| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.01.2013, 13:37
| #1 |
 |  GVU-Trojaner eingefangen Hallo, ich hoffe ihr könnt mir helfen Ich habe mir gestern den GVU-Trojaner eingefangen. Ich habe mir über einen Nachbarrrechner über Google Informationen geholt. - Neustart im abgesicherten Modus ausgeführt - Systemwiederherstellung auf früheren Zeitpunkt ausgeführt --> war erfolgreich - malwarebytes geladen, aktualisiert, vollständigen scan ausgeführt - 2 infizierte Dateien gelöscht, Log-Datei gespeichert - installiertes Norton Internet Security manuell geupdated (war deaktiviert ?) - vollständigen Systemscan durchgeführt Bericht gespeichert - heutemorgen nach euren Vorgaben defogger geladen, ausgeführt, gespeichert - OTL und GMER geladen, ausgeführt und gespeichert |
|
12.01.2013, 16:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU-Trojaner eingefangen Hallo und
__________________ Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
__________________ |
|
12.01.2013, 16:55
| #3 |
| | GVU-Trojaner eingefangen Hallo cosinus
__________________Ich glaube, das steht nirgendwo geschrieben. Aber wenn man neu ist im Forum, und kein Computerspezi ist, nimmt man dass, was einem so einfällt. Ich habe nach dem Ausfüllen des Themeneröffnungsfensters das Feld mit den Dateianhängen gesehen und hier die erste Log-Datei reingesetzt. Aber nu mach ich es besser; hoffentlich. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.11.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 christian :: LAPTOP [Administrator] 11.01.2013 18:07:41 mbam-log-2013-01-11 (18-07-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 440138 Laufzeit: 1 Stunde(n), 1 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBEKPZLD\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\Roaming\skype.dat (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 12/01/2013 (christian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 12/01/2013 (christian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL Extras logfile created on: 12.01.2013 12:00:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,86 Gb Total Physical Memory | 5,45 Gb Available Physical Memory | 69,39% Memory free
15,71 Gb Paging File | 13,24 Gb Available in Paging File | 84,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 354,35 Gb Total Space | 284,44 Gb Free Space | 80,27% Space Free | Partition Type: NTFS
Drive E: | 250,00 Gb Total Space | 227,17 Gb Free Space | 90,87% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E93FA9-4EE4-44C2-A580-F76832516E73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FA815CC-1A19-4F41-B62E-5DEBA783ACCA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44FA42E4-8893-4928-958A-B65F253BE38A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47F3474B-C033-4F6F-BE3E-CF53D5E9D9CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C09A28D-93B3-47FB-849A-8DDF443DF222}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{5346A687-B994-4666-8FBB-0CC4CD8ECC43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57C7290A-F9CC-447C-997D-D807D3B15F48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6018B0F5-326E-4A9C-A38D-2D4FEBEDABC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65327B28-25C9-4C89-880A-2F675D7C84B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A34040B-54DD-467F-A1FD-156F5AF8213B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6A86BA4C-D396-4757-AF3E-BA00B22AD41E}" = lport=138 | protocol=17 | dir=in | app=system |
"{79F3362E-F386-4488-818C-FAC6B217ED0F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9267A80B-3B7C-4C3F-B8C0-71122C023CA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{98F4B4B8-4C59-4EB1-8BBE-48F987F6E2D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{9EAB2773-65EB-4FCB-9EEE-5DA54882AD93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A809DBAC-9F31-44C6-AC03-27E81AA11A82}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A92B214B-964D-4FCE-BBEC-3D73B4C222F6}" = rport=445 | protocol=6 | dir=out | app=system |
"{B18DF574-62FE-4C46-A9A6-A2EEB0613126}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C81E919B-518E-4E22-B2A3-0D9F3C6E64B2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C93DE698-0ECC-4583-B676-3EC6668FF42A}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD492605-47B8-48EB-BDB8-3CDCCF45317C}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD5431B5-558B-45BD-8790-9C3386D09472}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D01B287F-34C9-45EF-A7DF-35F2F931F84C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DD0EEBC7-F2F6-451B-81AE-41C9BF40E867}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD9E345D-36FA-410F-A42A-AE3BA799CFC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9B9E359-6291-412A-89C4-579487E2CB12}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BED60DE-796D-497C-A4EA-05FC679EB2FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{192E8121-0286-4166-8627-255778A031BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B85D420-78DC-450D-A489-A1920068CA60}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{30E54174-CC46-4AE9-A030-EE933697D643}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{412718EE-E2BE-447E-BCA6-6C5BED4F95D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44E21A42-88C7-4732-80BF-4CD6ABCFF98F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D30F6BF-3E1D-46CD-83E8-6A8C48739CF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4EE35038-D379-48ED-98A2-C1551D6204CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53630BF5-0B4D-4A7B-B208-DACDA1D186EB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{54BEC5DB-EBE0-41F1-A739-5800B661635F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe |
"{7417C7AA-C88D-4911-A08A-7F897C1E2FAB}" = protocol=6 | dir=out | app=system |
"{76C03687-B078-432B-A018-E75908DB3096}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{799F3B09-93EE-4655-A0B6-CD9C0AC30E9D}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe |
