| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2012, 20:28
| #16 |
 |  Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( unhide hat mir mitgeteilt, dass ich mein antivirus programm kurz deaktivieren soll und den vorgang wiederholen soll, falls noch items unter dem start menü fehlen...soll ich das jetzt gleich oder lieber ganz zum schluss, nach all den anderen sachen machen? hier schonmal das logfile, die anderen kommen gleich: Code:
ATTFilter Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 03/19/2012 08:20:48 PM
Windows Version: Windows 7
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 196897 files processed.
Processing the Q:\ drive
Finished processing the Q:\ drive. 0 files processed.
Restoring the Start Menu.
* 233 Shortcuts and Desktop items were restored.
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
Program finished at: 03/19/2012 08:25:18 PM
Execution time: 0 hours(s), 4 minute(s), and 29 seconds(s)
|
|
19.03.2012, 20:30
| #17 |
| /// Malwareteam    | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( In meiner Einleitung stand, dass du stoppen sollst, wenn etwas unklar ist!
__________________ In dem Fall nicht schlimm - fehlen dir noch Einträge im Startmenü?
__________________ Geändert von Psychotic (19.03.2012 um 20:36 Uhr) |
|
19.03.2012, 20:35
| #18 |
| | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( ja die nachricht ist erst am schluss aufgepoppt, da konnte ich eh nichts mehr stoppen, keine sorge ich bin schon brav^^
__________________ja mir fehlen noch einträge im startmenü, u.a. auch systemsteuerung usw. die desktop icons sind aber schon wieder wie vorher =D dankeschön schonmal für die große hilfe  |
|
19.03.2012, 20:37
| #19 |
| | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 20:30:55
-----------------------------
20:30:55.203 OS Version: Windows x64 6.1.7601 Service Pack 1
20:30:55.204 Number of processors: 4 586 0x2A07
20:30:55.204 ComputerName: LEA-PC UserName: Lea
20:30:58.472 Initialize success
20:35:02.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:35:02.342 Disk 0 Vendor: TOSHIBA_ GL00 Size: 953869MB BusType: 3
20:35:02.361 Disk 0 MBR read successfully
20:35:02.364 Disk 0 MBR scan
20:35:02.366 Disk 0 Windows 7 default MBR code
20:35:02.381 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
20:35:02.397 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
20:35:02.411 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 933278 MB offset 42149888
20:35:02.429 Disk 0 scanning C:\Windows\system32\drivers
20:35:08.642 Service scanning
20:35:47.193 Modules scanning
20:35:47.195 Disk 0 trace - called modules:
20:35:47.198
20:35:47.198 Scan finished successfully
20:36:38.407 Disk 0 MBR has been saved successfully to "C:\Users\Lea\Desktop\MBR.dat"
20:36:38.411 The log file has been saved successfully to "C:\Users\Lea\Desktop\aswMBR.txt"
|
|
19.03.2012, 20:38
| #20 |
| /// Malwareteam | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( Dann deaktiviere bitte Antivir, führe unhide erneut aus und reaktiviere Antivir direkt wieder. Mach dann mit den anderen Schritten weiter und poste die logfiles, wenn du alle beisammen hast! 
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.03.2012, 20:41
| #21 |
| | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( yes, sir!  |
|
19.03.2012, 20:45
| #22 |
| | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( tdsskiller hat nichts gefunden....brauchst du dann trotzdem das logfile? |
|
19.03.2012, 20:54
| #23 |
| /// Malwareteam | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( Sonst hätte ich sie nicht angefordert! -.-
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.03.2012, 20:58
| #24 |
| | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :(Code:
ATTFilter 20:39:30.0038 5584 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
20:39:32.0039 5584 ============================================================
20:39:32.0039 5584 Current date / time: 2012/03/19 20:39:32.0039
20:39:32.0039 5584 SystemInfo:
20:39:32.0039 5584
20:39:32.0039 5584 OS Version: 6.1.7601 ServicePack: 1.0
20:39:32.0039 5584 Product type: Workstation
20:39:32.0039 5584 ComputerName: LEA-PC
20:39:32.0039 5584 UserName: Lea
20:39:32.0039 5584 Windows directory: C:\Windows
20:39:32.0039 5584 System windows directory: C:\Windows
20:39:32.0039 5584 Running under WOW64
20:39:32.0040 5584 Processor architecture: Intel x64
20:39:32.0040 5584 Number of processors: 4
20:39:32.0040 5584 Page size: 0x1000
20:39:32.0040 5584 Boot type: Normal boot
20:39:32.0040 5584 ============================================================
20:39:32.0426 5584 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:39:32.0429 5584 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:39:32.0431 5584 \Device\Harddisk0\DR0:
20:39:32.0431 5584 MBR used
20:39:32.0431 5584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
20:39:32.0431 5584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x71ECF5B0
20:39:32.0431 5584 \Device\Harddisk1\DR1:
20:39:32.0432 5584 MBR used
20:39:32.0432 5584 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x890, BlocksNum 0xEEF770
20:39:32.0450 5584 Initialize success
20:39:32.0450 5584 ============================================================
20:39:35.0194 6040 ============================================================
20:39:35.0194 6040 Scan started
20:39:35.0194 6040 Mode: Manual;
20:39:35.0194 6040 ============================================================
20:39:35.0689 6040 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:39:35.0692 6040 1394ohci - ok
20:39:35.0812 6040 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:39:35.0819 6040 ACPI - ok
20:39:35.0914 6040 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:39:35.0915 6040 AcpiPmi - ok
20:39:36.0162 6040 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:39:36.0171 6040 adp94xx - ok
20:39:36.0291 6040 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:39:36.0296 6040 adpahci - ok
20:39:36.0415 6040 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:39:36.0417 6040 adpu320 - ok
20:39:36.0553 6040 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:39:36.0565 6040 AFD - ok
20:39:36.0670 6040 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:39:36.0672 6040 agp440 - ok
20:39:36.0781 6040 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:39:36.0782 6040 aliide - ok
20:39:36.0881 6040 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:39:36.0882 6040 amdide - ok
20:39:36.0982 6040 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:39:36.0983 6040 AmdK8 - ok
20:39:37.0084 6040 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:39:37.0086 6040 AmdPPM - ok
20:39:37.0231 6040 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:39:37.0233 6040 amdsata - ok
20:39:37.0338 6040 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:39:37.0342 6040 amdsbs - ok
20:39:37.0452 6040 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:39:37.0454 6040 amdxata - ok
20:39:37.0637 6040 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:39:37.0641 6040 AppID - ok
20:39:37.0783 6040 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:39:37.0785 6040 arc - ok
20:39:37.0885 6040 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:39:37.0888 6040 arcsas - ok
20:39:37.0985 6040 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:39:37.0989 6040 AsyncMac - ok
20:39:38.0099 6040 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:39:38.0100 6040 atapi - ok
20:39:38.0277 6040 athr (c8679a07267f030704168e45e27c3d43) C:\Windows\system32\DRIVERS\athrx.sys
20:39:38.0309 6040 athr - ok
20:39:38.0435 6040 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:39:38.0437 6040 avgntflt - ok
20:39:38.0549 6040 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
20:39:38.0552 6040 avipbb - ok
20:39:38.0671 6040 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:39:38.0672 6040 avkmgr - ok
20:39:38.0802 6040 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:39:38.0812 6040 b06bdrv - ok
20:39:38.0920 6040 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:39:38.0926 6040 b57nd60a - ok
20:39:39.0043 6040 b57xdbd (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\DRIVERS\b57xdbd.sys
20:39:39.0045 6040 b57xdbd - ok
20:39:39.0177 6040 b57xdmp (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\DRIVERS\b57xdmp.sys
20:39:39.0177 6040 b57xdmp - ok
20:39:39.0310 6040 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:39:39.0311 6040 Beep - ok
20:39:39.0439 6040 BHDrvx64 (440eee1cf57ed22e8838df6e60c8c45d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys
20:39:39.0445 6040 BHDrvx64 - ok
20:39:39.0536 6040 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:39:39.0536 6040 blbdrive - ok
20:39:39.0629 6040 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:39:39.0632 6040 bowser - ok
20:39:39.0741 6040 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:39:39.0743 6040 BrFiltLo - ok
20:39:39.0830 6040 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:39:39.0832 6040 BrFiltUp - ok
20:39:39.0942 6040 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:39:39.0949 6040 Brserid - ok
20:39:40.0051 6040 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:39:40.0053 6040 BrSerWdm - ok
20:39:40.0151 6040 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:39:40.0152 6040 BrUsbMdm - ok
20:39:40.0285 6040 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:39:40.0286 6040 BrUsbSer - ok
20:39:40.0406 6040 bScsiMSa (520408cfdb56de8cdb44b2f11b9c5b5c) C:\Windows\system32\DRIVERS\bScsiMSa.sys
20:39:40.0407 6040 bScsiMSa - ok
20:39:40.0519 6040 bScsiSDa (9f880f03f4a72215c8b77fd51322c297) C:\Windows\system32\DRIVERS\bScsiSDa.sys
20:39:40.0520 6040 bScsiSDa - ok
20:39:40.0676 6040 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:39:40.0678 6040 BTHMODEM - ok
20:39:40.0784 6040 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:39:40.0787 6040 cdfs - ok
20:39:40.0883 6040 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:39:40.0886 6040 cdrom - ok
20:39:40.0991 6040 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:39:40.0992 6040 circlass - ok
