Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.10.2012, 19:39   #1
austriasy
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Hallo liebe Wissenden ,

ich brauche dringend eure Hilfe. Vor ein paar Wochen habe ich mich tagelang mit der Entfernung des Bundestrojaners und der Entsperrung meines Laptops beschäftigt. Geschafft habe ich es dann durch eine Systemrückstellung. Da die Sicherung schon älter war, sind dabei nicht alle Einstellungen wiederhergestellt worden.

Nun ist wieder alles so, wie es sein sollte und ich wollte heute eine neue Sicherung machen. Sicherheitshalber habe ich vorher den Systemcheck von AntiVirus durchlaufen lassen. Schon wieder oder immer noch wurde eine verdächtige Datei gefunden und in Quarantäne gestellt . Wie kann ich mein System wieder bereinigen? Den Report von AntiVirus und Anti-Malware sowie die OTL-Dateien hänge ich an.

Ich zähle auf eure ausführliche Hilfe für eine Unwissende und bedanke mich bereits jetzt für euren Einsatz gegen diese Plagegeister!

Liebe Grüße
austriasy

Alt 30.10.2012, 11:00   #2
M-K-D-B
/// TB-Ausbilder
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Commands
[emptytemp]
         
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von TDSSKiller.
__________________


Alt 30.10.2012, 17:18   #3
austriasy
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Hallo Matthias,

vielen Dank für deine schnelle Reaktion. Ich bin Laie und es fällt mir schwer, die Fachausdrücke zu verstehen. Ich hoffe, ich konnte alles richtig umsetzen. Also dann legen wir mal los:

Hier die OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/30/2012 4:30:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5.98 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.24% Memory free
11.96 Gb Paging File | 9.93 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.00 Gb Total Space | 159.91 Gb Free Space | 73.02% Space Free | Partition Type: NTFS
Drive D: | 223.31 Gb Total Space | 153.49 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-336442205-827502387-1674173946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-336442205-827502387-1674173946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-336442205-827502387-1674173946-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-336442205-827502387-1674173946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 16:40:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 16:40:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/09/03 17:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions
[2012/10/23 17:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\6szolcmr.default\extensions
[2012/10/28 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/28 16:40:06 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/08/25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/08/25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-336442205-827502387-1674173946-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E1B12FE-C76C-431C-A82E-2E692976B46C}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E420E3BF-C2A1-4233-BA32-746E24431A49}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/30 15:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/10/30 15:33:00 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2012/10/30 15:33:00 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012/10/30 15:33:00 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012/10/30 15:33:00 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012/10/30 15:32:58 | 000,179,200 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09a.dll
[2012/10/30 15:32:58 | 000,050,176 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09a.dll
[2012/10/30 15:32:56 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2012/10/30 15:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2012/10/30 15:17:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/10/30 15:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 9.0
[2012/10/30 15:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2012/10/30 15:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/10/30 15:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2012/10/30 15:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012/10/28 20:05:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Allgemein
[2012/10/28 20:05:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Robert
[2012/10/28 18:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/10/28 18:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/10/28 18:15:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/10/28 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/28 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2012/10/28 16:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/28 16:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/28 16:25:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/28 16:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/11 19:46:31 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/11 19:46:26 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/11 19:46:26 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/11 19:46:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/11 19:46:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/11 19:46:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/11 19:46:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/11 19:46:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/11 19:46:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/11 19:46:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/11 19:46:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/11 19:46:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/11 19:46:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/11 19:46:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/11 19:46:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/11 19:46:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/11 19:46:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/11 19:46:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/11 19:46:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/11 19:46:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/11 19:46:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/11 19:46:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/11 19:46:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/11 19:46:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/11 19:46:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/11 19:46:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/11 19:46:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/11 19:46:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/11 19:46:11 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/11 19:46:11 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/11 19:45:51 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/11 19:45:50 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/30 16:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/30 15:44:06 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 15:44:06 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 15:41:26 | 003,156,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/30 15:41:26 | 000,697,778 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/10/30 15:41:26 | 000,692,456 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/10/30 15:41:26 | 000,658,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/30 15:41:26 | 000,619,356 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/30 15:41:26 | 000,131,202 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/30 15:41:26 | 000,131,170 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/10/30 15:41:26 | 000,128,174 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/10/30 15:41:26 | 000,107,418 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/30 15:35:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/30 15:35:21 | 2126,036,991 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/30 15:33:33 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd7025.dat
[2012/10/30 15:33:31 | 000,000,416 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/10/30 15:33:31 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7025.DAT
[2012/10/28 18:40:57 | 000,000,976 | ---- | M] () -- C:\Users\Robert\Desktop\7-Zip File Manager.lnk
[2012/10/28 18:15:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/10/28 18:12:37 | 000,000,000 | ---- | M] () -- C:\Users\Robert\defogger_reenable
[2012/10/28 16:25:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/14 18:07:37 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/14 18:07:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/30 15:33:31 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/10/30 15:33:31 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7025.DAT
[2012/10/30 15:27:15 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd7025.dat
[2012/10/30 15:17:33 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/10/28 18:40:57 | 000,000,976 | ---- | C] () -- C:\Users\Robert\Desktop\7-Zip File Manager.lnk
[2012/10/28 18:12:37 | 000,000,000 | ---- | C] () -- C:\Users\Robert\defogger_reenable
[2012/10/28 16:25:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/11/04 20:16:14 | 003,147,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/18 06:52:51 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/18 06:36:45 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/03/18 01:56:15 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2011/03/18 00:22:43 | 000,001,898 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011/03/18 00:10:01 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/11/04 22:54:25 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SoftGrid Client
[2011/11/04 20:16:48 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Hier die Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10/30/2012 4:30:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5.98 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.24% Memory free
11.96 Gb Paging File | 9.93 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.00 Gb Total Space | 159.91 Gb Free Space | 73.02% Space Free | Partition Type: NTFS
Drive D: | 223.31 Gb Total Space | 153.49 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-336442205-827502387-1674173946-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10743EF0-270E-4FD0-B749-E6CD4B077516}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1BB5757E-4B32-4504-B8CC-39E63ADEB2FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{22432CC3-3A55-4605-AB16-BDFDBEE98E52}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2653C259-D78A-40A9-9796-E95A1CDBAC5A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2B190EE9-3A77-4065-810D-E842E0473BEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2DF88C5D-342A-4E7A-82E2-8C560B589F79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34748D99-66CA-4F74-A5E6-2AC873F6CF2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{38BE9128-C3CF-4DC7-9123-6B6ECF76D7FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3D6BA8C9-C768-4433-8451-F32902C6A652}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{41762D66-671F-42FF-960A-A8DBBF4928CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B8BA519-4165-4A78-8DF0-634DC0DDF85A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5140347A-4563-45E2-8BE8-60A590FAE2D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A4D74DA-2B2F-450C-A56B-19765C17EA96}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F150181-06F5-4B80-8B28-372B356AEFBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{671A6F92-DD82-4502-8722-381113A6D3CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{803C327C-42AA-4E41-BA51-2B6257B054D7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8B8014CD-61DA-488A-BCD1-9F3D1AF96B5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C8E152D-5BFE-40D3-95E1-53F88FD721AA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{ADEAAC50-6486-411F-926F-D037B058D22D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B4FB202D-E910-403C-9C9E-C6EF96C7538C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B6774D6D-5A48-4733-8BFF-C3642F2E9078}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D606900E-9ABF-4906-BC1C-E5B4C2E6B1E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D839D6CA-1320-483E-962E-E1541AC087C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4A81C96-E996-4B34-A8CE-8E076D1F5982}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E5D54588-D7FC-4B65-84D7-84CD07A47255}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{EA6CCB00-C84F-46C7-8C0D-AFA7E56CA9EB}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F46CB7-07EB-4E52-AA75-0EEABA4D3EB7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{093988CA-DDE9-4AAD-90A4-6708C75F5E5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A2EA47C-6A63-418D-860F-636E3811BE80}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0EB15C0E-F4C3-4103-B296-45C1F3FB3D5F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1069484D-850A-43AE-8724-44C63BC6A54F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{1D6F9FE6-BE5E-4D71-8C50-83FF64BECBBF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{1E055BBB-E852-4AFF-A191-3B49F3B2B867}" = protocol=6 | dir=out | app=system | 
"{3153BD51-1F10-48B7-87F0-F1C621280B87}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{31D3E3C6-761A-465E-911A-1D80D96FFE9F}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{3AE35AD4-C98F-4714-B572-E294F974D9DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3B811799-07E3-428A-8664-E5BD0A505A16}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4176CD70-D09C-4C5A-93BC-8173CB7AEF17}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{428BCFE9-1B3D-4A08-85A1-D6A305652941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{42D89EC4-4429-40C0-B855-C9D4C1BB4C89}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{490052F0-701D-444F-9801-08AF90F379A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B209EEE-D07D-4BB3-BABB-A82B9C485DF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5007E510-13EF-449C-A29E-D3D27193A624}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{51A20AE0-3FE6-4B48-8187-B8430100023A}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | 
"{535B084B-6890-4BD6-9E29-939389BC997F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53FEF514-E3CD-4534-A747-3901606FA675}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58B47397-983E-47BB-9DA6-C6B988C215E7}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{72841715-57E5-456E-8A60-9D2742AAC8C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C53B7FE-C290-4574-A436-D9DFAEB880E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{916689D5-1706-4C8C-ABD8-2096FD7A6E52}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9C964C05-4D9A-4D12-A815-7BBCDA50CEEB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A36B95A2-19E0-4D17-9304-BB02722AA04F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE9A8EF8-AAF0-4244-B992-AFFB6332701B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C98CA127-B43E-4397-BF6E-62A3F0A4253A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{D40125EB-9B4E-4690-965A-889627566322}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D4A990A1-2807-44EB-A578-3E4E974C45EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E18339BA-DA0A-4DD6-9CE0-07DF2171F7AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E535E99F-0228-4E7E-B84C-4B71E76434CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E6B9CC2E-B1AE-43C7-B08D-FFD600EDF3F0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{EA7DD75F-A4FA-42EA-8D06-BB502DB14B79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.04
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}" = WordCaptureX Pro
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}" = PhoneShare
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite DCP-7025
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}" = SISShortcut
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Game Console - WildGames" = WildTangent ORB Game Console
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-336442205-827502387-1674173946-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/3/2012 12:32:12 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:32:12 PM | Computer Name = Robert-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:32:19 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:32:32 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:34:50 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:34:52 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:34:55 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:35:18 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:36:08 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:36:09 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 9/11/2012 1:53:02 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-Service Pack Installer | ID = 6
Description = The Service Pack cannot be installed when the computer is running 
on battery power.
 