"{84D07D4A-0BC0-48F5-97BA-EAB76704E3E3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AD72B4A-7C7B-4188-8E47-A0C50767D5C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{918BAB19-F746-482E-A8B1-909419E14A6A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{95DA8A22-807F-422E-BDD6-6BDB2A43ABD9}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe |
"{A3C9FDF0-BC46-4FD6-9F95-4149327E6F5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4664E48-FA33-44F1-8D1C-EF3CD5F32857}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A5D0D4CD-3F44-4172-86CF-A25CE8B78399}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A6E1A3A0-8A98-4CB2-93B3-1B09340B2B06}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 5.0\app\starmoney.exe |
"{A83F4130-0AAA-45D0-AF89-7CA6E5A80BBD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AA06D7F4-93B7-40A7-A3C9-0B334AB2C954}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B3701F2C-64B4-407E-AFBD-41F8187F47F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41AB9E6-07B3-4532-954E-5485C62C0931}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C38B5FC1-A3CE-4208-AFC2-580A7CEE7546}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8C7B621-AFDA-46AA-A3AF-09F9EB5BB42B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CDF782F3-0D3F-4204-8C11-EF83B4BDB10B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D2945955-8615-42B2-B9C5-4BC67D470E13}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D5B74EF9-20CA-491F-8272-ADF917805243}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DFB1786D-68B1-452D-8EB5-1993F591AE32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2587DCB-EEA2-4597-8F9A-7E7272C8CF9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6BE29CF-B4A8-4E7A-8A22-A9BD0DB4D08C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F481CA42-3A01-4F8B-AC33-94C462B09E7D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F78D3304-A3B4-4AA1-BFE0-3C911D75953F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 5.0\app\starmoney.exe |
"TCP Query User{9305B60F-6E89-4286-8146-E639535A3242}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{C1E31B82-E3C1-4214-A7A3-213552C37799}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{7188C58D-FD27-457B-879E-9D848EE2F9AF}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{7E25E5AB-D668-4ED0-BF41-5777D33009C1}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37542521-6FA1-4101-8BFD-DDF1CD193ED0}" = BauFaktura
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{44655091-819A-4F91-9D63-A12E1E9C88CF}" = ArCon 2005
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CC0E398-BF90-11D4-8E44-000102A1C932}" = Kunden Manager 68.50.405.0
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50D2066A-A8E2-4BB6-BD11-708F9113DA1D}" = StarMoney Business 5.0
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL Software User's Guide
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A484263A-C779-4BF2-86CD-3E62D717F5AE}" = PDF Architect
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DIG-CAD 5.0 Demo" = DIG-CAD 5.0 Demo
"eLicenser Control" = eLicenser Control
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL Software User's Guide
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OUTLOOKR" = Microsoft Office Outlook 2007
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PDF Editor 3" = PDF Editor 3
"PremElem90" = Adobe Premiere Elements 9
"ThouVis 3.5 Arch" = ThouVis 3.5 Arch
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"WTA-0371e2ac-d5e4-41fe-b9a0-8e65aca6b030" = Bejeweled 2 Deluxe
"WTA-06284467-b2e1-4ebf-b475-8a87587d341a" = Jewel Quest Solitaire
"WTA-0a69445e-6e55-4e17-824c-fa997d85760d" = John Deere Drive Green
"WTA-214eceb3-7459-474e-8694-d30e75be501b" = Agatha Christie - Death on the Nile
"WTA-23dc4f6b-0358-4754-9555-7d8bdb553a87" = Slingo Deluxe
"WTA-4837f0b9-ac65-4044-86c2-c7968aae8e1c" = Torchlight
"WTA-4ece847f-1436-4a93-a9e0-516ee58b1134" = Polar Bowler
"WTA-629cee93-dfcf-4a8a-b7ef-c0ae64ba7681" = Penguins!
"WTA-66e11033-443f-4753-bfad-08f2c6e2e482" = Crazy Chicken Kart 2
"WTA-79f3d04c-a549-4bdd-a321-6f74a3a971e5" = Chuzzle Deluxe
"WTA-7c680703-df2a-4bd5-962e-692629144c14" = Insaniquarium Deluxe
"WTA-8bc2d5cd-5eb5-4487-829d-b01cc430a9f5" = Virtual Villagers 4 - The Tree of Life
"WTA-9153db62-ee28-4331-8ffb-5cb6fd9c5f15" = Plants vs. Zombies - Game of the Year
"WTA-a383031b-9090-456c-ba40-9540d7bf23f1" = Jewel Match 3
"WTA-b2c2ea39-968e-4f6b-83a8-d61a7a6a42b7" = Final Drive: Nitro
"WTA-b312ce3d-9716-4e83-89aa-b57a25abe7c7" = FATE
"WTA-c7a49a3e-07d2-454a-81be-c0613db80703" = Zuma Deluxe
"WTA-da675c45-a600-4081-b4c1-7dea06ac01fb" = Mystery of Mortlake Mansion
"WTA-e4e74f86-3857-449c-a886-54803c309a47" = Wedding Dash
"Zusatzsymbole Thouvis Arch_is1" = Zusatzsymbole Thouvis Arch 1.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2012 05:02:05 | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.6117.5003,
Zeitstempel: 0x4f622ef8 Name des fehlerhaften Moduls: EXCEL.EXE, Version: 14.0.6117.5003,
Zeitstempel: 0x4f622ef8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f857 ID des fehlerhaften
Prozesses: 0x16dc Startzeit der fehlerhaften Anwendung: 0x01cdc245dbe2f450 Pfad der
fehlerhaften Anwendung: C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE Pfad des fehlerhaften
Moduls: C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE Berichtskennung: f59b13e5-2e39-11e2-9d57-dc0ea111d51b
Error - 15.11.2012 01:01:57 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 00:46:45 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 01:59:40 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 18.11.2012 06:15:15 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 19.11.2012 00:15:50 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 19.11.2012 00:47:23 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 20.11.2012 01:30:21 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 21.11.2012 00:51:54 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 01:10:53 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.01.2013 11:50:21 | Computer Name = laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem
Fehler beendet: %%5.