20:39:41.0082 6040 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:39:41.0090 6040 CLFS - ok
20:39:41.0231 6040 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:39:41.0232 6040 CmBatt - ok
20:39:41.0315 6040 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:39:41.0316 6040 cmdide - ok
20:39:41.0433 6040 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:39:41.0443 6040 CNG - ok
20:39:41.0555 6040 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:39:41.0556 6040 Compbatt - ok
20:39:41.0639 6040 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:39:41.0640 6040 CompositeBus - ok
20:39:41.0738 6040 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:39:41.0739 6040 crcdisk - ok
20:39:41.0878 6040 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:39:41.0881 6040 DfsC - ok
20:39:41.0992 6040 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:39:41.0994 6040 discache - ok
20:39:42.0102 6040 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:39:42.0104 6040 Disk - ok
20:39:42.0224 6040 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:39:42.0225 6040 drmkaud - ok
20:39:42.0365 6040 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:39:42.0381 6040 DXGKrnl - ok
20:39:42.0552 6040 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:39:42.0606 6040 ebdrv - ok
20:39:42.0719 6040 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:39:42.0727 6040 eeCtrl - ok
20:39:42.0869 6040 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:39:42.0882 6040 elxstor - ok
20:39:42.0986 6040 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:39:42.0988 6040 ErrDev - ok
20:39:43.0107 6040 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:39:43.0112 6040 exfat - ok
20:39:43.0198 6040 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:39:43.0202 6040 fastfat - ok
20:39:43.0303 6040 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:39:43.0305 6040 fdc - ok
20:39:43.0433 6040 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:39:43.0435 6040 FileInfo - ok
20:39:43.0516 6040 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:39:43.0518 6040 Filetrace - ok
20:39:43.0594 6040 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:39:43.0595 6040 flpydisk - ok
20:39:43.0707 6040 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:39:43.0713 6040 FltMgr - ok
20:39:43.0804 6040 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:39:43.0806 6040 FsDepends - ok
20:39:43.0906 6040 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:39:43.0907 6040 Fs_Rec - ok
20:39:44.0011 6040 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:39:44.0014 6040 fvevol - ok
20:39:44.0122 6040 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:39:44.0124 6040 gagp30kx - ok
20:39:44.0227 6040 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:39:44.0228 6040 hcw85cir - ok
20:39:44.0350 6040 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:39:44.0359 6040 HdAudAddService - ok
20:39:44.0465 6040 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:39:44.0468 6040 HDAudBus - ok
20:39:44.0548 6040 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:39:44.0549 6040 HidBatt - ok
20:39:44.0630 6040 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:39:44.0632 6040 HidBth - ok
20:39:44.0730 6040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:39:44.0732 6040 HidIr - ok
20:39:44.0910 6040 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:39:44.0911 6040 HidUsb - ok
20:39:45.0023 6040 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:39:45.0025 6040 HpSAMD - ok
20:39:45.0150 6040 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:39:45.0169 6040 HTTP - ok
20:39:45.0270 6040 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:39:45.0271 6040 hwpolicy - ok
20:39:45.0357 6040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:39:45.0359 6040 i8042prt - ok
20:39:45.0478 6040 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
20:39:45.0486 6040 iaStor - ok
20:39:45.0621 6040 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:39:45.0630 6040 iaStorV - ok
20:39:45.0749 6040 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.031\IDSvia64.sys
20:39:45.0757 6040 IDSVia64 - ok
20:39:46.0132 6040 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:39:46.0367 6040 igfx - ok
20:39:46.0510 6040 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:39:46.0512 6040 iirsp - ok
20:39:46.0701 6040 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
20:39:46.0728 6040 IntcAzAudAddService - ok
20:39:46.0846 6040 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:39:46.0853 6040 IntcDAud - ok
20:39:46.0921 6040 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:39:46.0922 6040 intelide - ok
20:39:47.0015 6040 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:39:47.0017 6040 intelppm - ok
20:39:47.0157 6040 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:47.0159 6040 IpFilterDriver - ok
20:39:47.0258 6040 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:39:47.0260 6040 IPMIDRV - ok
20:39:47.0361 6040 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:39:47.0365 6040 IPNAT - ok
20:39:47.0461 6040 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:39:47.0463 6040 IRENUM - ok
20:39:47.0539 6040 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:39:47.0540 6040 isapnp - ok
20:39:47.0639 6040 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:39:47.0646 6040 iScsiPrt - ok
20:39:47.0764 6040 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:39:47.0771 6040 k57nd60a - ok
20:39:47.0873 6040 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:39:47.0875 6040 kbdclass - ok
20:39:47.0974 6040 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:39:47.0978 6040 kbdhid - ok
20:39:48.0065 6040 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:39:48.0068 6040 KSecDD - ok
20:39:48.0162 6040 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:39:48.0166 6040 KSecPkg - ok
20:39:48.0298 6040 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:39:48.0300 6040 ksthunk - ok
20:39:48.0458 6040 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:39:48.0460 6040 lltdio - ok
20:39:48.0606 6040 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:39:48.0608 6040 LSI_FC - ok
20:39:48.0718 6040 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:39:48.0722 6040 LSI_SAS - ok
20:39:48.0819 6040 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:39:48.0821 6040 LSI_SAS2 - ok
20:39:48.0922 6040 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:39:48.0925 6040 LSI_SCSI - ok
20:39:49.0021 6040 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:39:49.0024 6040 luafv - ok
20:39:49.0174 6040 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
20:39:49.0179 6040 mcdbus - ok
20:39:49.0290 6040 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:39:49.0292 6040 megasas - ok
20:39:49.0378 6040 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:39:49.0383 6040 MegaSR - ok
20:39:49.0495 6040 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:39:49.0496 6040 MEIx64 - ok
20:39:49.0609 6040 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:39:49.0610 6040 Modem - ok
20:39:49.0706 6040 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:39:49.0707 6040 monitor - ok
20:39:49.0800 6040 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:39:49.0801 6040 mouclass - ok
20:39:49.0913 6040 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:39:49.0915 6040 mouhid - ok
20:39:50.0001 6040 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:39:50.0003 6040 mountmgr - ok
20:39:50.0095 6040 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:39:50.0099 6040 mpio - ok
20:39:50.0192 6040 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:39:50.0194 6040 mpsdrv - ok
20:39:50.0296 6040 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:39:50.0299 6040 MRxDAV - ok
20:39:50.0390 6040 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:50.0393 6040 mrxsmb - ok
20:39:50.0484 6040 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:50.0490 6040 mrxsmb10 - ok
20:39:50.0574 6040 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:50.0576 6040 mrxsmb20 - ok
20:39:50.0660 6040 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:39:50.0661 6040 msahci - ok
20:39:50.0741 6040 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:39:50.0744 6040 msdsm - ok
20:39:50.0889 6040 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:39:50.0891 6040 Msfs - ok
20:39:51.0000 6040 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:39:51.0003 6040 mshidkmdf - ok
20:39:51.0111 6040 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:39:51.0112 6040 msisadrv - ok
20:39:51.0237 6040 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:51.0238 6040 MSKSSRV - ok
20:39:51.0345 6040 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:51.0346 6040 MSPCLOCK - ok
20:39:51.0437 6040 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:39:51.0438 6040 MSPQM - ok
20:39:51.0522 6040 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:39:51.0529 6040 MsRPC - ok
20:39:51.0619 6040 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:39:51.0620 6040 mssmbios - ok
20:39:51.0734 6040 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:39:51.0735 6040 MSTEE - ok
20:39:51.0823 6040 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:39:51.0824 6040 MTConfig - ok
20:39:51.0913 6040 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:39:51.0914 6040 Mup - ok
20:39:52.0029 6040 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:52.0033 6040 NativeWifiP - ok
20:39:52.0121 6040 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\ENG64.SYS
20:39:52.0124 6040 NAVENG - ok
20:39:52.0185 6040 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\EX64.SYS
20:39:52.0210 6040 NAVEX15 - ok
20:39:52.0334 6040 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
20:39:52.0345 6040 NDIS - ok
20:39:52.0443 6040 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:39:52.0445 6040 NdisCap - ok
20:39:52.0587 6040 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:52.0588 6040 NdisTapi - ok