Error - 9/11/2012 2:12:40 PM | Computer Name = ***-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 9/11/2012 2:22:53 PM | Computer Name = ***-Laptop | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 9/11/2012 2:22:53 PM | Computer Name = ***-Laptop | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 9/11/2012 2:22:53 PM | Computer Name = ***-Laptop | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 9/11/2012 2:22:53 PM | Computer Name = ***-Laptop | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 9/15/2012 6:06:57 AM | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Client Virtualization Handler" wurde nicht richtig gestartet.
 
Error - 10/11/2012 2:30:26 PM | Computer Name = ***-Laptop | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 10/13/2012 1:24:10 PM | Computer Name = ***-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 10/21/2012 6:41:08 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.139.124.0)
 
 
< End of report >
         
--- --- ---
Ich verstehe nicht, was ich jetzt tun soll. Ich soll wahrscheinlich den untenstehenden Text kopieren und irgendwo anders einfügen. Wo finde ich die "Benutzerdefinierte Scans/Fixes" Textbox? Ich stoppe und warte auf deine Antwort.

Bis dahin liebe Grüße
austriasy
__________________

Alt 30.10.2012, 17:23   #4
austriasy
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Hallo Matthias,

vielen Dank für deine schnelle Reaktion. Ich bin Laie und es fällt mir schwer, die Fachausdrücke zu verstehen. Ich hoffe, ich konnte alles richtig umsetzen. Also dann legen wir mal los:

Hier die OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/30/2012 4:30:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5.98 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.24% Memory free
11.96 Gb Paging File | 9.93 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.00 Gb Total Space | 159.91 Gb Free Space | 73.02% Space Free | Partition Type: NTFS
Drive D: | 223.31 Gb Total Space | 153.49 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-336442205-827502387-1674173946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-336442205-827502387-1674173946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-336442205-827502387-1674173946-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-336442205-827502387-1674173946-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 16:40:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 16:40:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/09/03 17:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions
[2012/10/23 17:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\6szolcmr.default\extensions
[2012/10/28 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/28 16:40:06 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/08/25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/08/25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-336442205-827502387-1674173946-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E1B12FE-C76C-431C-A82E-2E692976B46C}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E420E3BF-C2A1-4233-BA32-746E24431A49}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/30 15:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/10/30 15:33:00 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2012/10/30 15:33:00 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012/10/30 15:33:00 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012/10/30 15:33:00 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012/10/30 15:32:58 | 000,179,200 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09a.dll
[2012/10/30 15:32:58 | 000,050,176 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09a.dll
[2012/10/30 15:32:56 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2012/10/30 15:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2012/10/30 15:17:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/10/30 15:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 9.0
[2012/10/30 15:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2012/10/30 15:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/10/30 15:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2012/10/30 15:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012/10/28 20:05:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Allgemein
[2012/10/28 20:05:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Robert
[2012/10/28 18:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/10/28 18:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/10/28 18:15:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/10/28 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/28 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2012/10/28 16:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/28 16:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/28 16:25:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/28 16:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/11 19:46:31 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/11 19:46:26 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/11 19:46:26 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/11 19:46:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/11 19:46:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/11 19:46:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/11 19:46:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/11 19:46:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/11 19:46:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/11 19:46:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/11 19:46:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/11 19:46:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/11 19:46:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/11 19:46:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/11 19:46:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/11 19:46:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/11 19:46:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/11 19:46:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/11 19:46:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/11 19:46:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/11 19:46:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/11 19:46:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/11 19:46:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/11 19:46:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/11 19:46:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/11 19:46:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/11 19:46:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/11 19:46:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/11 19:46:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/11 19:46:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/11 19:46:11 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/11 19:46:11 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/11 19:45:51 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/11 19:45:50 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/30 16:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/30 15:44:06 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 15:44:06 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 15:41:26 | 003,156,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/30 15:41:26 | 000,697,778 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/10/30 15:41:26 | 000,692,456 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/10/30 15:41:26 | 000,658,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/30 15:41:26 | 000,619,356 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/30 15:41:26 | 000,131,202 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/30 15:41:26 | 000,131,170 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/10/30 15:41:26 | 000,128,174 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/10/30 15:41:26 | 000,107,418 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/30 15:35:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/30 15:35:21 | 2126,036,991 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/30 15:33:33 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd7025.dat
[2012/10/30 15:33:31 | 000,000,416 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/10/30 15:33:31 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7025.DAT
[2012/10/28 18:40:57 | 000,000,976 | ---- | M] () -- C:\Users\Robert\Desktop\7-Zip File Manager.lnk
[2012/10/28 18:15:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/10/28 18:12:37 | 000,000,000 | ---- | M] () -- C:\Users\Robert\defogger_reenable
[2012/10/28 16:25:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/14 18:07:37 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/14 18:07:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/30 15:33:31 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/10/30 15:33:31 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7025.DAT
[2012/10/30 15:27:15 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd7025.dat
[2012/10/30 15:17:33 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/10/28 18:40:57 | 000,000,976 | ---- | C] () -- C:\Users\Robert\Desktop\7-Zip File Manager.lnk
[2012/10/28 18:12:37 | 000,000,000 | ---- | C] () -- C:\Users\Robert\defogger_reenable
[2012/10/28 16:25:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/11/04 20:16:14 | 003,147,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/18 06:52:51 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/18 06:36:45 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/03/18 01:56:15 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2011/03/18 00:22:43 | 000,001,898 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011/03/18 00:10:01 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/11/04 22:54:25 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SoftGrid Client
[2011/11/04 20:16:48 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Hier die Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10/30/2012 4:30:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5.98 Gb Total Physical Memory | 4.14 Gb Available Physical Memory | 69.24% Memory free
11.96 Gb Paging File | 9.93 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.00 Gb Total Space | 159.91 Gb Free Space | 73.02% Space Free | Partition Type: NTFS
Drive D: | 223.31 Gb Total Space | 153.49 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-336442205-827502387-1674173946-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10743EF0-270E-4FD0-B749-E6CD4B077516}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1BB5757E-4B32-4504-B8CC-39E63ADEB2FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{22432CC3-3A55-4605-AB16-BDFDBEE98E52}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2653C259-D78A-40A9-9796-E95A1CDBAC5A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2B190EE9-3A77-4065-810D-E842E0473BEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2DF88C5D-342A-4E7A-82E2-8C560B589F79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34748D99-66CA-4F74-A5E6-2AC873F6CF2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{38BE9128-C3CF-4DC7-9123-6B6ECF76D7FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3D6BA8C9-C768-4433-8451-F32902C6A652}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{41762D66-671F-42FF-960A-A8DBBF4928CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B8BA519-4165-4A78-8DF0-634DC0DDF85A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5140347A-4563-45E2-8BE8-60A590FAE2D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A4D74DA-2B2F-450C-A56B-19765C17EA96}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F150181-06F5-4B80-8B28-372B356AEFBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{671A6F92-DD82-4502-8722-381113A6D3CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{803C327C-42AA-4E41-BA51-2B6257B054D7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8B8014CD-61DA-488A-BCD1-9F3D1AF96B5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C8E152D-5BFE-40D3-95E1-53F88FD721AA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{ADEAAC50-6486-411F-926F-D037B058D22D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B4FB202D-E910-403C-9C9E-C6EF96C7538C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B6774D6D-5A48-4733-8BFF-C3642F2E9078}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D606900E-9ABF-4906-BC1C-E5B4C2E6B1E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D839D6CA-1320-483E-962E-E1541AC087C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4A81C96-E996-4B34-A8CE-8E076D1F5982}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E5D54588-D7FC-4B65-84D7-84CD07A47255}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{EA6CCB00-C84F-46C7-8C0D-AFA7E56CA9EB}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F46CB7-07EB-4E52-AA75-0EEABA4D3EB7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{093988CA-DDE9-4AAD-90A4-6708C75F5E5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A2EA47C-6A63-418D-860F-636E3811BE80}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0EB15C0E-F4C3-4103-B296-45C1F3FB3D5F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1069484D-850A-43AE-8724-44C63BC6A54F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{1D6F9FE6-BE5E-4D71-8C50-83FF64BECBBF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{1E055BBB-E852-4AFF-A191-3B49F3B2B867}" = protocol=6 | dir=out | app=system | 
"{3153BD51-1F10-48B7-87F0-F1C621280B87}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{31D3E3C6-761A-465E-911A-1D80D96FFE9F}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{3AE35AD4-C98F-4714-B572-E294F974D9DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3B811799-07E3-428A-8664-E5BD0A505A16}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4176CD70-D09C-4C5A-93BC-8173CB7AEF17}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{428BCFE9-1B3D-4A08-85A1-D6A305652941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{42D89EC4-4429-40C0-B855-C9D4C1BB4C89}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{490052F0-701D-444F-9801-08AF90F379A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B209EEE-D07D-4BB3-BABB-A82B9C485DF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5007E510-13EF-449C-A29E-D3D27193A624}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{51A20AE0-3FE6-4B48-8187-B8430100023A}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | 
"{535B084B-6890-4BD6-9E29-939389BC997F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53FEF514-E3CD-4534-A747-3901606FA675}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58B47397-983E-47BB-9DA6-C6B988C215E7}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{72841715-57E5-456E-8A60-9D2742AAC8C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C53B7FE-C290-4574-A436-D9DFAEB880E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{916689D5-1706-4C8C-ABD8-2096FD7A6E52}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9C964C05-4D9A-4D12-A815-7BBCDA50CEEB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A36B95A2-19E0-4D17-9304-BB02722AA04F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE9A8EF8-AAF0-4244-B992-AFFB6332701B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C98CA127-B43E-4397-BF6E-62A3F0A4253A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{D40125EB-9B4E-4690-965A-889627566322}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D4A990A1-2807-44EB-A578-3E4E974C45EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E18339BA-DA0A-4DD6-9CE0-07DF2171F7AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E535E99F-0228-4E7E-B84C-4B71E76434CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E6B9CC2E-B1AE-43C7-B08D-FFD600EDF3F0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{EA7DD75F-A4FA-42EA-8D06-BB502DB14B79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.04
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}" = WordCaptureX Pro
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}" = PhoneShare
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite DCP-7025
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}" = SISShortcut
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Game Console - WildGames" = WildTangent ORB Game Console
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-336442205-827502387-1674173946-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/3/2012 12:32:12 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:32:12 PM | Computer Name = Robert-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:32:19 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:32:32 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:34:50 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:34:52 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:34:55 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:35:18 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:36:08 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 9/3/2012 12:36:09 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 9/11/2012 1:53:02 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-Service Pack Installer | ID = 6
Description = The Service Pack cannot be installed when the computer is running 
on battery power.
 
