP-LINK 17.12.2012 1.2.1 notwendig Transformers: Fall of Cybertron 21.05.2013 notwendig Update Manager for SweetPacks 1.1 SweetIM Technologies Ltd. 19.12.2012 2,76MB 1.1.0008 VIRUS! Welcome Center Acer Incorporated 08.12.2012 1.02.3507 notwendig Windows Live Essentials Microsoft Corporation 06.03.2012 15.4.3538.0513 notwendig WinRAR 4.20 (64-Bit) win.rar GmbH 30.01.2013 4.20.0 notwendig |
|
13.06.2013, 18:45
| #15 |
| /// Malware-holic | hat perion network ltd mit einem virus zu tun? deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Ashampoo Funmoods Futuremark IB Updater Nero : alle, falls nich verwendet SweetPacks Update Manager Öffne CCleaner, analysieren, starten, pc neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu hat perion network ltd mit einem virus zu tun? |
| beiträge, besser, computer, diverse, entferne, entfernen, fenster, foren, frage, fragt, gen, hierbei, interne, internet, klicke, klicken, network, neu, perion network ltd, problem, schlau, starte, virus, warscheinlich, Änderungen, öffnet |
WARNUNG an die MITLESER: 
Linear-Darstellung