20:39:52.0698 6040 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:52.0699 6040 Ndisuio - ok
20:39:52.0788 6040 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:52.0791 6040 NdisWan - ok
20:39:52.0886 6040 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:39:52.0888 6040 NDProxy - ok
20:39:52.0986 6040 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:39:52.0989 6040 NetBIOS - ok
20:39:53.0087 6040 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:39:53.0092 6040 NetBT - ok
20:39:53.0264 6040 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:39:53.0266 6040 nfrd960 - ok
20:39:53.0394 6040 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:39:53.0396 6040 Npfs - ok
20:39:53.0512 6040 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:39:53.0513 6040 nsiproxy - ok
20:39:53.0671 6040 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:39:53.0695 6040 Ntfs - ok
20:39:53.0805 6040 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
20:39:53.0805 6040 NTIDrvr - ok
20:39:53.0884 6040 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:39:53.0884 6040 Null - ok
20:39:53.0995 6040 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:39:53.0996 6040 nusb3hub - ok
20:39:54.0088 6040 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:39:54.0089 6040 nusb3xhc - ok
20:39:54.0465 6040 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:39:54.0526 6040 nvlddmkm - ok
20:39:54.0613 6040 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
20:39:54.0614 6040 nvpciflt - ok
20:39:54.0741 6040 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:39:54.0744 6040 nvraid - ok
20:39:54.0846 6040 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:39:54.0849 6040 nvstor - ok
20:39:54.0952 6040 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:39:54.0954 6040 nv_agp - ok
20:39:55.0046 6040 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:39:55.0048 6040 ohci1394 - ok
20:39:55.0163 6040 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:39:55.0165 6040 Parport - ok
20:39:55.0259 6040 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:39:55.0261 6040 partmgr - ok
20:39:55.0360 6040 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:39:55.0364 6040 pci - ok
20:39:55.0454 6040 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:39:55.0455 6040 pciide - ok
20:39:55.0551 6040 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:39:55.0554 6040 pcmcia - ok
20:39:55.0646 6040 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:39:55.0648 6040 pcw - ok
20:39:55.0748 6040 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:39:55.0762 6040 PEAUTH - ok
20:39:55.0883 6040 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:55.0885 6040 PptpMiniport - ok
20:39:55.0974 6040 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:39:55.0975 6040 Processor - ok
20:39:56.0092 6040 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:39:56.0095 6040 Psched - ok
20:39:56.0172 6040 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:39:56.0173 6040 PxHlpa64 - ok
20:39:56.0300 6040 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:39:56.0326 6040 ql2300 - ok
20:39:56.0406 6040 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:39:56.0407 6040 ql40xx - ok
20:39:56.0486 6040 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:39:56.0488 6040 QWAVEdrv - ok
20:39:56.0575 6040 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:56.0576 6040 RasAcd - ok
20:39:56.0752 6040 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:39:56.0754 6040 RasAgileVpn - ok
20:39:56.0876 6040 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:56.0879 6040 Rasl2tp - ok
20:39:56.0975 6040 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:56.0977 6040 RasPppoe - ok
20:39:57.0093 6040 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:57.0096 6040 RasSstp - ok
20:39:57.0203 6040 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:57.0208 6040 rdbss - ok
20:39:57.0289 6040 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:39:57.0290 6040 rdpbus - ok
20:39:57.0384 6040 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:57.0385 6040 RDPCDD - ok
20:39:57.0501 6040 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:39:57.0503 6040 RDPENCDD - ok
20:39:57.0610 6040 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:39:57.0611 6040 RDPREFMP - ok
20:39:57.0717 6040 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:39:57.0718 6040 RDPWD - ok
20:39:57.0815 6040 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:39:57.0819 6040 rdyboost - ok
20:39:57.0963 6040 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:39:57.0966 6040 rspndr - ok
20:39:58.0057 6040 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:39:58.0060 6040 sbp2port - ok
20:39:58.0150 6040 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:39:58.0151 6040 scfilter - ok
20:39:58.0251 6040 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
20:39:58.0253 6040 sdbus - ok
20:39:58.0382 6040 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:39:58.0383 6040 secdrv - ok
20:39:58.0507 6040 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:39:58.0508 6040 Serenum - ok
20:39:58.0609 6040 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:39:58.0612 6040 Serial - ok
20:39:58.0709 6040 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:39:58.0711 6040 sermouse - ok
20:39:58.0809 6040 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:39:58.0810 6040 sffdisk - ok
20:39:58.0898 6040 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:39:58.0900 6040 sffp_mmc - ok
20:39:58.0988 6040 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:39:58.0989 6040 sffp_sd - ok
20:39:59.0077 6040 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:39:59.0078 6040 sfloppy - ok
20:39:59.0239 6040 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:39:59.0251 6040 Sftfs - ok
20:39:59.0368 6040 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:39:59.0373 6040 Sftplay - ok
20:39:59.0489 6040 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:39:59.0490 6040 Sftredir - ok
20:39:59.0588 6040 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:39:59.0590 6040 Sftvol - ok
20:39:59.0724 6040 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:39:59.0726 6040 SiSRaid2 - ok
20:39:59.0815 6040 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:39:59.0817 6040 SiSRaid4 - ok
20:39:59.0928 6040 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:39:59.0930 6040 Smb - ok
20:40:00.0043 6040 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:40:00.0045 6040 spldr - ok
20:40:00.0232 6040 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS
20:40:00.0267 6040 SRTSP - ok
20:40:00.0399 6040 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS
20:40:00.0401 6040 SRTSPX - ok
20:40:00.0494 6040 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:40:00.0498 6040 srv - ok
20:40:00.0591 6040 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:40:00.0599 6040 srv2 - ok
20:40:00.0693 6040 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:40:00.0697 6040 srvnet - ok
20:40:00.0813 6040 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:40:00.0815 6040 stexstor - ok
20:40:00.0927 6040 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:40:00.0928 6040 swenum - ok
20:40:01.0079 6040 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS
20:40:01.0089 6040 SymDS - ok
20:40:01.0250 6040 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS
20:40:01.0286 6040 SymEFA - ok
20:40:01.0418 6040 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:40:01.0421 6040 SymEvent - ok
20:40:01.0544 6040 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS
20:40:01.0547 6040 SymIRON - ok
20:40:01.0683 6040 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS
20:40:01.0691 6040 SymNetS - ok
20:40:01.0816 6040 SynTP (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
20:40:01.0827 6040 SynTP - ok
20:40:01.0956 6040 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:40:01.0979 6040 Tcpip - ok
20:40:02.0125 6040 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:40:02.0153 6040 TCPIP6 - ok
20:40:02.0241 6040 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:40:02.0242 6040 tcpipreg - ok
20:40:02.0325 6040 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:40:02.0327 6040 TDPIPE - ok
20:40:02.0419 6040 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:40:02.0420 6040 TDTCP - ok
20:40:02.0525 6040 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:40:02.0528 6040 tdx - ok
20:40:02.0635 6040 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:40:02.0637 6040 TermDD - ok
20:40:02.0769 6040 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:02.0771 6040 tssecsrv - ok
20:40:02.0875 6040 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:40:02.0879 6040 TsUsbFlt - ok
20:40:02.0964 6040 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:40:02.0966 6040 TsUsbGD - ok
20:40:03.0078 6040 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:40:03.0080 6040 tunnel - ok
20:40:03.0196 6040 TurboB (48743b69ea47c020a792d8649f753f44) C:\Windows\system32\DRIVERS\TurboB.sys
20:40:03.0197 6040 TurboB - ok
20:40:03.0314 6040 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:40:03.0315 6040 uagp35 - ok
20:40:03.0395 6040 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
20:40:03.0396 6040 UBHelper - ok
20:40:03.0490 6040 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:40:03.0495 6040 udfs - ok
20:40:03.0599 6040 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:40:03.0600 6040 uliagpkx - ok
20:40:03.0723 6040 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:40:03.0725 6040 umbus - ok
20:40:03.0822 6040 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:40:03.0823 6040 UmPass - ok
20:40:03.0986 6040 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:03.0989 6040 usbccgp - ok
20:40:04.0095 6040 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:40:04.0096 6040 usbcir - ok
20:40:04.0225 6040 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:40:04.0226 6040 usbehci - ok
20:40:04.0371 6040 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:40:04.0374 6040 usbhub - ok