Error - 9/11/2012 2:12:40 PM | Computer Name = ***-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 9/11/2012 2:22:53 PM | Computer Name = ***-Laptop | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 9/11/2012 2:22:53 PM | Computer Name = ***-Laptop | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 9/11/2012 2:22:53 PM | Computer Name = ***-Laptop | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 9/11/2012 2:22:53 PM | Computer Name = ***-Laptop | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 9/15/2012 6:06:57 AM | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Client Virtualization Handler" wurde nicht richtig gestartet.
 
Error - 10/11/2012 2:30:26 PM | Computer Name = ***-Laptop | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 10/13/2012 1:24:10 PM | Computer Name = ***-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 10/21/2012 6:41:08 PM | Computer Name = ***-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.139.124.0)
 
 
< End of report >
         
--- --- ---

Ich verstehe nicht, was ich jetzt tun soll. Ich soll wahrscheinlich den untenstehenden Text kopieren und irgendwo anders einfügen. Wo finde ich die "Benutzerdefinierte Scans/Fixes" Textbox? Ich stoppe und warte auf deine Antwort.

Bis dahin liebe Grüße
austriasy

Alt 30.10.2012, 20:07   #5
M-K-D-B
/// TB-Ausbilder
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Servus,


ich wollte keinen neuen Scan von OTL, sondern einen OTL-Fix.
Wir versuchen das jetzt nochmal. Bitte genau lesen, es steht alles da, was du machen sollst.

Das haben vor dir auch schon Hunderte geschafft, also schaffst du das jetzt auch. Lese die Anleitungen in Ruhe durch folge ihnen Schritt für Schritt.




Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Commands
[emptytemp]
         
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von TDSSKiller.


Alt 30.10.2012, 22:24   #6
austriasy
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Hallo Matthias,

vielen Dank für deine Geduld. Also versuchen wir es noch einmal von vorne.

Schritt 1:


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 1926039518 bytes
->Temporary Internet Files folder emptied: 128318231 bytes
->FireFox cache emptied: 957834746 bytes
->Flash cache emptied: 9268 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 114793473 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 1642265844 bytes

Total Files Cleaned = 4,548.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10302012_214252

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F52A4E61-CD1C-4F91-BDF7-CE7E4CD8453D}.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Schritt 2