Error - 11.01.2013 11:51:04 | Computer Name = laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 11.01.2013 11:52:47 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 11.01.2013 11:52:47 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 11.01.2013 14:17:05 | Computer Name = laptop | Source = Service Control Manager | ID = 7002
Description = Der Dienst "IWPORT" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 11.01.2013 14:19:40 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 11.01.2013 14:19:40 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 12.01.2013 05:38:21 | Computer Name = laptop | Source = Service Control Manager | ID = 7002
Description = Der Dienst "IWPORT" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 12.01.2013 05:40:48 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 12.01.2013 05:40:48 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-12 13:03:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\uxtdapow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f31401 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f31419 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f31431 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f3144a 2 bytes [F3, 75]
.text ... * 9
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f314dd 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f314f5 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f3150d 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f31525 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f3153d 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f31555 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f3156d 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f31585 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f3159d 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f315b5 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f315cd 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f316b2 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f316bd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f31401 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f31419 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f31431 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f3144a 2 bytes [F3, 75]
.text ... * 9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f314dd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f314f5 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f3150d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f31525 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f3153d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f31555 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f3156d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f31585 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f3159d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f315b5 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f315cd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f316b2 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f316bd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f31401 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f31419 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f31431 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f3144a 2 bytes [F3, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f314dd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f314f5 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f3150d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f31525 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f3153d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f31555 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f3156d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f31585 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f3159d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f315b5 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f315cd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f316b2 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f316bd 2 bytes [F3, 75]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5456] 000000006dafe196
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5652] 000000006c193bff
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5728] 000000006bdceec8
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5732] 000000006bdceec8
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5736] 000000006bdceec8
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:2276] 0000000068587019
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:2608] 000000006b6f1854
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:3124] 0000000073c232fb
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:5976] 000000007157a3e0
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:3324] 000000006dafe196
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:1500] 00000000767342ed
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:4652] 0000000076787587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:2872] 000000005f6d0cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:1524] 00000000770b2e25
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:2220] 00000000770b3e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:4060] 00000000770b3e45
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236] 00000000766c0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008] 00000000766c0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015831128f8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d8198605bd
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d8198605bd@04180f0cf150 0x09 0xFF 0xA0 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015831128f8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d8198605bd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d8198605bd@04180f0cf150 0x09 0xFF 0xA0 0xB4 ...
---- EOF - GMER 2.0 ----
mfG christian |
|
12.01.2013, 16:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Ich vermisse die OTL.txt
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.01.2013, 16:57
| #5 |
| | GVU-Trojaner eingefangen Hallo cosinus Ich glaube, das steht nirgendwo geschrieben. Aber wenn man neu ist im Forum, und kein Computerspezi ist, nimmt man dass, was einem so einfällt. Ich habe nach dem Ausfüllen des Themeneröffnungsfensters das Feld mit den Dateianhängen gesehen und hier die erste Log-Datei reingesetzt. Aber nu mach ich es besser; hoffentlich. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.11.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 christian :: LAPTOP [Administrator] 11.01.2013 18:07:41 mbam-log-2013-01-11 (18-07-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 440138 Laufzeit: 1 Stunde(n), 1 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBEKPZLD\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\christian\AppData\Roaming\skype.dat (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 12/01/2013 (christian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 12/01/2013 (christian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL Extras logfile created on: 12.01.2013 12:00:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,86 Gb Total Physical Memory | 5,45 Gb Available Physical Memory | 69,39% Memory free
15,71 Gb Paging File | 13,24 Gb Available in Paging File | 84,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 354,35 Gb Total Space | 284,44 Gb Free Space | 80,27% Space Free | Partition Type: NTFS