20:40:04.0464 6040 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:40:04.0465 6040 usbohci - ok
20:40:04.0579 6040 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:40:04.0580 6040 usbprint - ok
20:40:04.0688 6040 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:40:04.0689 6040 usbscan - ok
20:40:04.0789 6040 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:04.0791 6040 USBSTOR - ok
20:40:04.0901 6040 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:40:04.0903 6040 usbuhci - ok
20:40:05.0008 6040 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:40:05.0011 6040 usbvideo - ok
20:40:05.0149 6040 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:40:05.0151 6040 vdrvroot - ok
20:40:05.0255 6040 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:05.0256 6040 vga - ok
20:40:05.0363 6040 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:40:05.0364 6040 VgaSave - ok
20:40:05.0516 6040 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:40:05.0520 6040 vhdmp - ok
20:40:05.0615 6040 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:40:05.0616 6040 viaide - ok
20:40:05.0712 6040 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:40:05.0717 6040 volmgr - ok
20:40:05.0817 6040 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:40:05.0824 6040 volmgrx - ok
20:40:05.0921 6040 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:40:05.0929 6040 volsnap - ok
20:40:06.0037 6040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:40:06.0038 6040 vsmraid - ok
20:40:06.0150 6040 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:40:06.0150 6040 vwifibus - ok
20:40:06.0235 6040 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:40:06.0235 6040 vwififlt - ok
20:40:06.0347 6040 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:40:06.0348 6040 vwifimp - ok
20:40:06.0448 6040 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:40:06.0450 6040 WacomPen - ok
20:40:06.0565 6040 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:06.0567 6040 WANARP - ok
20:40:06.0586 6040 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:06.0587 6040 Wanarpv6 - ok
20:40:06.0740 6040 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:40:06.0741 6040 Wd - ok
20:40:06.0845 6040 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:40:06.0859 6040 Wdf01000 - ok
20:40:06.0991 6040 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:40:06.0992 6040 WfpLwf - ok
20:40:07.0104 6040 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:40:07.0105 6040 WIMMount - ok
20:40:07.0255 6040 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:40:07.0256 6040 WinUsb - ok
20:40:07.0371 6040 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:40:07.0372 6040 WmiAcpi - ok
20:40:07.0482 6040 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:40:07.0483 6040 ws2ifsl - ok
20:40:07.0585 6040 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:40:07.0588 6040 WudfPf - ok
20:40:07.0695 6040 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:07.0696 6040 WUDFRd - ok
20:40:07.0729 6040 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:40:07.0800 6040 \Device\Harddisk0\DR0 - ok
20:40:07.0812 6040 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
20:40:07.0819 6040 \Device\Harddisk1\DR1 - ok
20:40:07.0825 6040 Boot (0x1200) (76b3961f7619be8b14acb33671ead341) \Device\Harddisk0\DR0\Partition0
20:40:07.0826 6040 \Device\Harddisk0\DR0\Partition0 - ok
20:40:07.0835 6040 Boot (0x1200) (13193037e0b3e57a5352626bc16f5a95) \Device\Harddisk0\DR0\Partition1
20:40:07.0837 6040 \Device\Harddisk0\DR0\Partition1 - ok
20:40:07.0842 6040 Boot (0x1200) (e1b3811b7e9c513d561ef88da8788be7) \Device\Harddisk1\DR1\Partition0
20:40:07.0843 6040 \Device\Harddisk1\DR1\Partition0 - ok
20:40:07.0846 6040 ============================================================
20:40:07.0846 6040 Scan finished
20:40:07.0846 6040 ============================================================
20:40:07.0855 4992 Detected object count: 0
20:40:07.0855 4992 Actual detected object count: 0
20:45:56.0111 2764 Deinitialize success
|
|
19.03.2012, 21:02
| #25 |
| | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :(Code:
ATTFilter OTL logfile created on: 19.03.2012 20:56:19 - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Lea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,86 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 76,80% Memory free
15,71 Gb Paging File | 13,80 Gb Available in Paging File | 87,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911,40 Gb Total Space | 775,45 Gb Free Space | 85,08% Space Free | Partition Type: NTFS
Drive D: | 6,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 7,45 Gb Total Space | 7,41 Gb Free Space | 99,38% Space Free | Partition Type: FAT32
Computer Name: LEA-PC | User Name: Lea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Lea\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c6b914d595e5b00ae540004a71c6c3a2\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
========== Win32 Services (SafeList) ==========
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation)
SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TurboBoost) Intel(R) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\ironx64.sys (Symantec Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.031\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.28 11:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_6_3 [2012.03.19 20:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.24 14:46:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.09 20:11:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.07 21:12:12 | 000,000,000 | ---D | M]
[2011.07.18 20:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea\AppData\Roaming\mozilla\Extensions
[2012.01.05 15:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea\AppData\Roaming\mozilla\Firefox\Profiles\fhvw2doa.default\extensions
[2012.02.09 20:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.18 20:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.07.18 20:55:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\LEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHVW2DOA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.09 20:11:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.20 14:21:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.09 20:11:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.09 20:11:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.09 20:11:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.20 14:27:30 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.09 20:11:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.09 20:11:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.09 20:11:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Ferret Gaming Mouse] C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65023810-DEDD-4065-A70E-1FE60B3C479D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.10 14:42:24 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.12.14 11:00:22 | 000,008,192 | ---- | M] (Microsoft) - F:\AutoOff.exe -- [ FAT32 ]
O32 - AutoRun File - [2010.12.14 10:33:52 | 000,000,078 | ---- | M] () - F:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{278630c5-b3ab-11e0-a849-b870f4861692}\Shell - "" = AutoRun
O33 - MountPoints2\{278630c5-b3ab-11e0-a849-b870f4861692}\Shell\AutoRun\command - "" = E:\install.exe -- [2011.06.10 22:14:22 | 000,378,880 | R--- | M] (Install.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.03.20 03:37:58 | 000,000,000 | ---D | C] -- C:\FRST
[2012.03.19 20:55:26 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL(1).exe
[2012.03.19 20:55:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{71BEB546-4130-4833-998F-0B7E5954DD1D}
[2012.03.19 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DCA09650-3C3A-4D0A-9B58-A84315387240}
[2012.03.19 20:38:46 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lea\Desktop\tdsskiller(1).exe
[2012.03.19 20:29:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lea\Desktop\aswMBR.exe
[2012.03.19 20:20:29 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Lea\Desktop\unhide.exe
[2012.03.19 18:42:43 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{06C0432F-F5F3-41C1-882E-F3466DAE00A8}
[2012.03.19 18:42:32 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AF6B6B93-E97E-45DD-8DFE-9DFDB5789F09}
[2012.03.19 18:32:24 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{477F7260-A106-4DC8-AC0B-7B209AE748B8}
[2012.03.19 18:32:12 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AABD9BEB-A1B0-4166-8866-DDF7AEB53343}
[2012.03.19 18:23:27 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4E88DAEB-55ED-4EE0-B0D4-907D64C80F59}
[2012.03.19 18:23:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{832F1311-F1BA-48E1-B30F-3CCD060007B1}
[2012.03.19 18:17:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5542C9FF-F611-4C63-8A38-3B6AB1A91BCD}
[2012.03.19 18:17:29 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2080EC75-976D-48B7-8B96-55A31B7EECA8}
[2012.03.19 18:08:29 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{78040E98-4C41-4368-8E55-758E50B3C00C}
[2012.03.19 18:08:17 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7848C0F4-BB40-46D8-B293-10A872AB2C9B}
[2012.03.19 17:50:42 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C7FD4375-AE6B-46E5-81E2-6039AA01B75F}
[2012.03.19 17:50:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{10D27E3F-ECE2-4BC0-9024-507DCB6C0875}
[2012.03.19 17:30:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6B56C7D1-30C9-4469-9C71-2B8C49DAF423}
[2012.03.19 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{A58AFB06-95A6-4E7F-A1FA-96D780B1FAEC}
[2012.03.19 17:23:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1859682A-51EE-46BD-AAB1-1653780D5652}
[2012.03.19 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7CDD7ED7-526E-4EF7-8C3D-9014089F383B}
[2012.03.19 16:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{330C3EF7-76FC-45A0-9C13-11439BF3174C}
[2012.03.19 16:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{816FAAE6-039B-466A-9FA5-1CD7411DB7B6}