22:11:20.0799 3968 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:11:20.0979 3968 ============================================================
22:11:20.0979 3968 Current date / time: 2012/10/30 22:11:20.0979
22:11:20.0979 3968 SystemInfo:
22:11:20.0979 3968
22:11:20.0979 3968 OS Version: 6.1.7601 ServicePack: 1.0
22:11:20.0979 3968 Product type: Workstation
22:11:20.0979 3968 ComputerName: ***-LAPTOP
22:11:20.0979 3968 UserName: ***
22:11:20.0979 3968 Windows directory: C:\Windows
22:11:20.0979 3968 System windows directory: C:\Windows
22:11:20.0979 3968 Running under WOW64
22:11:20.0979 3968 Processor architecture: Intel x64
22:11:20.0979 3968 Number of processors: 4
22:11:20.0979 3968 Page size: 0x1000
22:11:20.0979 3968 Boot type: Normal boot
22:11:20.0979 3968 ============================================================
22:11:21.0259 3968 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:11:21.0269 3968 ============================================================
22:11:21.0269 3968 \Device\Harddisk0\DR0:
22:11:21.0269 3968 MBR partitions:
22:11:21.0269 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:11:21.0269 3968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1B600000
22:11:21.0289 3968 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B633000, BlocksNum 0x1BEA0800
22:11:21.0289 3968 ============================================================
22:11:21.0389 3968 C: <-> \Device\Harddisk0\DR0\Partition2
22:11:21.0439 3968 D: <-> \Device\Harddisk0\DR0\Partition3
22:11:21.0439 3968 ============================================================
22:11:21.0439 3968 Initialize success
22:11:21.0439 3968 ============================================================
22:11:32.0000 2280 ============================================================
22:11:32.0000 2280 Scan started
22:11:32.0000 2280 Mode: Manual;
22:11:32.0000 2280 ============================================================
22:11:32.0188 2280 ================ Scan system memory ========================
22:11:32.0188 2280 System memory - ok
22:11:32.0188 2280 ================ Scan services =============================
22:11:32.0406 2280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:11:32.0422 2280 1394ohci - ok
22:11:32.0468 2280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:11:32.0484 2280 ACPI - ok
22:11:32.0578 2280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:11:32.0578 2280 AcpiPmi - ok
22:11:32.0734 2280 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:11:32.0734 2280 AdobeFlashPlayerUpdateSvc - ok
22:11:32.0843 2280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:11:32.0858 2280 adp94xx - ok
22:11:32.0874 2280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:11:32.0874 2280 adpahci - ok
22:11:32.0905 2280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:11:32.0905 2280 adpu320 - ok
22:11:32.0936 2280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:11:32.0936 2280 AeLookupSvc - ok
22:11:32.0999 2280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:11:32.0999 2280 AFD - ok
22:11:33.0061 2280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:11:33.0061 2280 agp440 - ok
22:11:33.0092 2280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:11:33.0092 2280 ALG - ok
22:11:33.0122 2280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:11:33.0122 2280 aliide - ok
22:11:33.0132 2280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:11:33.0132 2280 amdide - ok
22:11:33.0162 2280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:11:33.0162 2280 AmdK8 - ok
22:11:33.0162 2280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:11:33.0162 2280 AmdPPM - ok
22:11:33.0202 2280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:11:33.0202 2280 amdsata - ok
22:11:33.0242 2280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:11:33.0242 2280 amdsbs - ok
22:11:33.0262 2280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:11:33.0262 2280 amdxata - ok
22:11:33.0422 2280 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:11:33.0422 2280 AntiVirSchedulerService - ok
22:11:33.0532 2280 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:11:33.0532 2280 AntiVirService - ok
22:11:33.0562 2280 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:11:33.0562 2280 AntiVirWebService - ok
22:11:33.0612 2280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:11:33.0612 2280 AppID - ok
22:11:33.0652 2280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:11:33.0652 2280 AppIDSvc - ok
22:11:33.0752 2280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:11:33.0752 2280 Appinfo - ok
22:11:33.0802 2280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:11:33.0812 2280 arc - ok
22:11:33.0832 2280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:11:33.0832 2280 arcsas - ok
22:11:33.0862 2280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:33.0862 2280 AsyncMac - ok
22:11:33.0912 2280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:11:33.0912 2280 atapi - ok
22:11:33.0982 2280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:11:33.0992 2280 AudioEndpointBuilder - ok
22:11:34.0012 2280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:11:34.0012 2280 AudioSrv - ok
22:11:34.0082 2280 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:11:34.0102 2280 avgntflt - ok
22:11:34.0162 2280 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:11:34.0172 2280 avipbb - ok
22:11:34.0252 2280 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:11:34.0262 2280 avkmgr - ok
22:11:34.0312 2280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:11:34.0322 2280 AxInstSV - ok
22:11:34.0372 2280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:11:34.0382 2280 b06bdrv - ok
22:11:34.0512 2280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:11:34.0512 2280 b57nd60a - ok
22:11:34.0672 2280 [ 43AD3D3E7674833FCA9A7C4E7180AD54 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:11:34.0692 2280 BCM43XX - ok
22:11:34.0722 2280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:11:34.0722 2280 BDESVC - ok
22:11:34.0762 2280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:11:34.0762 2280 Beep - ok
22:11:34.0892 2280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:11:34.0902 2280 BFE - ok
22:11:34.0962 2280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:11:34.0972 2280 BITS - ok
22:11:35.0072 2280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:11:35.0082 2280 blbdrive - ok
22:11:35.0122 2280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:11:35.0132 2280 bowser - ok
22:11:35.0179 2280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:11:35.0179 2280 BrFiltLo - ok
22:11:35.0179 2280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:11:35.0179 2280 BrFiltUp - ok
22:11:35.0226 2280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:11:35.0226 2280 Browser - ok
22:11:35.0320 2280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:11:35.0320 2280 Brserid - ok
22:11:35.0335 2280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:11:35.0335 2280 BrSerWdm - ok
22:11:35.0335 2280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:11:35.0335 2280 BrUsbMdm - ok
22:11:35.0335 2280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:11:35.0335 2280 BrUsbSer - ok
22:11:35.0398 2280 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:11:35.0413 2280 BthEnum - ok
22:11:35.0413 2280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:11:35.0413 2280 BTHMODEM - ok
22:11:35.0506 2280 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:11:35.0506 2280 BthPan - ok
22:11:35.0546 2280 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:11:35.0566 2280 BTHPORT - ok
22:11:35.0666 2280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:11:35.0666 2280 bthserv - ok
22:11:35.0706 2280 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:11:35.0716 2280 BTHUSB - ok
22:11:35.0836 2280 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
22:11:35.0856 2280 BTWAMPFL - ok
22:11:35.0886 2280 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:11:35.0896 2280 btwaudio - ok
22:11:35.0936 2280 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
22:11:35.0946 2280 btwavdt - ok
22:11:36.0016 2280 [ CC9DAE7759AC2C0D19111C0D38DDD232 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:11:36.0026 2280 btwdins - ok
22:11:36.0056 2280 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:11:36.0066 2280 btwl2cap - ok
22:11:36.0096 2280 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:11:36.0096 2280 btwrchid - ok
22:11:36.0136 2280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:11:36.0136 2280 cdfs - ok
22:11:36.0256 2280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:11:36.0266 2280 cdrom - ok
22:11:36.0316 2280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:11:36.0316 2280 CertPropSvc - ok
22:11:36.0326 2280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:11:36.0326 2280 circlass - ok
22:11:36.0396 2280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:11:36.0406 2280 CLFS - ok
22:11:36.0506 2280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:11:36.0516 2280 clr_optimization_v2.0.50727_32 - ok
22:11:36.0616 2280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:11:36.0616 2280 clr_optimization_v2.0.50727_64 - ok
22:11:36.0986 2280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:11:36.0986 2280 clr_optimization_v4.0.30319_32 - ok
22:11:37.0156 2280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:11:37.0156 2280 clr_optimization_v4.0.30319_64 - ok
22:11:37.0216 2280 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
22:11:37.0216 2280 clwvd - ok
22:11:37.0256 2280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:11:37.0266 2280 CmBatt - ok
22:11:37.0306 2280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:11:37.0306 2280 cmdide - ok
22:11:37.0376 2280 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:11:37.0386 2280 CNG - ok
22:11:37.0416 2280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:11:37.0416 2280 Compbatt - ok
22:11:37.0456 2280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:11:37.0466 2280 CompositeBus - ok
22:11:37.0486 2280 COMSysApp - ok
22:11:37.0541 2280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:11:37.0541 2280 crcdisk - ok
22:11:37.0598 2280 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:11:37.0598 2280 CryptSvc - ok
22:11:37.0778 2280 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:11:37.0798 2280 cvhsvc - ok
22:11:37.0908 2280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:11:37.0928 2280 DcomLaunch - ok
22:11:37.0968 2280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:11:37.0978 2280 defragsvc - ok
22:11:38.0088 2280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:11:38.0098 2280 DfsC - ok
22:11:38.0158 2280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:11:38.0168 2280 Dhcp - ok
22:11:38.0238 2280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:11:38.0248 2280 discache - ok
22:11:38.0268 2280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:11:38.0268 2280 Disk - ok
22:11:38.0298 2280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:11:38.0308 2280 Dnscache - ok
22:11:38.0338 2280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:11:38.0348 2280 dot3svc - ok
22:11:38.0388 2280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:11:38.0388 2280 DPS - ok
22:11:38.0428 2280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:11:38.0428 2280 drmkaud - ok
22:11:38.0498 2280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:11:38.0528 2280 DXGKrnl - ok
22:11:38.0568 2280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:11:38.0568 2280 EapHost - ok
22:11:38.0668 2280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:11:38.0718 2280 ebdrv - ok