Drive E: | 250,00 Gb Total Space | 227,17 Gb Free Space | 90,87% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E93FA9-4EE4-44C2-A580-F76832516E73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FA815CC-1A19-4F41-B62E-5DEBA783ACCA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44FA42E4-8893-4928-958A-B65F253BE38A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47F3474B-C033-4F6F-BE3E-CF53D5E9D9CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C09A28D-93B3-47FB-849A-8DDF443DF222}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{5346A687-B994-4666-8FBB-0CC4CD8ECC43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57C7290A-F9CC-447C-997D-D807D3B15F48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6018B0F5-326E-4A9C-A38D-2D4FEBEDABC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65327B28-25C9-4C89-880A-2F675D7C84B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A34040B-54DD-467F-A1FD-156F5AF8213B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6A86BA4C-D396-4757-AF3E-BA00B22AD41E}" = lport=138 | protocol=17 | dir=in | app=system |
"{79F3362E-F386-4488-818C-FAC6B217ED0F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9267A80B-3B7C-4C3F-B8C0-71122C023CA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{98F4B4B8-4C59-4EB1-8BBE-48F987F6E2D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{9EAB2773-65EB-4FCB-9EEE-5DA54882AD93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A809DBAC-9F31-44C6-AC03-27E81AA11A82}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A92B214B-964D-4FCE-BBEC-3D73B4C222F6}" = rport=445 | protocol=6 | dir=out | app=system |
"{B18DF574-62FE-4C46-A9A6-A2EEB0613126}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C81E919B-518E-4E22-B2A3-0D9F3C6E64B2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C93DE698-0ECC-4583-B676-3EC6668FF42A}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD492605-47B8-48EB-BDB8-3CDCCF45317C}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD5431B5-558B-45BD-8790-9C3386D09472}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D01B287F-34C9-45EF-A7DF-35F2F931F84C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DD0EEBC7-F2F6-451B-81AE-41C9BF40E867}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD9E345D-36FA-410F-A42A-AE3BA799CFC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9B9E359-6291-412A-89C4-579487E2CB12}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BED60DE-796D-497C-A4EA-05FC679EB2FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{192E8121-0286-4166-8627-255778A031BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B85D420-78DC-450D-A489-A1920068CA60}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{30E54174-CC46-4AE9-A030-EE933697D643}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{412718EE-E2BE-447E-BCA6-6C5BED4F95D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44E21A42-88C7-4732-80BF-4CD6ABCFF98F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D30F6BF-3E1D-46CD-83E8-6A8C48739CF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4EE35038-D379-48ED-98A2-C1551D6204CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53630BF5-0B4D-4A7B-B208-DACDA1D186EB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{54BEC5DB-EBE0-41F1-A739-5800B661635F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe |
"{7417C7AA-C88D-4911-A08A-7F897C1E2FAB}" = protocol=6 | dir=out | app=system |
"{76C03687-B078-432B-A018-E75908DB3096}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{799F3B09-93EE-4655-A0B6-CD9C0AC30E9D}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe |
"{84D07D4A-0BC0-48F5-97BA-EAB76704E3E3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AD72B4A-7C7B-4188-8E47-A0C50767D5C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{918BAB19-F746-482E-A8B1-909419E14A6A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{95DA8A22-807F-422E-BDD6-6BDB2A43ABD9}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe |
"{A3C9FDF0-BC46-4FD6-9F95-4149327E6F5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4664E48-FA33-44F1-8D1C-EF3CD5F32857}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A5D0D4CD-3F44-4172-86CF-A25CE8B78399}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A6E1A3A0-8A98-4CB2-93B3-1B09340B2B06}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 5.0\app\starmoney.exe |
"{A83F4130-0AAA-45D0-AF89-7CA6E5A80BBD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AA06D7F4-93B7-40A7-A3C9-0B334AB2C954}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B3701F2C-64B4-407E-AFBD-41F8187F47F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41AB9E6-07B3-4532-954E-5485C62C0931}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C38B5FC1-A3CE-4208-AFC2-580A7CEE7546}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8C7B621-AFDA-46AA-A3AF-09F9EB5BB42B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CDF782F3-0D3F-4204-8C11-EF83B4BDB10B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D2945955-8615-42B2-B9C5-4BC67D470E13}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D5B74EF9-20CA-491F-8272-ADF917805243}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DFB1786D-68B1-452D-8EB5-1993F591AE32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2587DCB-EEA2-4597-8F9A-7E7272C8CF9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6BE29CF-B4A8-4E7A-8A22-A9BD0DB4D08C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F481CA42-3A01-4F8B-AC33-94C462B09E7D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F78D3304-A3B4-4AA1-BFE0-3C911D75953F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 5.0\app\starmoney.exe |
"TCP Query User{9305B60F-6E89-4286-8146-E639535A3242}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{C1E31B82-E3C1-4214-A7A3-213552C37799}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{7188C58D-FD27-457B-879E-9D848EE2F9AF}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{7E25E5AB-D668-4ED0-BF41-5777D33009C1}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37542521-6FA1-4101-8BFD-DDF1CD193ED0}" = BauFaktura
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{44655091-819A-4F91-9D63-A12E1E9C88CF}" = ArCon 2005
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CC0E398-BF90-11D4-8E44-000102A1C932}" = Kunden Manager 68.50.405.0
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50D2066A-A8E2-4BB6-BD11-708F9113DA1D}" = StarMoney Business 5.0
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL Software User's Guide
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A484263A-C779-4BF2-86CD-3E62D717F5AE}" = PDF Architect
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DIG-CAD 5.0 Demo" = DIG-CAD 5.0 Demo
"eLicenser Control" = eLicenser Control
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL Software User's Guide
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OUTLOOKR" = Microsoft Office Outlook 2007
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PDF Editor 3" = PDF Editor 3
"PremElem90" = Adobe Premiere Elements 9
"ThouVis 3.5 Arch" = ThouVis 3.5 Arch
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"WTA-0371e2ac-d5e4-41fe-b9a0-8e65aca6b030" = Bejeweled 2 Deluxe
"WTA-06284467-b2e1-4ebf-b475-8a87587d341a" = Jewel Quest Solitaire
"WTA-0a69445e-6e55-4e17-824c-fa997d85760d" = John Deere Drive Green
"WTA-214eceb3-7459-474e-8694-d30e75be501b" = Agatha Christie - Death on the Nile
"WTA-23dc4f6b-0358-4754-9555-7d8bdb553a87" = Slingo Deluxe
"WTA-4837f0b9-ac65-4044-86c2-c7968aae8e1c" = Torchlight
"WTA-4ece847f-1436-4a93-a9e0-516ee58b1134" = Polar Bowler
"WTA-629cee93-dfcf-4a8a-b7ef-c0ae64ba7681" = Penguins!