[2012.03.19 14:34:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{014DD10C-0D9E-4371-936C-76401B9CAA1C}
[2012.03.19 14:33:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{17FE1AB5-210B-4D76-8C4C-7A076964B097}
[2012.03.19 14:24:12 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{86460572-8B3A-497B-B4C3-7F567E982276}
[2012.03.19 14:23:35 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E248EBED-739D-4875-A137-116A90876F75}
[2012.03.19 12:23:49 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{53AD8566-1AA5-4663-8908-8C472E817064}
[2012.03.19 12:23:35 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4F57E392-959E-4750-9A03-A9FE359A5E41}
[2012.03.19 02:41:20 | 000,000,000 | ---D | C] -- C:\Neuer Ordner (2)
[2012.03.19 02:41:19 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2012.03.19 02:10:43 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4EA300B2-9406-44D4-A7EF-0070F9C7C4CB}
[2012.03.19 02:10:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8FB78F87-749C-4F93-BAA5-B644E5741492}
[2012.03.19 02:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 02:01:59 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.19 02:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.19 01:52:02 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Roaming\Avira
[2012.03.19 01:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.19 01:49:38 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.03.19 01:49:38 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.03.19 01:49:38 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.03.19 01:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.19 01:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.03.19 01:32:46 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Roaming\Malwarebytes
[2012.03.19 01:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.19 01:25:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{BE4BC338-C026-4BB2-A05F-47DB016B7B93}
[2012.03.19 01:25:19 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8C6BB0A7-DEFC-44A1-828F-11CF99CFF65E}
[2012.03.19 01:19:38 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.18 22:33:06 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E1A2BED8-48BD-4744-88E2-A011CFE42E62}
[2012.03.18 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{21D99CC1-B24C-4CCD-B1F9-803CE776D123}
[2012.03.18 13:48:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F6E115A6-AA23-4E6A-8F4D-557A67532FCC}
[2012.03.18 13:48:13 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AE4F4D14-C097-4753-9F1B-EE98A64A499B}
[2012.03.17 19:33:01 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5BD111F5-4E3D-4AFD-8B17-44C7DF452298}
[2012.03.17 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{99EFBF6B-E7E2-497A-AE30-45E480921F69}
[2012.03.17 12:23:55 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9D414FD8-3E75-4514-901B-6C631BEBBFEF}
[2012.03.17 12:23:42 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E1EAE61E-8BDD-4FBE-A720-9FD892658E15}
[2012.03.16 21:20:34 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E987027C-55B3-4CC6-9AAF-EE1C0B9CBEA5}
[2012.03.16 21:20:18 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{643F111E-FDFB-4799-A5DD-9D12861A05E6}
[2012.03.16 21:07:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7C2847D6-016A-4024-8782-6735EAD6CDCC}
[2012.03.16 21:05:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E4B89732-6817-4EE1-A90C-3D99A8E02F93}
[2012.03.16 21:04:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F32DF5FC-2E23-4102-8D6D-2C0EF2375C11}
[2012.03.16 21:04:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E76C9EF2-8006-4082-8594-A2AE4750C999}
[2012.03.16 20:48:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0A39B67B-CD08-4D14-9A12-8A724AACC5A0}
[2012.03.16 20:47:49 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9FB13EF5-3030-4686-8BA2-2004E4A93D4B}
[2012.03.16 20:30:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{23620E95-063D-45C9-8451-D5211B8F9BC1}
[2012.03.16 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{427CC69C-44A9-4A5F-9140-B7C01BF0AAE0}
[2012.03.16 18:43:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CEF26974-0EFE-4493-ADD4-65FF927019A9}
[2012.03.16 18:43:20 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{551BAB31-8968-4E72-93C8-FF3468B725B5}
[2012.03.16 17:57:17 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9236C72E-6E97-4CFA-B717-DD7186F76362}
[2012.03.16 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F19F7252-9324-4586-93E6-077A48E1B73D}
[2012.03.16 00:46:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7F308FD9-6C8C-45B6-B6EE-F4A430781BA2}
[2012.03.16 00:46:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{15CD0FB4-240E-4141-AFD3-2D0C7DC6212B}
[2012.03.15 20:07:39 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{825C0FB3-C91E-4F61-A27B-2B615CD3E620}
[2012.03.15 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0B24B31C-C9FC-467F-B883-12E96A8EF29A}
[2012.03.15 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{FD916566-FD75-4DCD-AE63-65557A3511D2}
[2012.03.15 16:23:01 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2633AAE3-6C7E-435E-AD4D-67B2DD66C840}
[2012.03.15 15:44:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AFAC969B-9E4F-466D-8A0C-5C5D6DBD1F48}
[2012.03.15 15:44:43 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4B83E4F9-73AD-48F5-8700-9C1EB609A53F}
[2012.03.15 15:12:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F61E9C19-5E35-4DB9-8CD8-46A02659FB4D}
[2012.03.15 15:12:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8BEA7919-B677-4DD9-81F4-100DD80106FF}
[2012.03.14 19:59:32 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1D04FEE3-9660-4C4D-AB43-7FA74A4C8C7E}
[2012.03.14 19:59:19 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8E886416-CFC9-4B39-9188-86BF247715BC}
[2012.03.14 15:18:54 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0C3967A5-DA5F-42E2-92B7-A36EE7D0F7E3}
[2012.03.14 15:18:43 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{32758D63-5F82-40A1-8A99-0F1BF9B34B2B}
[2012.03.14 14:48:24 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 14:48:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 14:48:23 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 14:07:09 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CF099611-8B9E-4D67-8C22-785E74051C8D}
[2012.03.14 14:02:46 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4717C2C8-1EB0-46FB-AFD8-B68784F49783}
[2012.03.13 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{265034A7-5661-49CC-9A39-6131186BA0FF}
[2012.03.13 22:30:55 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{170E0A4F-6481-44D0-8C37-A0B310B30BD8}
[2012.03.13 18:07:25 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.13 18:07:25 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.13 18:07:17 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.13 18:07:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.13 18:07:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.13 18:01:17 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{843FA585-DD5F-4BCD-A8DB-8A379F653665}
[2012.03.13 18:01:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{FAFD9960-AE44-4A15-95F9-8B8779080667}
[2012.03.13 13:51:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{24AD76DF-7266-4306-8DB1-F0B8CEF19D18}
[2012.03.13 13:51:35 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{40A48BDB-5954-42A3-977D-3AC2FC3D5907}
[2012.03.12 22:10:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{30266B32-4CA8-41F1-BF04-AB2CFAC8A3D4}
[2012.03.12 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{504B5AF5-D926-4963-A2CA-849CE8E3361A}
[2012.03.12 22:06:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{75A05EAE-2589-48E3-A5CD-7C8349A5E15B}
[2012.03.12 22:06:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CC4153B2-7DC9-48CF-86F6-86D4F3EE2A7D}
[2012.03.12 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AB73D5B5-2A8B-4C72-BC9E-76D3BBCC7017}
[2012.03.12 20:13:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6EAD1187-33A8-40C6-8784-452F8C69B915}
[2012.03.12 16:05:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0A005CA2-0A5E-46F8-B238-B449E8ED1548}
[2012.03.12 16:05:15 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{ADC702E6-D0C1-4BE2-8B64-FA6F1317CB0B}
[2012.03.12 13:24:36 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5A5EDCAE-A7B5-44C6-BA26-5D47CF0ECD33}
[2012.03.12 13:24:22 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{BEE9F3B5-30FF-4851-9ABD-116A3748821F}
[2012.03.12 00:03:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{843800FF-698E-45C6-A3F9-4040E10CDC98}
[2012.03.12 00:03:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{A3F7034D-07EC-4845-804C-F5ABCC9F5680}
[2012.03.11 23:47:47 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{12B98AA6-6671-4DA5-9F2B-08FE13A8AA18}
[2012.03.11 22:57:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3C889727-7724-4570-9EA6-559D1A4DF569}
[2012.03.11 22:57:32 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{B0E62CC2-DB3C-4750-84B1-A6D45A8BD009}
[2012.03.11 20:48:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F8169643-08C6-4952-B028-114E5F8F7FB7}
[2012.03.11 20:48:10 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6B13DBC0-83B6-4ECA-934A-D482026E55FF}
[2012.03.10 19:22:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.03.10 19:22:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.03.10 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7608E7E7-8E26-4903-B57D-FCF122703206}
[2012.03.10 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CB97B69C-6016-41D2-8BC3-9116A0B6F787}
[2012.03.10 15:11:42 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{93DBFF92-FF7C-4609-B705-3D7D40CEF327}
[2012.03.10 15:11:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CFC16E4C-DA89-43AE-8BB8-4A1E9D4A4155}
[2012.03.09 22:50:59 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{39FC71BD-DF40-4E44-A57D-C52ADC245970}
[2012.03.09 22:50:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{FAA07C67-0905-4465-A505-597C1219792A}