22:11:38.0768 2280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:11:38.0768 2280 EFS - ok
22:11:38.0838 2280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:11:38.0858 2280 ehRecvr - ok
22:11:38.0908 2280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:11:38.0928 2280 ehSched - ok
22:11:38.0988 2280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:11:38.0998 2280 elxstor - ok
22:11:39.0018 2280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:11:39.0018 2280 ErrDev - ok
22:11:39.0058 2280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:11:39.0058 2280 EventSystem - ok
22:11:39.0088 2280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:11:39.0088 2280 exfat - ok
22:11:39.0098 2280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:11:39.0098 2280 fastfat - ok
22:11:39.0148 2280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:11:39.0158 2280 Fax - ok
22:11:39.0178 2280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:11:39.0178 2280 fdc - ok
22:11:39.0198 2280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:11:39.0198 2280 fdPHost - ok
22:11:39.0198 2280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:11:39.0198 2280 FDResPub - ok
22:11:39.0228 2280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:11:39.0228 2280 FileInfo - ok
22:11:39.0308 2280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:11:39.0308 2280 Filetrace - ok
22:11:39.0318 2280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:11:39.0318 2280 flpydisk - ok
22:11:39.0328 2280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:11:39.0348 2280 FltMgr - ok
22:11:39.0398 2280 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:11:39.0418 2280 FontCache - ok
22:11:39.0478 2280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:11:39.0488 2280 FontCache3.0.0.0 - ok
22:11:39.0518 2280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:11:39.0528 2280 FsDepends - ok
22:11:39.0558 2280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:11:39.0558 2280 Fs_Rec - ok
22:11:39.0618 2280 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:11:39.0628 2280 fvevol - ok
22:11:39.0654 2280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:11:39.0654 2280 gagp30kx - ok
22:11:39.0763 2280 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
22:11:39.0794 2280 GameConsoleService - ok
22:11:39.0841 2280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:11:39.0841 2280 gpsvc - ok
22:11:39.0872 2280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:11:39.0872 2280 hcw85cir - ok
22:11:39.0934 2280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:11:39.0950 2280 HdAudAddService - ok
22:11:39.0981 2280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:11:39.0981 2280 HDAudBus - ok
22:11:40.0012 2280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:11:40.0012 2280 HidBatt - ok
22:11:40.0028 2280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:11:40.0028 2280 HidBth - ok
22:11:40.0059 2280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:11:40.0059 2280 HidIr - ok
22:11:40.0075 2280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:11:40.0090 2280 hidserv - ok
22:11:40.0137 2280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:11:40.0153 2280 HidUsb - ok
22:11:40.0200 2280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:11:40.0215 2280 hkmsvc - ok
22:11:40.0246 2280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:11:40.0246 2280 HomeGroupListener - ok
22:11:40.0293 2280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:11:40.0293 2280 HomeGroupProvider - ok
22:11:40.0324 2280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:11:40.0324 2280 HpSAMD - ok
22:11:40.0387 2280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:11:40.0402 2280 HTTP - ok
22:11:40.0434 2280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:11:40.0434 2280 hwpolicy - ok
22:11:40.0465 2280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:11:40.0480 2280 i8042prt - ok
22:11:40.0512 2280 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:11:40.0512 2280 iaStor - ok
22:11:40.0543 2280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:11:40.0543 2280 iaStorV - ok
22:11:40.0604 2280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:11:40.0634 2280 idsvc - ok
22:11:40.0764 2280 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:11:40.0884 2280 igfx - ok
22:11:40.0924 2280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:11:40.0924 2280 iirsp - ok
22:11:40.0974 2280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:11:40.0984 2280 IKEEXT - ok
22:11:41.0114 2280 [ 404561D4EE0CAE109379A40247046B03 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:11:41.0144 2280 IntcAzAudAddService - ok
22:11:41.0194 2280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:11:41.0194 2280 intelide - ok
22:11:41.0224 2280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:11:41.0224 2280 intelppm - ok
22:11:41.0254 2280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:11:41.0264 2280 IPBusEnum - ok
22:11:41.0314 2280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:11:41.0314 2280 IpFilterDriver - ok
22:11:41.0364 2280 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:11:41.0384 2280 iphlpsvc - ok
22:11:41.0404 2280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:11:41.0404 2280 IPMIDRV - ok
22:11:41.0434 2280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:11:41.0444 2280 IPNAT - ok
22:11:41.0454 2280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:11:41.0454 2280 IRENUM - ok
22:11:41.0484 2280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:11:41.0484 2280 isapnp - ok
22:11:41.0494 2280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:11:41.0504 2280 iScsiPrt - ok
22:11:41.0524 2280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:11:41.0524 2280 kbdclass - ok
22:11:41.0564 2280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:11:41.0564 2280 kbdhid - ok
22:11:41.0604 2280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:11:41.0604 2280 KeyIso - ok
22:11:41.0634 2280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:11:41.0644 2280 KSecDD - ok
22:11:41.0664 2280 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:11:41.0664 2280 KSecPkg - ok
22:11:41.0694 2280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:11:41.0694 2280 ksthunk - ok
22:11:41.0724 2280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:11:41.0744 2280 KtmRm - ok
22:11:41.0784 2280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:11:41.0794 2280 LanmanServer - ok
22:11:41.0844 2280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:11:41.0844 2280 LanmanWorkstation - ok
22:11:41.0894 2280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:11:41.0904 2280 lltdio - ok
22:11:41.0924 2280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:11:41.0944 2280 lltdsvc - ok
22:11:41.0964 2280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:11:41.0964 2280 lmhosts - ok
22:11:42.0054 2280 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:11:42.0054 2280 LMS - ok
22:11:42.0094 2280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:11:42.0094 2280 LSI_FC - ok
22:11:42.0104 2280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:11:42.0104 2280 LSI_SAS - ok
22:11:42.0114 2280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:11:42.0124 2280 LSI_SAS2 - ok
22:11:42.0134 2280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:11:42.0134 2280 LSI_SCSI - ok
22:11:42.0154 2280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:11:42.0154 2280 luafv - ok
22:11:42.0204 2280 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:11:42.0204 2280 MBAMProtector - ok
22:11:42.0264 2280 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:11:42.0264 2280 MBAMScheduler - ok
22:11:42.0304 2280 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:11:42.0304 2280 MBAMService - ok
22:11:42.0354 2280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:11:42.0374 2280 Mcx2Svc - ok
22:11:42.0394 2280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:11:42.0394 2280 megasas - ok
22:11:42.0430 2280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:11:42.0430 2280 MegaSR - ok
22:11:42.0461 2280 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:11:42.0476 2280 MEIx64 - ok
22:11:42.0601 2280 Microsoft SharePoint Workspace Audit Service - ok
22:11:42.0664 2280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:11:42.0664 2280 MMCSS - ok
22:11:42.0679 2280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:11:42.0679 2280 Modem - ok
22:11:42.0726 2280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:11:42.0726 2280 monitor - ok
22:11:42.0773 2280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:11:42.0788 2280 mouclass - ok
22:11:42.0820 2280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:11:42.0820 2280 mouhid - ok
22:11:42.0882 2280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:11:42.0882 2280 mountmgr - ok
22:11:42.0960 2280 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:11:42.0976 2280 MozillaMaintenance - ok
22:11:43.0022 2280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:11:43.0022 2280 mpio - ok
22:11:43.0054 2280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:11:43.0054 2280 mpsdrv - ok
22:11:43.0116 2280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:11:43.0132 2280 MpsSvc - ok
22:11:43.0163 2280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:11:43.0178 2280 MRxDAV - ok
22:11:43.0210 2280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:11:43.0225 2280 mrxsmb - ok
22:11:43.0256 2280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:11:43.0272 2280 mrxsmb10 - ok
22:11:43.0288 2280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:11:43.0288 2280 mrxsmb20 - ok
22:11:43.0319 2280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:11:43.0319 2280 msahci - ok
22:11:43.0350 2280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:11:43.0350 2280 msdsm - ok
22:11:43.0366 2280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:11:43.0381 2280 MSDTC - ok
22:11:43.0428 2280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:11:43.0444 2280 Msfs - ok
22:11:43.0444 2280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:11:43.0444 2280 mshidkmdf - ok
22:11:43.0459 2280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:11:43.0459 2280 msisadrv - ok
22:11:43.0506 2280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:11:43.0506 2280 MSiSCSI - ok
22:11:43.0506 2280 msiserver - ok
22:11:43.0537 2280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:11:43.0537 2280 MSKSSRV - ok
22:11:43.0553 2280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:11:43.0553 2280 MSPCLOCK - ok
22:11:43.0553 2280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:11:43.0553 2280 MSPQM - ok
22:11:43.0584 2280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:11:43.0584 2280 MsRPC - ok
22:11:43.0631 2280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:11:43.0631 2280 mssmbios - ok
22:11:43.0646 2280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:11:43.0646 2280 MSTEE - ok
22:11:43.0662 2280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:11:43.0662 2280 MTConfig - ok
22:11:43.0678 2280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:11:43.0678 2280 Mup - ok
22:11:43.0724 2280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:11:43.0740 2280 napagent - ok
22:11:43.0787 2280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:11:43.0802 2280 NativeWifiP - ok
22:11:43.0865 2280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:11:43.0880 2280 NDIS - ok
22:11:43.0896 2280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:11:43.0896 2280 NdisCap - ok