"WTA-66e11033-443f-4753-bfad-08f2c6e2e482" = Crazy Chicken Kart 2
"WTA-79f3d04c-a549-4bdd-a321-6f74a3a971e5" = Chuzzle Deluxe
"WTA-7c680703-df2a-4bd5-962e-692629144c14" = Insaniquarium Deluxe
"WTA-8bc2d5cd-5eb5-4487-829d-b01cc430a9f5" = Virtual Villagers 4 - The Tree of Life
"WTA-9153db62-ee28-4331-8ffb-5cb6fd9c5f15" = Plants vs. Zombies - Game of the Year
"WTA-a383031b-9090-456c-ba40-9540d7bf23f1" = Jewel Match 3
"WTA-b2c2ea39-968e-4f6b-83a8-d61a7a6a42b7" = Final Drive: Nitro
"WTA-b312ce3d-9716-4e83-89aa-b57a25abe7c7" = FATE
"WTA-c7a49a3e-07d2-454a-81be-c0613db80703" = Zuma Deluxe
"WTA-da675c45-a600-4081-b4c1-7dea06ac01fb" = Mystery of Mortlake Mansion
"WTA-e4e74f86-3857-449c-a886-54803c309a47" = Wedding Dash
"Zusatzsymbole Thouvis Arch_is1" = Zusatzsymbole Thouvis Arch 1.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2012 05:02:05 | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.6117.5003,
Zeitstempel: 0x4f622ef8 Name des fehlerhaften Moduls: EXCEL.EXE, Version: 14.0.6117.5003,
Zeitstempel: 0x4f622ef8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f857 ID des fehlerhaften
Prozesses: 0x16dc Startzeit der fehlerhaften Anwendung: 0x01cdc245dbe2f450 Pfad der
fehlerhaften Anwendung: C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE Pfad des fehlerhaften
Moduls: C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE Berichtskennung: f59b13e5-2e39-11e2-9d57-dc0ea111d51b
Error - 15.11.2012 01:01:57 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 00:46:45 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 01:59:40 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 18.11.2012 06:15:15 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 19.11.2012 00:15:50 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 19.11.2012 00:47:23 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 20.11.2012 01:30:21 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 21.11.2012 00:51:54 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 01:10:53 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.01.2013 11:50:21 | Computer Name = laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem
Fehler beendet: %%5.
Error - 11.01.2013 11:51:04 | Computer Name = laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 11.01.2013 11:52:47 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 11.01.2013 11:52:47 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 11.01.2013 14:17:05 | Computer Name = laptop | Source = Service Control Manager | ID = 7002
Description = Der Dienst "IWPORT" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 11.01.2013 14:19:40 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 11.01.2013 14:19:40 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 12.01.2013 05:38:21 | Computer Name = laptop | Source = Service Control Manager | ID = 7002
Description = Der Dienst "IWPORT" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 12.01.2013 05:40:48 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 12.01.2013 05:40:48 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-12 13:03:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\uxtdapow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f31401 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f31419 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f31431 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f3144a 2 bytes [F3, 75]
.text ... * 9
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f314dd 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f314f5 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f3150d 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f31525 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f3153d 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f31555 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f3156d 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f31585 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f3159d 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f315b5 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f315cd 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f316b2 2 bytes [F3, 75]
.text C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f316bd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f31401 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f31419 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f31431 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f3144a 2 bytes [F3, 75]
.text ... * 9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f314dd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f314f5 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f3150d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f31525 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f3153d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f31555 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f3156d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f31585 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f3159d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f315b5 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f315cd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f316b2 2 bytes [F3, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f316bd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f31401 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f31419 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f31431 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f3144a 2 bytes [F3, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f314dd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f314f5 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f3150d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f31525 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f3153d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f31555 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f3156d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f31585 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f3159d 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f315b5 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f315cd 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f316b2 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f316bd 2 bytes [F3, 75]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5456] 000000006dafe196
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5652] 000000006c193bff
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5728] 000000006bdceec8
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5732] 000000006bdceec8
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5736] 000000006bdceec8
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:2276] 0000000068587019
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:2608] 000000006b6f1854
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:3124] 0000000073c232fb
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:5976] 000000007157a3e0
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:3324] 000000006dafe196
Thread C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:1500] 00000000767342ed
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:4652] 0000000076787587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:2872] 000000005f6d0cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:1524] 00000000770b2e25
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:2220] 00000000770b3e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:4060] 00000000770b3e45
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236] 00000000766c0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008] 00000000766c0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015831128f8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d8198605bd
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d8198605bd@04180f0cf150 0x09 0xFF 0xA0 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015831128f8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d8198605bd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d8198605bd@04180f0cf150 0x09 0xFF 0xA0 0xB4 ...