[2012.03.09 22:11:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{996AB37C-6EC7-44CB-B3E5-32FAF309820A}
[2012.03.09 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8BF9EB1E-00A9-4E43-A689-6F59EBE1E53F}
[2012.03.08 19:03:36 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{51C28BAF-36E2-4CBE-B38C-10C104187175}
[2012.03.08 19:03:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E8A3364D-8F8B-4EDF-8FF0-9C7D7AF1724A}
[2012.03.08 14:11:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C9A46BD9-4DAE-4491-86A8-47849D07365C}
[2012.03.08 14:10:52 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F99C6E12-A8E2-40F1-B9AB-91C487D75C5D}
[2012.03.08 01:52:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{658FE045-B28A-4468-82C0-6A11DBC6A46B}
[2012.03.08 01:52:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{80293F6C-C9F9-444C-9B6A-A3DBFA0FFDC3}
[2012.03.07 20:58:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C04747E4-3F9E-47A1-867F-5530BC4BFC3B}
[2012.03.07 20:58:44 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9E7435C1-CC80-498E-97EA-138E6F6BECC5}
[2012.03.07 15:13:37 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8C0B67A6-8387-429C-9A75-8670546523EE}
[2012.03.07 15:13:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F633A35D-0FEF-44D2-B836-514FD04788D4}
[2012.03.07 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1BE3C620-0E43-48D7-BC9C-FD1237395CDD}
[2012.03.07 12:42:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{65531FE1-5D6A-4A68-96EC-B1892087B8AE}
[2012.03.06 23:17:30 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F8002216-DAB8-485B-ADAA-12084154A807}
[2012.03.06 23:17:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7DCFF7CC-08EA-4B2B-998F-02EA368F6AEA}
[2012.03.06 21:27:29 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F99A0A53-68F7-44AF-A723-C3C7BA2F3839}
[2012.03.06 21:27:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1F4D2DDC-C045-4E23-B593-2EFCD678F383}
[2012.03.06 17:58:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{FB40629C-67A1-4672-9114-1C01B3BF6FD7}
[2012.03.06 17:58:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{B15AD594-7C5D-473F-AAEC-4B8A5A0AFB41}
[2012.03.06 16:10:37 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{53E868E2-04A1-4FFE-8496-F90C74C6D4E3}
[2012.03.06 16:10:24 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5C3C5AA1-17B2-400C-A2BB-8520385D5E0E}
[2012.03.06 14:26:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{54F06A61-4024-4B76-8A1C-EAD5AFB6A5E5}
[2012.03.06 14:25:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{139871A6-0FD7-4B5C-8F8D-570042554C50}
[2012.03.05 23:55:22 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6712AC3B-78E7-4AF1-8B1A-C4E7CAF2D7C5}
[2012.03.05 23:55:08 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4D85FD5F-020A-4739-9FDC-88F097FF62A2}
[2012.03.05 18:29:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6EE6EC6F-98F3-421E-99A3-D67751F6078B}
[2012.03.05 18:29:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{56A6EB2E-5C74-4348-BD7F-2F16B385B115}
[2012.03.04 23:39:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2216CE00-34DC-4AD7-A555-53F2FB80B383}
[2012.03.04 23:39:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{09F38D8E-3C08-492D-86AA-D84BDFD704C4}
[2012.03.04 17:19:33 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F5157283-D0DB-456D-A64B-E77C1761AE5A}
[2012.03.04 17:19:20 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{21212B48-5891-4BA9-A4EE-67A74B045BE3}
[2012.03.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{74FA76E8-D859-4133-90C3-A99BACFB88A3}
[2012.03.03 19:08:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C4EB48EE-292B-4ADB-B9BA-CA78E94FFAFD}
[2012.03.03 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{77F33E26-4381-4876-8C8A-4C099C5ECA0A}
[2012.03.03 16:17:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AFD21380-5D38-49CC-96F9-B39E696F2A57}
[2012.03.03 14:09:10 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4F48DBA0-DBB0-423F-BE59-7A3C754CA99F}
[2012.03.03 14:08:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{17D40953-4808-4266-895A-630028F820A5}
[2012.03.02 17:17:38 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{EE4AB413-7DED-4F6D-8BAF-89BD47C533BC}
[2012.03.02 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6E867DD8-B570-4A0C-8D7D-741C0E60A940}
[2012.03.02 16:50:10 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{EE05E3A6-11CC-4529-9892-5B3873AFAFC1}
[2012.03.02 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3F6BDFBC-48BD-42D7-9AC5-F0178268BD2D}
[2012.03.02 15:02:20 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9EBF598E-7AB2-496B-83D7-F2BB39252273}
[2012.03.02 15:02:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DFD8BA30-314A-4577-8DA7-3917907C883F}
[2012.03.02 13:06:39 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{13C89C40-9DB6-4648-A45B-0E85D0BA6835}
[2012.03.02 13:06:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{66F907BA-F7CD-4EED-B207-FB184800342C}
[2012.03.02 00:02:25 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0E34A7C5-2272-4853-81F6-8D6A1ED76421}
[2012.03.02 00:02:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{81EB8D46-92EB-4C5D-BD8E-5699ACC3B469}
[2012.03.01 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{268BF1C8-A857-445E-9D70-77D84EB20A2A}
[2012.03.01 20:14:44 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E09CAC75-283B-414D-8C33-81C056E2A82F}
[2012.03.01 19:58:53 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{364A9C61-D6D1-4040-BD2C-2F1229235780}
[2012.03.01 19:58:39 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{94023D83-0C89-4E52-9093-9FC220DDF0FF}
[2012.03.01 15:35:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3C1CF477-CB9A-48B8-BF7F-0C68CF6C16A2}
[2012.03.01 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5B162CBA-1837-4DCF-B1EE-F33B2027D0DA}
[2012.03.01 13:29:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2E90B5A3-F3A2-4063-B80F-3E1B740B3D58}
[2012.03.01 13:29:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{071CD7FF-9C6D-4030-BF87-E550F5F453C3}
[2012.02.29 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5B6A15D2-6A38-4B41-8052-5094E6830905}
[2012.02.29 17:18:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{40BF68D9-5BCA-40F2-A7E3-6C3D3651EF96}
[2012.02.29 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{EE523F07-541A-40D5-9BD3-193A46BE9071}
[2012.02.29 17:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5CB3953B-B1F2-49DB-852D-A832831363D1}
[2012.02.29 15:22:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{BE4E4F2C-DAB2-4642-A700-6F44F75470A5}
[2012.02.29 15:22:44 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8BF2E8B1-621C-4099-B2F6-3CBED4A4AB18}
[2012.02.29 13:08:12 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8FD23658-82A4-48BA-9E60-8E2566AB5666}
[2012.02.29 13:08:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{850E8323-0A9E-4221-B23C-40AA5EA312AE}
[2012.02.28 21:26:09 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3CEF0A26-56BF-4B13-9137-A2335FEDB32E}
[2012.02.28 21:25:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AB59F6B6-62A6-49B8-83BC-50B541BFC4EC}
[2012.02.28 15:30:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{D8350C1E-9EA8-437D-9E87-F2544C905CCD}
[2012.02.28 15:30:09 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5BFB4C24-D7BB-4E80-9F7C-32B7828D1432}
[2012.02.28 14:36:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E9348CD0-EF09-4C12-956F-54B07F8C8F9F}
[2012.02.28 14:35:53 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{B1A4B181-6927-42C9-B40B-05EF772F1A43}
[2012.02.27 22:57:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7873B8EA-47DF-4786-AFC1-20821C78D341}
[2012.02.27 22:57:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{D66A5760-36EE-43D3-96AC-CDE0CA0561BB}
[2012.02.27 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4174466A-F8D9-4D8D-AFE6-996D3F8DA493}
[2012.02.27 20:14:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DAA48DD8-370E-4D93-B391-03E638C7B17D}
[2012.02.27 15:43:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2F4495BF-5D5C-4BB2-B6AA-FBCAC6503F60}
[2012.02.27 15:43:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{94F827B3-CA16-4D57-BEFD-4EC252571A14}
[2012.02.27 13:29:27 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{A663D04B-8F40-450E-9652-9E814C14F67D}
[2012.02.27 13:29:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{77C91A1B-BF19-44A8-8E1E-D4D76BA8731D}
[2012.02.26 16:59:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{801A500A-6BDB-460D-8FD5-8C3D3A2FF0AF}
[2012.02.26 16:58:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{41F95E9B-CEC8-49E8-B34D-F251E4F11732}
[2012.02.25 23:13:54 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4815F7DD-D308-45EB-84BF-C58E5FCBF26D}
[2012.02.25 23:13:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{D6F5BBD1-922B-4C84-8AAE-2FDC86124774}
[2012.02.25 17:10:17 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{B5E0545B-E679-496E-9B8C-2EDD557FB8B7}
[2012.02.25 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4A6F5646-9BE7-46B6-A5CD-A6265CCBF8D7}
[2012.02.25 14:09:36 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{169FAE4D-DE8C-4785-9F9D-0085FD526652}
[2012.02.25 14:09:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{98FFBBCB-1602-4002-AFC3-ADD144407699}
[2012.02.24 16:03:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3ACCA056-6F82-4034-9F47-2BF915C87743}
[2012.02.24 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7205E594-6563-47B3-8928-23C4A254382F}
[2012.02.24 14:56:33 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E93766CB-1D59-488F-A9FC-22E10B8588AF}
[2012.02.24 14:45:35 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{490BCE40-833A-4668-8D3A-33F5232A21F3}
[2012.02.24 14:45:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{75AEF534-9024-4196-8E47-EB96C2B81D48}
[2012.02.24 00:16:44 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8081B0D9-C6BE-42BE-A1D3-D9A9AE8A507D}
[2012.02.24 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{78C2E430-A41E-421F-961B-49DDE8AA2324}