22:11:43.0943 2280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:11:43.0958 2280 NdisTapi - ok
22:11:43.0990 2280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:11:43.0990 2280 Ndisuio - ok
22:11:44.0036 2280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:11:44.0052 2280 NdisWan - ok
22:11:44.0099 2280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:11:44.0099 2280 NDProxy - ok
22:11:44.0130 2280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:11:44.0130 2280 NetBIOS - ok
22:11:44.0177 2280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:11:44.0177 2280 NetBT - ok
22:11:44.0208 2280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:11:44.0208 2280 Netlogon - ok
22:11:44.0255 2280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:11:44.0255 2280 Netman - ok
22:11:44.0286 2280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:11:44.0286 2280 netprofm - ok
22:11:44.0333 2280 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:44.0333 2280 NetTcpPortSharing - ok
22:11:44.0380 2280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:11:44.0380 2280 nfrd960 - ok
22:11:44.0411 2280 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:11:44.0426 2280 NlaSvc - ok
22:11:44.0426 2280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:11:44.0442 2280 Npfs - ok
22:11:44.0458 2280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:11:44.0473 2280 nsi - ok
22:11:44.0473 2280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:11:44.0473 2280 nsiproxy - ok
22:11:44.0551 2280 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:11:44.0567 2280 Ntfs - ok
22:11:44.0598 2280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:11:44.0598 2280 Null - ok
22:11:44.0645 2280 [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:11:44.0660 2280 NVHDA - ok
22:11:44.0926 2280 [ E4C35EFDE340F3A18123AE85104B2B82 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:11:44.0988 2280 nvlddmkm - ok
22:11:45.0035 2280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:11:45.0035 2280 nvraid - ok
22:11:45.0050 2280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:11:45.0050 2280 nvstor - ok
22:11:45.0113 2280 [ 7E4D066D8BE847723807EF161B78BF07 ] NVSvc C:\Windows\system32\nvvsvc.exe
22:11:45.0144 2280 NVSvc - ok
22:11:45.0175 2280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:11:45.0175 2280 nv_agp - ok
22:11:45.0206 2280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:11:45.0206 2280 ohci1394 - ok
22:11:45.0253 2280 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:11:45.0253 2280 ose - ok
22:11:45.0440 2280 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:11:45.0456 2280 osppsvc - ok
22:11:45.0503 2280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:11:45.0518 2280 p2pimsvc - ok
22:11:45.0534 2280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:11:45.0550 2280 p2psvc - ok
22:11:45.0581 2280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:11:45.0581 2280 Parport - ok
22:11:45.0612 2280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:11:45.0612 2280 partmgr - ok
22:11:45.0643 2280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:11:45.0643 2280 PcaSvc - ok
22:11:45.0690 2280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:11:45.0690 2280 pci - ok
22:11:45.0721 2280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:11:45.0721 2280 pciide - ok
22:11:45.0768 2280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:11:45.0768 2280 pcmcia - ok
22:11:45.0784 2280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:11:45.0784 2280 pcw - ok
22:11:45.0815 2280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:11:45.0830 2280 PEAUTH - ok
22:11:45.0908 2280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:11:45.0924 2280 PerfHost - ok
22:11:45.0986 2280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:11:46.0018 2280 pla - ok
22:11:46.0080 2280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:11:46.0080 2280 PlugPlay - ok
22:11:46.0111 2280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:11:46.0111 2280 PNRPAutoReg - ok
22:11:46.0127 2280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:11:46.0127 2280 PNRPsvc - ok
22:11:46.0174 2280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:11:46.0174 2280 PolicyAgent - ok
22:11:46.0220 2280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:11:46.0236 2280 Power - ok
22:11:46.0283 2280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:11:46.0298 2280 PptpMiniport - ok
22:11:46.0330 2280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:11:46.0330 2280 Processor - ok
22:11:46.0376 2280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:11:46.0392 2280 ProfSvc - ok
22:11:46.0408 2280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:11:46.0408 2280 ProtectedStorage - ok
22:11:46.0454 2280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:11:46.0454 2280 Psched - ok
22:11:46.0517 2280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:11:46.0548 2280 ql2300 - ok
22:11:46.0564 2280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:11:46.0564 2280 ql40xx - ok
22:11:46.0610 2280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:11:46.0610 2280 QWAVE - ok
22:11:46.0626 2280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:11:46.0626 2280 QWAVEdrv - ok
22:11:46.0626 2280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:11:46.0626 2280 RasAcd - ok
22:11:46.0657 2280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:11:46.0688 2280 RasAgileVpn - ok
22:11:46.0704 2280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:11:46.0720 2280 RasAuto - ok
22:11:46.0751 2280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:11:46.0751 2280 Rasl2tp - ok
22:11:46.0798 2280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:11:46.0813 2280 RasMan - ok
22:11:46.0829 2280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:11:46.0844 2280 RasPppoe - ok
22:11:46.0844 2280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:11:46.0844 2280 RasSstp - ok
22:11:46.0896 2280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:11:46.0906 2280 rdbss - ok
22:11:46.0916 2280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:11:46.0916 2280 rdpbus - ok
22:11:46.0946 2280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:11:46.0946 2280 RDPCDD - ok
22:11:46.0966 2280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:11:46.0966 2280 RDPENCDD - ok
22:11:46.0966 2280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:11:46.0966 2280 RDPREFMP - ok
22:11:46.0996 2280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:11:46.0996 2280 RDPWD - ok
22:11:47.0046 2280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:11:47.0046 2280 rdyboost - ok
22:11:47.0066 2280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:11:47.0076 2280 RemoteAccess - ok
22:11:47.0096 2280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:11:47.0106 2280 RemoteRegistry - ok
22:11:47.0136 2280 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:11:47.0146 2280 RFCOMM - ok
22:11:47.0186 2280 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:11:47.0186 2280 RichVideo - ok
22:11:47.0196 2280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:11:47.0196 2280 RpcEptMapper - ok
22:11:47.0236 2280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:11:47.0246 2280 RpcLocator - ok
22:11:47.0286 2280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:11:47.0296 2280 RpcSs - ok
22:11:47.0336 2280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:11:47.0346 2280 rspndr - ok
22:11:47.0396 2280 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:11:47.0416 2280 RTL8167 - ok
22:11:47.0466 2280 [ A332DB1DAC07E95667A57AAEEC236C37 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
22:11:47.0486 2280 RTL8192su - ok
22:11:47.0546 2280 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\Windows\SysWOW64\drivers\rtport.sys
22:11:47.0546 2280 rtport - ok
22:11:47.0576 2280 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
22:11:47.0586 2280 SABI - ok
22:11:47.0606 2280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:11:47.0606 2280 SamSs - ok
22:11:47.0636 2280 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
22:11:47.0656 2280 Samsung UPD Service - ok
22:11:47.0706 2280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:11:47.0706 2280 sbp2port - ok
22:11:47.0746 2280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:11:47.0766 2280 SCardSvr - ok
22:11:47.0806 2280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:11:47.0806 2280 scfilter - ok
22:11:47.0876 2280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:11:47.0896 2280 Schedule - ok
22:11:47.0936 2280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:11:47.0936 2280 SCPolicySvc - ok
22:11:47.0976 2280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:11:47.0976 2280 SDRSVC - ok
22:11:48.0026 2280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:11:48.0036 2280 secdrv - ok
22:11:48.0066 2280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:11:48.0076 2280 seclogon - ok
22:11:48.0126 2280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:11:48.0126 2280 SENS - ok
22:11:48.0156 2280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:11:48.0166 2280 SensrSvc - ok
22:11:48.0216 2280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:11:48.0216 2280 Serenum - ok
22:11:48.0226 2280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:11:48.0226 2280 Serial - ok
22:11:48.0256 2280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:11:48.0266 2280 sermouse - ok
22:11:48.0306 2280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:11:48.0316 2280 SessionEnv - ok
22:11:48.0346 2280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:11:48.0346 2280 sffdisk - ok
22:11:48.0366 2280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:11:48.0366 2280 sffp_mmc - ok
22:11:48.0376 2280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:11:48.0376 2280 sffp_sd - ok
22:11:48.0406 2280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:11:48.0406 2280 sfloppy - ok
22:11:48.0466 2280 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:11:48.0476 2280 Sftfs - ok
22:11:48.0546 2280 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:11:48.0556 2280 sftlist - ok
22:11:48.0586 2280 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:11:48.0586 2280 Sftplay - ok
22:11:48.0606 2280 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:11:48.0616 2280 Sftredir - ok
22:11:48.0646 2280 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:11:48.0646 2280 Sftvol - ok
22:11:48.0676 2280 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:11:48.0676 2280 sftvsa - ok
22:11:48.0706 2280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:11:48.0726 2280 SharedAccess - ok
22:11:48.0766 2280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:11:48.0776 2280 ShellHWDetection - ok
22:11:48.0806 2280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:11:48.0806 2280 SiSRaid2 - ok
22:11:48.0836 2280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:11:48.0846 2280 SiSRaid4 - ok
22:11:48.0866 2280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:11:48.0866 2280 Smb - ok
22:11:48.0921 2280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:11:48.0921 2280 SNMPTRAP - ok
22:11:48.0937 2280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:11:48.0937 2280 spldr - ok
22:11:48.0984 2280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:11:48.0984 2280 Spooler - ok
22:11:49.0093 2280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:11:49.0108 2280 sppsvc - ok
22:11:49.0124 2280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:11:49.0140 2280 sppuinotify - ok
22:11:49.0171 2280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:11:49.0202 2280 srv - ok