---- EOF - GMER 2.0 ----
mfG christian |
|
12.01.2013, 17:00
| #6 |
| | GVU-Trojaner eingefangen den hab ich noch vergessen Code:
ATTFilter OTL logfile created on: 12.01.2013 12:00:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 5,45 Gb Available Physical Memory | 69,39% Memory free 15,71 Gb Paging File | 13,24 Gb Available in Paging File | 84,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 354,35 Gb Total Space | 284,44 Gb Free Space | 80,27% Space Free | Partition Type: NTFS Drive E: | 250,00 Gb Total Space | 227,17 Gb Free Space | 90,87% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.12 11:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe PRC - [2013.01.09 09:15:35 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.01 06:46:24 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe PRC - [2012.01.09 16:03:56 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.07.01 03:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011.07.01 03:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011.07.01 03:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe PRC - [2011.05.12 16:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.06 06:55:34 | 000,391,240 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010.12.06 06:55:02 | 005,578,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010.11.16 04:33:40 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010.07.29 01:40:56 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ========== Modules (No Company Name) ========== MOD - [2013.01.09 09:15:34 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2012.12.01 06:46:24 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010.12.06 06:54:46 | 011,187,168 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ========== Services (SafeList) ========== SRV - [2013.01.09 09:15:36 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.01 06:46:24 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.10.08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney Business 5.0 OnlineUpdate) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS) SRV - [2012.01.09 16:03:56 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.09.16 15:52:06 | 000,105,120 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.08.02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011.06.07 12:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2011.05.12 16:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.29 05:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.06 06:55:50 | 001,112,744 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS) DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.03.27 15:26:07 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 16:04:00 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.01.09 16:03:41 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2012.01.09 16:03:29 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.01.09 16:03:11 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.11.24 03:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2011.09.16 16:01:36 | 000,517,280 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.09.16 16:00:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.09.16 16:00:34 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.09.16 16:00:04 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.09.16 15:59:48 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.09.16 15:59:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.09.16 15:59:18 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.09.16 15:59:02 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.07.14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.06.10 19:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.05.16 22:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2011.05.16 21:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS) DRV:64bit: - [2011.05.10 04:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2011.05.06 18:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.04.05 12:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.01.21 02:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2011.01.21 02:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.09 11:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.17 12:27:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.01.12 10:40:22 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130111.037\ex64.sys -- (NAVEX15) DRV - [2013.01.12 10:40:22 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130111.037\eng64.sys -- (NAVENG) DRV - [2012.12.02 12:05:13 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.10.24 00:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130107.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.09.06 03:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130111.002\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.09 04:46:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2001.11.02 09:21:14 | 000,007,896 | ---- | M] (Sven Goers Software) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\IwPort.sys -- (IWPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6Oz02RYj0m&i=26 IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6Oz02RYj0m&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2693109.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.10.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6Oz02RYj0m&&i=26&search=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2013.01.11 16:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013.01.12 10:39:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.11.23 12:14:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 06:46:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 06:46:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.07 16:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions [2013.01.12 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\s9y5t795.default\extensions [2013.01.02 07:28:52 | 000,000,000 | ---D | M] (wetter.com) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\s9y5t795.default\extensions\{b5e96f5c-0ccb-49ca-9f2a-3f98d9bb137e} [2013.01.12 11:39:03 | 000,002,203 | ---- | M] () -- C:\Users\christian\AppData\Roaming\mozilla\firefox\profiles\s9y5t795.default\searchplugins\MyStart Search.xml [2013.01.02 07:29:41 | 000,001,050 | ---- | M] () -- C:\Users\christian\AppData\Roaming\mozilla\firefox\profiles\s9y5t795.default\searchplugins\wettercom-customized-web-search.xml [2012.12.01 06:46:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.23 12:14:02 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT [2013.01.12 10:39:33 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\COFFPLGN [2012.12.01 06:46:24 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.25 04:18:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.07 05:37:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.25 04:18:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.25 04:18:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.25 04:18:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.25 04:18:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] C:\Program Files (x86)\StarMoney Business 5.0\app\oflagent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found O4 - HKCU..\Run: [MyPhoneExplorer] C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger) O4 - HKLM..