[2012.02.23 13:05:34 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{94EDE067-96D7-4D3D-944B-A4354C5A42DD}
[2012.02.23 13:05:22 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0DBE7988-3777-4F2C-A320-869D981B542C}
[2012.02.23 00:45:54 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1C0D3B05-8AFC-4D5E-9DF6-A52A1D423FAC}
[2012.02.23 00:45:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9AB7030A-6FEB-4DA6-9F59-208F24C577F0}
[2012.02.22 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{85B1CDCE-6E01-403D-97A7-FDE4FFC33725}
[2012.02.22 20:13:02 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{741DA8EA-BA7B-45E6-8F02-0396FCEFE2CF}
[2012.02.22 17:43:30 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{77B01DDE-EF07-4FD5-9BAE-96441216F195}
[2012.02.22 17:43:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{226D7D9C-C7C3-41EE-9867-922B8ABCFCBE}
[2012.02.22 16:46:01 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F1E9FDBC-940D-47B1-98E9-7A5BF7E96D63}
[2012.02.22 16:45:47 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6EA230C0-0AEA-41B0-9403-71A2321F1268}
[2012.02.21 21:42:52 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C15366B7-54A8-4401-9CCB-160633B3A6E8}
[2012.02.21 21:42:38 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{09A5852D-64A5-43E9-A250-C20EE88C41A0}
[2012.02.21 20:14:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E40D1795-9548-4342-81E0-0E09F752C45B}
[2012.02.21 20:14:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8F603694-3185-40E2-A7B2-B19BACDBA2F5}
[2012.02.21 20:10:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{45A8B452-1029-4FE9-B628-E0988D9CC126}
[2012.02.21 20:09:49 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4B71E742-F4B9-4FB9-8C4A-699737231F3E}
[2012.02.21 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{655F2CB1-1B89-481D-9716-D6FB63D627C2}
[2012.02.21 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7B963675-1F34-4067-A7F7-3C08366CA57B}
[2012.02.21 13:47:38 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9F2837C0-24F8-4ADA-9AA5-43B8C4E747CD}
[2012.02.21 13:47:25 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{745B1C02-775A-418E-854D-03B5B86F3C66}
[2012.02.20 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5136A57A-DBDA-4248-B682-11275CFD58BC}
[2012.02.20 16:42:03 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{106BDB83-E526-42EF-ABD0-E8C6AF7B0ED9}
[2012.02.20 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0A2A9689-B835-46CB-B27A-ECED0E6549C8}
[2012.02.20 13:58:36 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E781CE25-A03D-4A9D-A09A-61F7972D4102}
[2012.02.20 02:47:52 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{735ABC2F-0E4F-4E7D-86ED-32F61C44CD70}
[2012.02.20 02:47:39 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{57549B07-F7AD-4A7B-89AC-559BA9BBFC18}
[2012.02.19 23:04:20 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{A036C1D2-728F-486F-91F3-A2A0383AA085}
[2012.02.19 23:04:09 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{301F0442-C208-49EC-8E54-3F35A6CCE3FB}
[2012.02.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DE74C7BF-4A09-4CFD-9F3D-4786CCA2D2C6}
[2012.02.19 15:31:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DF46B3DD-8235-4A59-B893-1A4A42431FEB}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.19 21:00:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Packard Bell Registration - Reminder Recall task.job
[2012.03.19 20:55:32 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL(1).exe
[2012.03.19 20:53:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 20:53:40 | 692,997,991 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.19 20:53:39 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.19 20:39:08 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lea\Desktop\tdsskiller(1).exe
[2012.03.19 20:36:38 | 000,000,512 | ---- | M] () -- C:\Users\Lea\Desktop\MBR.dat
[2012.03.19 20:30:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lea\Desktop\aswMBR.exe
[2012.03.19 20:20:38 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Lea\Desktop\unhide.exe
[2012.03.19 18:50:09 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 18:50:09 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 18:00:49 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.19 17:37:22 | 001,556,122 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.19 17:37:22 | 000,679,194 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.19 17:37:22 | 000,629,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.19 17:37:22 | 000,140,116 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.19 17:37:22 | 000,114,848 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.19 14:26:26 | 001,385,843 | ---- | M] () -- C:\Users\Lea\Desktop\FRST64.exe
[2012.03.19 12:24:03 | 000,013,854 | ---- | M] () -- C:\Users\Lea\Desktop\firefox.exe - Verknüpfung.lnk
[2012.03.19 02:02:01 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.19 01:49:45 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.19 01:21:21 | 000,000,456 | ---- | M] () -- C:\ProgramData\mv6gbLFrjRSkXy
[2012.03.19 01:19:39 | 000,000,665 | ---- | M] () -- C:\Users\Lea\Desktop\System Check.lnk
[2012.03.19 01:19:39 | 000,000,264 | ---- | M] () -- C:\ProgramData\~mv6gbLFrjRSkXy
[2012.03.19 01:19:39 | 000,000,176 | ---- | M] () -- C:\ProgramData\~mv6gbLFrjRSkXyr
[2012.03.19 01:05:54 | 000,021,239 | ---- | M] () -- C:\Users\Lea\Desktop\hkjh.jpg
[2012.03.18 18:54:19 | 000,023,013 | ---- | M] () -- C:\Users\Lea\Documents\Hausarbeit.odt
[2012.03.17 20:45:10 | 000,013,223 | ---- | M] () -- C:\Users\Lea\Documents\kuchen.odt
[2012.03.14 15:17:55 | 000,315,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.02 17:52:04 | 000,000,031 | ---- | M] () -- C:\Windows\progress
[2012.02.22 17:10:22 | 001,023,346 | ---- | M] () -- C:\Users\Lea\Documents\bafög3.pdf
[2012.02.22 17:03:46 | 001,117,471 | ---- | M] () -- C:\Users\Lea\Documents\bafög2.pdf
[2012.02.22 17:02:07 | 001,321,898 | ---- | M] () -- C:\Users\Lea\Documents\bafög.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.19 20:36:38 | 000,000,512 | ---- | C] () -- C:\Users\Lea\Desktop\MBR.dat
[2012.03.19 20:25:18 | 000,001,300 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.03.19 20:25:18 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.03.19 20:25:18 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.19 20:25:18 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.03.19 20:25:17 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.03.19 20:25:17 | 000,002,498 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.03.19 20:25:17 | 000,002,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome Center.lnk
[2012.03.19 20:25:17 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.19 20:25:17 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.03.19 20:25:17 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.03.19 20:25:17 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.03.19 20:25:17 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.03.19 20:25:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.19 20:25:17 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.03.19 20:25:17 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.03.19 20:25:17 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.03.19 20:25:17 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.19 20:25:17 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Deus EX Human Revolution.lnk
[2012.03.19 20:25:15 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.03.19 20:25:14 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.03.19 20:25:13 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.19 20:25:12 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012.03.19 20:25:12 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.03.19 20:25:12 | 000,001,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.03.19 20:25:12 | 000,001,940 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.03.19 20:25:12 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.19 20:25:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.19 20:25:09 | 000,002,279 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 9.lnk
[2012.03.19 20:25:09 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contact a friend for assistance.lnk
[2012.03.19 20:25:09 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk
[2012.03.19 20:25:09 | 000,001,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.03.19 20:25:09 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.03.19 18:00:49 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.19 14:26:08 | 001,385,843 | ---- | C] () -- C:\Users\Lea\Desktop\FRST64.exe
[2012.03.19 12:24:03 | 000,013,854 | ---- | C] () -- C:\Users\Lea\Desktop\firefox.exe - Verknüpfung.lnk
[2012.03.19 02:02:01 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.19 01:49:45 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.19 01:19:39 | 000,000,665 | ---- | C] () -- C:\Users\Lea\Desktop\System Check.lnk
[2012.03.19 01:19:39 | 000,000,264 | ---- | C] () -- C:\ProgramData\~mv6gbLFrjRSkXy
[2012.03.19 01:19:39 | 000,000,176 | ---- | C] () -- C:\ProgramData\~mv6gbLFrjRSkXyr
[2012.03.19 01:19:35 | 000,000,456 | ---- | C] () -- C:\ProgramData\mv6gbLFrjRSkXy
[2012.03.19 01:05:53 | 000,021,239 | ---- | C] () -- C:\Users\Lea\Desktop\hkjh.jpg
[2012.03.17 20:45:08 | 000,013,223 | ---- | C] () -- C:\Users\Lea\Documents\kuchen.odt
[2012.03.14 18:05:06 | 000,023,013 | ---- | C] () -- C:\Users\Lea\Documents\Hausarbeit.odt
[2012.03.02 17:51:53 | 000,000,031 | ---- | C] () -- C:\Windows\progress
[2012.02.22 17:10:22 | 001,023,346 | ---- | C] () -- C:\Users\Lea\Documents\bafög3.pdf
[2012.02.22 17:03:46 | 001,117,471 | ---- | C] () -- C:\Users\Lea\Documents\bafög2.pdf
[2012.02.22 17:02:07 | 001,321,898 | ---- | C] () -- C:\Users\Lea\Documents\bafög.pdf
[2011.08.10 18:27:15 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.08.05 12:33:23 | 001,583,740 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.18 20:55:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.15 10:15:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.15 10:14:58 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.04.15 10:14:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