22:11:49.0218 2280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:11:49.0233 2280 srv2 - ok
22:11:49.0264 2280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:11:49.0264 2280 srvnet - ok
22:11:49.0311 2280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:11:49.0311 2280 SSDPSRV - ok
22:11:49.0342 2280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:11:49.0342 2280 SstpSvc - ok
22:11:49.0358 2280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:11:49.0358 2280 stexstor - ok
22:11:49.0389 2280 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:11:49.0389 2280 StillCam - ok
22:11:49.0452 2280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:11:49.0467 2280 stisvc - ok
22:11:49.0498 2280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:11:49.0498 2280 swenum - ok
22:11:49.0530 2280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:11:49.0545 2280 swprv - ok
22:11:49.0608 2280 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:11:49.0623 2280 SynTP - ok
22:11:49.0732 2280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:11:49.0764 2280 SysMain - ok
22:11:49.0810 2280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:11:49.0810 2280 TabletInputService - ok
22:11:49.0842 2280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:11:49.0842 2280 TapiSrv - ok
22:11:49.0888 2280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:11:49.0888 2280 TBS - ok
22:11:49.0951 2280 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:11:49.0982 2280 Tcpip - ok
22:11:50.0013 2280 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:11:50.0013 2280 TCPIP6 - ok
22:11:50.0044 2280 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:11:50.0044 2280 tcpipreg - ok
22:11:50.0076 2280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:11:50.0076 2280 TDPIPE - ok
22:11:50.0107 2280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:11:50.0107 2280 TDTCP - ok
22:11:50.0169 2280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:11:50.0185 2280 tdx - ok
22:11:50.0200 2280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:11:50.0200 2280 TermDD - ok
22:11:50.0263 2280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:11:50.0278 2280 TermService - ok
22:11:50.0310 2280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:11:50.0325 2280 Themes - ok
22:11:50.0341 2280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:11:50.0341 2280 THREADORDER - ok
22:11:50.0356 2280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:11:50.0356 2280 TrkWks - ok
22:11:50.0419 2280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:11:50.0419 2280 TrustedInstaller - ok
22:11:50.0466 2280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:11:50.0466 2280 tssecsrv - ok
22:11:50.0512 2280 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:11:50.0512 2280 TsUsbFlt - ok
22:11:50.0575 2280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:11:50.0590 2280 tunnel - ok
22:11:50.0668 2280 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
22:11:50.0684 2280 TurboB - ok
22:11:50.0715 2280 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:11:50.0731 2280 TurboBoost - ok
22:11:50.0762 2280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:11:50.0762 2280 uagp35 - ok
22:11:50.0793 2280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:11:50.0793 2280 udfs - ok
22:11:50.0840 2280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:11:50.0856 2280 UI0Detect - ok
22:11:50.0871 2280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:11:50.0871 2280 uliagpkx - ok
22:11:50.0918 2280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:11:50.0934 2280 umbus - ok
22:11:50.0949 2280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:11:50.0949 2280 UmPass - ok
22:11:51.0073 2280 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:11:51.0103 2280 UNS - ok
22:11:51.0133 2280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:11:51.0133 2280 upnphost - ok
22:11:51.0163 2280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:11:51.0173 2280 usbccgp - ok
22:11:51.0203 2280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:11:51.0203 2280 usbcir - ok
22:11:51.0243 2280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:11:51.0253 2280 usbehci - ok
22:11:51.0283 2280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:11:51.0293 2280 usbhub - ok
22:11:51.0313 2280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:11:51.0313 2280 usbohci - ok
22:11:51.0363 2280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:11:51.0363 2280 usbprint - ok
22:11:51.0403 2280 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:11:51.0403 2280 usbscan - ok
22:11:51.0423 2280 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
22:11:51.0423 2280 USBSTOR - ok
22:11:51.0443 2280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:11:51.0443 2280 usbuhci - ok
22:11:51.0493 2280 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:11:51.0493 2280 usbvideo - ok
22:11:51.0523 2280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:11:51.0523 2280 UxSms - ok
22:11:51.0553 2280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:11:51.0553 2280 VaultSvc - ok
22:11:51.0603 2280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:11:51.0603 2280 vdrvroot - ok
22:11:51.0653 2280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:11:51.0683 2280 vds - ok
22:11:51.0763 2280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:11:51.0763 2280 vga - ok
22:11:51.0793 2280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:11:51.0793 2280 VgaSave - ok
22:11:51.0843 2280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:11:51.0843 2280 vhdmp - ok
22:11:51.0863 2280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:11:51.0863 2280 viaide - ok
22:11:51.0893 2280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:11:51.0893 2280 volmgr - ok
22:11:51.0933 2280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:11:51.0933 2280 volmgrx - ok
22:11:51.0963 2280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:11:51.0973 2280 volsnap - ok
22:11:52.0013 2280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:11:52.0023 2280 vsmraid - ok
22:11:52.0093 2280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:11:52.0123 2280 VSS - ok
22:11:52.0163 2280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:11:52.0173 2280 vwifibus - ok
22:11:52.0203 2280 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:11:52.0203 2280 vwififlt - ok
22:11:52.0263 2280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:11:52.0273 2280 W32Time - ok
22:11:52.0303 2280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:11:52.0303 2280 WacomPen - ok
22:11:52.0343 2280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:11:52.0353 2280 WANARP - ok
22:11:52.0363 2280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:11:52.0363 2280 Wanarpv6 - ok
22:11:52.0453 2280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:11:52.0493 2280 WatAdminSvc - ok
22:11:52.0533 2280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:11:52.0553 2280 wbengine - ok
22:11:52.0583 2280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:11:52.0593 2280 WbioSrvc - ok
22:11:52.0643 2280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:11:52.0663 2280 wcncsvc - ok
22:11:52.0673 2280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:11:52.0673 2280 WcsPlugInService - ok
22:11:52.0703 2280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:11:52.0703 2280 Wd - ok
22:11:52.0733 2280 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:11:52.0733 2280 Wdf01000 - ok
22:11:52.0743 2280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:11:52.0753 2280 WdiServiceHost - ok
22:11:52.0753 2280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:11:52.0753 2280 WdiSystemHost - ok
22:11:52.0803 2280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:11:52.0823 2280 WebClient - ok
22:11:52.0853 2280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:11:52.0863 2280 Wecsvc - ok
22:11:52.0883 2280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:11:52.0893 2280 wercplsupport - ok
22:11:52.0913 2280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:11:52.0923 2280 WerSvc - ok
22:11:52.0963 2280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:11:52.0963 2280 WfpLwf - ok
22:11:52.0973 2280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:11:52.0983 2280 WIMMount - ok
22:11:53.0003 2280 WinDefend - ok
22:11:53.0013 2280 WinHttpAutoProxySvc - ok
22:11:53.0083 2280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:11:53.0083 2280 Winmgmt - ok
22:11:53.0183 2280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:11:53.0233 2280 WinRM - ok
22:11:53.0273 2280 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:11:53.0273 2280 WinUsb - ok
22:11:53.0313 2280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:11:53.0323 2280 Wlansvc - ok
22:11:53.0383 2280 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:11:53.0393 2280 wlcrasvc - ok
22:11:53.0513 2280 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:11:53.0533 2280 wlidsvc - ok
22:11:53.0563 2280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:11:53.0563 2280 WmiAcpi - ok
22:11:53.0603 2280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:11:53.0603 2280 wmiApSrv - ok
22:11:53.0643 2280 WMPNetworkSvc - ok
22:11:53.0663 2280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:11:53.0673 2280 WPCSvc - ok
22:11:53.0713 2280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:11:53.0713 2280 WPDBusEnum - ok
22:11:53.0743 2280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:11:53.0743 2280 ws2ifsl - ok
22:11:53.0753 2280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:11:53.0763 2280 wscsvc - ok
22:11:53.0763 2280 WSearch - ok
22:11:53.0873 2280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:11:53.0943 2280 wuauserv - ok
22:11:53.0983 2280 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:11:53.0993 2280 WudfPf - ok
22:11:54.0033 2280 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:11:54.0033 2280 WUDFRd - ok
22:11:54.0073 2280 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:11:54.0083 2280 wudfsvc - ok
22:11:54.0133 2280 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:11:54.0153 2280 WwanSvc - ok
22:11:54.0193 2280 ================ Scan global ===============================
22:11:54.0213 2280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:11:54.0253 2280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:11:54.0263 2280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:11:54.0293 2280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:11:54.0313 2280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:11:54.0323 2280 [Global] - ok
22:11:54.0323 2280 ================ Scan MBR ==================================
22:11:54.0333 2280 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
22:11:54.0563 2280 \Device\Harddisk0\DR0 - ok
22:11:54.0563 2280 ================ Scan VBR ==================================
22:11:54.0563 2280 [ A71F9D4598D239D26CA108EC7B2813B3 ] \Device\Harddisk0\DR0\Partition1
22:11:54.0563 2280 \Device\Harddisk0\DR0\Partition1 - ok
22:11:54.0593 2280 [ ED3FE047A1510F124114F55EC048CD65 ] \Device\Harddisk0\DR0\Partition2
22:11:54.0593 2280 \Device\Harddisk0\DR0\Partition2 - ok
22:11:54.0613 2280 [ 64E20CAAD375534BD2F37BA4FCB31751 ] \Device\Harddisk0\DR0\Partition3
22:11:54.0613 2280 \Device\Harddisk0\DR0\Partition3 - ok
22:11:54.0613 2280 ============================================================
22:11:54.0613 2280 Scan finished
22:11:54.0613 2280 ============================================================
22:11:54.0623 4040 Detected object count: 0
22:11:54.0623 4040 Actual detected object count: 0