\RunOnce: [awde7zip23054] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7BA357-A492-4778-BEBB-E619D45A7E81}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B3A69F9-DE62-48EB-BDB6-5C26D971CF6E}: NameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.12 11:58:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2013.01.12 11:40:09 | 000,000,000 | ---D | C] -- C:\Users\christian\Local Settings [2013.01.12 11:39:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2013.01.11 18:06:22 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Malwarebytes [2013.01.11 18:06:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.11 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.11 18:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.11 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.09 05:50:52 | 000,000,000 | R--D | C] -- C:\Users\christian\Documents\Notes [2012.12.27 14:38:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.12.27 14:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.27 14:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.27 14:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.26 11:21:54 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\{0BC64800-7ADA-400E-8A0E-666AC2AE12B1} [2012.12.24 08:22:28 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Weto_AG [2012.12.24 08:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weto - Software [2012.12.22 10:25:20 | 000,000,000 | ---D | C] -- C:\Weto [2012.12.22 10:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2012.12.19 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\Ford Ranger [2012.12.16 11:36:33 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.12.15 13:33:43 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Avery [2012.12.15 13:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery ========== Files - Modified Within 30 Days ========== [2013.01.12 11:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2013.01.12 11:56:25 | 000,000,000 | ---- | M] () -- C:\Users\christian\defogger_reenable [2013.01.12 11:55:18 | 000,050,477 | ---- | M] () -- C:\Users\christian\Desktop\Defogger.exe [2013.01.12 11:40:02 | 000,000,455 | ---- | M] () -- C:\user.js [2013.01.12 11:19:28 | 054,357,508 | ---- | M] () -- C:\Users\christian\Desktop\Norton IS, Behobene Sicherheitsrisiken.mcf [2013.01.12 11:15:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.12 11:14:22 | 001,599,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.12 11:14:22 | 000,700,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.12 11:14:22 | 000,655,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.12 11:14:22 | 000,149,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.12 11:14:22 | 000,121,968 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.12 11:14:17 | 001,599,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.12 10:45:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 10:45:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 10:38:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.12 10:38:10 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys [2013.01.11 18:06:05 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 11:45:26 | 000,437,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.19 17:09:00 | 000,422,912 | ---- | M] () -- C:\Users\christian\Documents\Visitenkarte in impact.zdl [2012.12.16 12:59:55 | 000,002,048 | ---- | M] () -- C:\Users\christian\Desktop\Materialliste - Verknüpfung.lnk [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.01.12 11:56:25 | 000,000,000 | ---- | C] () -- C:\Users\christian\defogger_reenable [2013.01.12 11:55:18 | 000,050,477 | ---- | C] () -- C:\Users\christian\Desktop\Defogger.exe [2013.01.12 11:40:01 | 000,000,455 | ---- | C] () -- C:\user.js [2013.01.12 11:19:10 | 054,357,508 | ---- | C] () -- C:\Users\christian\Desktop\Norton IS, Behobene Sicherheitsrisiken.mcf [2013.01.11 18:06:05 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.16 13:19:55 | 000,422,912 | ---- | C] () -- C:\Users\christian\Documents\Visitenkarte in impact.zdl [2012.06.22 16:19:31 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2012.02.12 13:39:40 | 001,599,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.01.10 17:41:21 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2012.01.09 18:14:22 | 000,012,709 | ---- | C] () -- C:\Windows\ASS_150E.INI [2012.01.09 17:56:42 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.01.07 18:36:15 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe [2012.01.07 18:35:17 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini [2012.01.07 18:35:17 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini [2011.10.11 13:34:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.10.11 13:33:58 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.10.11 13:33:57 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.10.11 13:33:56 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.10.11 13:33:55 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.09 17:59:26 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acronis [2012.12.15 13:33:43 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Avery [2012.01.09 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\CAD-KAS [2012.12.16 11:36:33 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.01.09 18:15:05 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Deutsche Telekom AG [2012.04.24 06:03:42 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\DIGCAD5Demo [2012.01.07 20:14:49 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\HomeMedia [2013.01.11 16:47:30 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\MyPhoneExplorer [2012.12.31 12:07:09 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\PDF Software [2012.11.23 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\pdfforge [2012.01.07 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\pdfMachine [2012.06.07 08:20:59 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Samsung [2012.01.07 15:43:21 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Screensaver [2012.03.06 05:24:35 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\SNS ========== Purity Check ========== < End of report > doppeltes Log gelöscht //cosinus /edit Geändert von cosinus (12.01.2013 um 17:09 Uhr) |
|
12.01.2013, 17:10
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.01.2013, 12:04
| #8 |
| | GVU-Trojaner eingefangen Hallo cosinus habe Malwarebytes antirootkit durchlaufen lassen, war nichts zu bereinigen Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8434597888, free: 6290690048
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8434597888, free: 6313152512
------------ Kernel report ------------
01/13/2013 11:23:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1309000.009\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1309000.009\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\SymIMv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130111.002\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130107.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\bScsiMSa.sys
\SystemRoot\system32\DRIVERS\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\b57xdmp.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130112.007\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130112.007\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800a61c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80080fa050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.01.13.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a61c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a4839c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800a481890, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa800a482b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a61ce30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800a61c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80080fa050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a0055f2520, 0xfffffa800a61c060, 0xfffffa800ddd3090
Lower DeviceData: 0xfffff8a004ddd520, 0xfffffa80080fa050, 0xfffffa800a56b090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F2F8A69D
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 37748736
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 37750784 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 37955584 Numsec = 743124992
Partition 3 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 781080576 Numsec = 684064768
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
mf G Christian |
|
13.01.2013, 20:30
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 05:30
| #10 |
| | GVU-Trojaner eingefangen Hallo cosinus habe asw.MBR.exe geladen; Norton IS meldet "Bedrohung" und hat es entfernt. Was jetzt ? Code:
ATTFilter Vollständiger Pfad: c:\users\christian\desktop\aswmbr.exe
Bedrohung: WS.Reputation.1
____________________________
____________________________
Auf Computern ab 14.01.2013 um 05:19:13
Zuletzt verwendet 14.01.2013 um 05:22:00
Start-Element Nein
Gestarted Nein
____________________________
____________________________
Viele Benutzer
Tausende Benutzer in der Norton Community haben diese Datei verwendet.
____________________________
Schon länger bekannt
Diese Datei wurde vor 2 Monaten veröffentlicht.