< End of report >
|
|
19.03.2012, 21:03
| #26 |
| | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( soo müsste das letzte sein: Code:
ATTFilter OTL Extras logfile created on: 19.03.2012 20:56:19 - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Lea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,86 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 76,80% Memory free
15,71 Gb Paging File | 13,80 Gb Available in Paging File | 87,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911,40 Gb Total Space | 775,45 Gb Free Space | 85,08% Space Free | Partition Type: NTFS
Drive D: | 6,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 7,45 Gb Total Space | 7,41 Gb Free Space | 99,38% Space Free | Partition Type: FAT32
Computer Name: LEA-PC | User Name: Lea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7A61142C-CA19-4F3C-BA66-FF8F131501FA}" = Paint.NET v3.5.9
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC57D4-594D-4F30-8D81-27FDB2243644}_is1" = Deus EX Human Revolution Version v1.1
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA2C0D53-CA57-42D9-9B27-C93EFCCA001A}_is1" = GSM version 1.3
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Braid_is1" = Braid (Version 1.015)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX-Setup
"Ferret Gaming Mouse" = Ferret Gaming Mouse driver
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PremElem90" = Adobe Premiere Elements 9
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 1.0.0
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-82ba40dc-d1d0-48f5-9eb7-86bcd1acb5ca" = Torchlight
"WTA-d7c857c7-4481-4739-ae9d-b7bc70ceb5b6" = Plants vs. Zombies - Game of the Year
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.02.2012 08:05:05 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2012 19:16:20 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2012 09:45:11 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2012 11:02:43 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2012 20:13:05 | Computer Name = Lea-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 25.02.2012 09:09:10 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2012 12:09:51 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2012 18:13:28 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2012 11:58:28 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2012 12:46:03 | Computer Name = Lea-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 19.03.2012 13:16:59 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
Error - 19.03.2012 13:22:30 | Computer Name = Lea-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?03.?2012 um 18:19:22 unerwartet heruntergefahren.
Error - 19.03.2012 13:24:31 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
Error - 19.03.2012 13:31:48 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
Error - 19.03.2012 13:31:55 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
Error - 19.03.2012 13:34:29 | Computer Name = Lea-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243
Error - 19.03.2012 13:43:44 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
Error - 19.03.2012 15:53:43 | Computer Name = Lea-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?03.?2012 um 20:52:36 unerwartet heruntergefahren.
Error - 19.03.2012 15:53:49 | Computer Name = Lea-PC | Source = BugCheck | ID = 1001
Description =
Error - 19.03.2012 15:54:10 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
|
|
20.03.2012, 22:12
| #27 | |
| /// Malwareteam | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
21.03.2012, 13:46
| #28 |
| | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( hat alles gut geklappt hoffentlich hab ich alles richtig gemacht, hier das file:Code:
ATTFilter ComboFix 12-03-20.02 - Lea 21.03.2012 13:25:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.5975 [GMT 1:00]
ausgeführt von:: c:\users\Lea\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~mv6gbLFrjRSkXy
c:\programdata\~mv6gbLFrjRSkXyr
c:\programdata\mv6gbLFrjRSkXy
c:\users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Lea\Desktop\System Check.lnk
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-21 bis 2012-03-21 ))))))))))))))))))))))))))))))
.
.
2012-03-21 12:31 . 2012-03-21 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 20:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A12083-95BC-4536-8849-67A413ABC2DD}\mpengine.dll
2012-03-20 02:37 . 2012-03-20 02:40 -------- d-----w- C:\FRST
2012-03-19 19:25 . 2011-11-10 23:23 19123536 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\TESV.exe
2012-03-19 19:25 . 2011-11-10 14:06 1880400 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\SkyrimLauncher.exe
2012-03-19 19:25 . 2011-11-10 23:23 214016 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\binkw32.dll
2012-03-19 19:25 . 2011-11-10 23:23 165304 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\atimgpud.dll
2012-03-19 01:41 . 2012-03-19 01:41 -------- d-----w- C:\Neuer Ordner (2)
2012-03-19 01:41 . 2012-03-19 01:41 -------- d-----w- C:\Neuer Ordner
2012-03-19 01:01 . 2012-03-19 01:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-19 01:01 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 00:52 . 2012-03-19 00:52 -------- d-----w- c:\users\Lea\AppData\Roaming\Avira
2012-03-19 00:49 . 2012-01-31 07:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-19 00:49 . 2012-01-31 07:56 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-19 00:49 . 2011-09-16 15:08 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-19 00:49 . 2012-03-19 00:49 -------- d-----w- c:\programdata\Avira
2012-03-19 00:49 . 2012-03-19 00:49 -------- d-----w- c:\program files (x86)\Avira
2012-03-19 00:32 . 2012-03-19 00:32 -------- d-----w- c:\users\Lea\AppData\Roaming\Malwarebytes
2012-03-19 00:32 . 2012-03-19 00:32 -------- d-----w- c:\programdata\Malwarebytes
2012-03-14 13:48 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:48 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:48 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:07 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:07 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:07 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:07 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:07 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:07 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:07 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:07 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:07 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:07 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-10 18:22 . 2012-03-10 18:22 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-10 18:22 . 2012-03-10 18:22 -------- d-----w- c:\windows\system32\Wat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-16 18:10 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 18:10 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 18:10 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 18:10 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 18:10 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-26 16:17 . 2011-07-18 21:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-08-20 639864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2011-02-15 295744]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Ferret Gaming Mouse"="c:\program files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe" [2010-06-14 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-7-21 576000]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-09-09 1152632]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.031\IDSvia64.sys [2011-08-22 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-02-22 873064]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2011-02-15 257344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-21 c:\windows\Tasks\Packard Bell Registration - Reminder Recall task.job
- c:\program files (x86)\Packard Bell\Registration\GREG.exe [2011-01-25 02:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-02-22 1796200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\fhvw2doa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{BA2C0D53-CA57-42D9-9B27-C93EFCCA001A}_is1 - c:\???????? ????? ? ?? 1.0004 ??????\gamedata\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-21 13:37:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-21 12:37
.
Vor Suchlauf: 16 Verzeichnis(se), 837.132.247.040 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 842.526.838.784 Bytes frei
.
- - End Of File - - 6D87008755540B2B8D86CDE0C40A6C4A
|
|
21.03.2012, 23:44
| #29 |
| /// Malwareteam | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( Schritt 1: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter REGISTRY::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"=-
[-HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
FOLDER::
c:\program files (x86)\uTorrentBar_DE
c:\program files (x86)\ConduitEngine
DDS::
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
FIREFOX::
FF - ProfilePath - c:\users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\fhvw2doa.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
Wichtig:
Schritt 2: MBAM vollständig Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
22.03.2012, 00:06
| #30 |
| | Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( wow danke das ist echt klasse, wie viel hilfe man hier bekommt werd ich morgen früh direkt in angriff nehmen...antiviren software temporär abstellen..reicht es da den echtzeitscanner zu deaktivieren oder wie stellt man alles so sicher ab, dass es nicht mehr behindert? will lieber kein risiko eingehen und frag nochmal |
|
| Themen zu Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( |
| angezeigt, bild, computer, dasselbe, dateien, desktop, eingefangen, entfernung, forum, hardware, icons, infizierte, kleiner, malwarebytes, neustart, nicht mehr, noob, papierkorb, problem, programm, schei, verkauf, virus, windows |
Linear-Darstellung