Ich hoffe, diesmal habe ich das richtig gemacht ;-).

Liebe Grüße
austriasy

Alt 31.10.2012, 19:01   #7
M-K-D-B
/// TB-Ausbilder
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Servus,



alles richtig.




Schritt 1
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Wie läuft dein Rechner derzeit?
Gibt es Probleme? Wenn ja, welche?






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die Beantwortung der gestellten Fragen.

Alt 01.11.2012, 20:55   #8
austriasy
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Hallo Matthias,

Danke für die neuen Anweisungen. Dann fahren wir mal fort:

Schritt 1
Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.11.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Robert :: ***-LAPTOP [Administrator]

Schutz: Aktiviert

01.11.2012 17:51:41
mbam-log-2012-11-01 (17-51-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202043
Laufzeit: 4 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Schritt 2

No threats found.

Schritt 3

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.65.1.1000
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Wie läuft dein Rechner derzeit?
Gibt es Probleme? Wenn ja, welche?


Unser Laptop läuft meiner Meinung nach ganz normal. Mein Partner hat in der letzten Woche bei der Benutzung mal eine Warnung erhalten. Leider hat er noch weniger Ahnung als ich und konnte mir die Warnung auch nicht mehr genauer beschreiben. In den letzten Tagen erscheint direkt nach dem Einschalten eine Meldung, wonach folgende Datei auf das System zugreifen will:

SSBKgd Update exe

Da mir nicht bekannt ist, was das für ein Programm sein soll, habe ich den Zugriff nicht erlaubt. Vielleicht kannst du mir sagen, was das ist, ob ich den Zugriff zulassen kann oder wie ich die Meldung entfernen kann.

Ich wünsche dir noch einen schönen Restfeiertag und freue mich, bald wieder von dir zu hören.
austriasy

Alt 02.11.2012, 14:58   #9
M-K-D-B
/// TB-Ausbilder
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Servus,


ssbkgdupdate.exe ist in Ordnung, die kannst du zulassen.




Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 2
Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen.
Möchtest Du ESET denoch deinstallieren,
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
         
und drücke OK.





Schritt 3
Starte bitte OTL und klicke auf Bereinigung.
Du wirst zu einem Neustart aufgefordert.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben.
Sollte ein verwendetes Programm nach dem Neustart noch verhanden sein, bitte mit Rechtsklick --> Löschen manuell entfernen.





Schritt 4
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 02.11.2012, 17:51   #10
austriasy
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Hallo Matthias,

vielen Dank für deine neuerliche Antwort und die Tipps. Ich zukünftig noch mehr darauf achten. Habe alles erledigt und möchte abschließend noch wissen, ob die in Quarantäne befindliche verdächtige Datei EXP/JS.Expack.AL gelöscht werden soll.

Liebe Grüße
austriasy

Alt 02.11.2012, 17:55   #11
M-K-D-B
/// TB-Ausbilder
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Servus,


die Datei kannst du bedenkenlos löschen.




Ich bin froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Alt 02.11.2012, 18:24   #12
austriasy
 
EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Standard

EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden



Hallo Matthias,

vielen Dank für deine schnelle und kompetente Hilfe. Ich finde die Unterstützung die ihr hier anbietet Spitze! Macht weiter so im Kampf gegen die Plagegeister!

Liebe Grüße und nochmals 1000Dank!!!
austriasy

Antwort

Themen zu EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden
anti-malware, antivirus, bereinigen, bereits, brauche, bundestrojaner, datei, dringend, einsatz, einstellungen, entfernung, euren, heute, laptops, liebe, neue, plagegeister, quarantäne, report, sicherung, sperrung, unwissende, verdächtige, woche, wochen




Ähnliche Themen: EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden


  1. Probleme nach Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (13)
  2. Windows 7: 'EXP/JS.Expack.EB' gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.03.2014 (9)
  3. Windows 7: 'EXP/JS.Expack.EB' gefunden
    Mülltonne - 14.03.2014 (1)
  4. Maleware gefunden (PC Optimizer u. Speed Up). Erbitte Hilfe für Entfernung.
    Log-Analyse und Auswertung - 12.02.2014 (13)
  5. Vista: nach Avira Systemcheck einige Malware und Trojaner gefunden
    Log-Analyse und Auswertung - 26.01.2014 (3)
  6. Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht?
    Log-Analyse und Auswertung - 15.02.2013 (21)
  7. Windows Vista RunDLL-Boot-Fehler nach Bundestrojaner-Entfernung (rty0_7z.exe)
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (18)
  8. "js/expack.th" gefunden und in quarantäne / dateiendung unbekannt? / weiteres Vorgehen?
    Log-Analyse und Auswertung - 19.10.2012 (5)
  9. Bundestrojaner - deo0_sar.exe Modul wurde nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (26)
  10. 'JS/Expack.AV' gefunden und aufrufen von www.google.de geht nicht
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (1)
  11. Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr!
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (18)
  12. Kaspersky gefunden Trojan-Downloader.JS.Expack.xw
    Log-Analyse und Auswertung - 30.07.2012 (1)
  13. Nach GVU Trojaner Entfernung RUNDLL Fehlermeldung nach Systemstart ?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (2)
  14. JS/Expack.OY (Antivir) und html/fraud.bg trojan (eset) gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  15. gmer logfile nach befall von systemcheck trojaner
    Log-Analyse und Auswertung - 10.02.2012 (44)
  16. TR/EyeStye.N.105 Avira-Meldung / nach Systemcheck zusätzlich Java/Exdoer.A & Java/Fester.J
    Plagegeister aller Art und deren Bekämpfung - 06.08.2011 (25)
  17. Nach Entfernung von Swizzor
    Log-Analyse und Auswertung - 23.06.2006 (7)

Zum Thema EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden - Hallo liebe Wissenden , ich brauche dringend eure Hilfe. Vor ein paar Wochen habe ich mich tagelang mit der Entfernung des Bundestrojaners und der Entsperrung meines Laptops beschäftigt. Geschafft habe - EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden...
Archiv
Du betrachtest: EXP/JS.Expack.AL nach Entfernung von Bundestrojaner bei Systemcheck gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.