____________________________
Mittel
Das Risiko dieser Datei ist mittel.
____________________________
Bedrohungsdetails
Art der Bedrohung: Insight-Netzwerkbedrohung. Es bestehen mehrere Anzeichen, dass diese Datei nicht vertrauenswürdig und daher nicht sicher ist
____________________________
hxxp://public.avast.com/~gmerek/aswMBR.exe Datei aswmbr.exe
Bedrohungsname:
WS.Reputation.1 heruntergeladen von
avast.com
aswmbr.exe
____________________________
Dateiaktionen
Infizierte Datei: c:\users\christian\desktop\aswmbr.exe
entfernt
____________________________
Dateiabdruck - SHA:
7af5e982f35f0865124cfee620a8279e420ae48db926480377f6f612615ab9cd
____________________________
Dateiabdruck - MD5:
be3ab4803c963be0357541ec3b17d443
____________________________
|
|
14.01.2013, 09:32
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Norton vllt vorher mal deaktivieren?! aswMBR ist keine Malware!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 10:14
| #12 |
| | GVU-Trojaner eingefangenCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 10:08:06
-----------------------------
10:08:06.487 OS Version: Windows x64 6.1.7601 Service Pack 1
10:08:06.487 Number of processors: 4 586 0x2A07
10:08:06.487 ComputerName: LAPTOP UserName:
10:08:07.688 Initialize success
10:08:13.351 AVAST engine defs: 13011301
10:08:33.241 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:08:33.241 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
10:08:33.257 Disk 0 MBR read successfully
10:08:33.272 Disk 0 MBR scan
10:08:33.272 Disk 0 Windows 7 default MBR code
10:08:33.288 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
10:08:33.304 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
10:08:33.319 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 362854 MB offset 37955584
10:08:33.319 Disk 0 Partition - 00 0F Extended LBA 334016 MB offset 781080576
10:08:33.350 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 256000 MB offset 781082624
10:08:33.397 Disk 0 scanning C:\Windows\system32\drivers
10:08:44.083 Service scanning
10:09:14.722 Modules scanning
10:09:14.737 Disk 0 trace - called modules:
10:09:14.753 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:09:14.753 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a634060]
10:09:14.769 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008116050]
10:09:14.769 Scan finished successfully
10:09:41.179 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
10:09:41.179 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
Code:
ATTFilter 10:19:27.0619 2024 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:19:27.0900 2024 ============================================================
10:19:27.0900 2024 Current date / time: 2013/01/14 10:19:27.0900
10:19:27.0900 2024 SystemInfo:
10:19:27.0900 2024
10:19:27.0900 2024 OS Version: 6.1.7601 ServicePack: 1.0
10:19:27.0900 2024 Product type: Workstation
10:19:27.0900 2024 ComputerName: LAPTOP
10:19:27.0900 2024 UserName: christian
10:19:27.0900 2024 Windows directory: C:\Windows
10:19:27.0900 2024 System windows directory: C:\Windows
10:19:27.0900 2024 Running under WOW64
10:19:27.0900 2024 Processor architecture: Intel x64
10:19:27.0900 2024 Number of processors: 4
10:19:27.0900 2024 Page size: 0x1000
10:19:27.0900 2024 Boot type: Normal boot
10:19:27.0900 2024 ============================================================
10:19:28.0805 2024 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:19:28.0805 2024 ============================================================
10:19:28.0805 2024 \Device\Harddisk0\DR0:
10:19:28.0820 2024 MBR partitions:
10:19:28.0820 2024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
10:19:28.0820 2024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x2C4B3000
10:19:28.0867 2024 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2E8E6000, BlocksNum 0x1F400000
10:19:28.0867 2024 ============================================================
10:19:28.0930 2024 C: <-> \Device\Harddisk0\DR0\Partition2
10:19:29.0039 2024 E: <-> \Device\Harddisk0\DR0\Partition3
10:19:29.0039 2024 ============================================================
10:19:29.0039 2024 Initialize success
10:19:29.0039 2024 ============================================================
10:20:34.0840 3488 ============================================================
10:20:34.0840 3488 Scan started
10:20:34.0840 3488 Mode: Manual; SigCheck; TDLFS;
10:20:34.0840 3488 ============================================================
10:20:35.0120 3488 ================ Scan system memory ========================
10:20:35.0120 3488 System memory - ok
10:20:35.0120 3488 ================ Scan services =============================
10:20:35.0401 3488 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:20:35.0542 3488 1394ohci - ok
10:20:35.0635 3488 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:20:35.0666 3488 ACPI - ok
10:20:35.0713 3488 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:20:35.0869 3488 AcpiPmi - ok
10:20:36.0056 3488 [ 3DD353A5BF7AF6DB7AFF1166435D4AE0 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:20:36.0103 3488 AcrSch2Svc - ok
10:20:36.0181 3488 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
10:20:36.0212 3488 AdobeActiveFileMonitor9.0 - ok
10:20:36.0275 3488 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:20:36.0306 3488 AdobeARMservice - ok
10:20:36.0540 3488 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:20:36.0571 3488 AdobeFlashPlayerUpdateSvc - ok
10:20:36.0665 3488 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:20:36.0696 3488 adp94xx - ok
10:20:36.0758 3488 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:20:36.0805 3488 adpahci - ok
10:20:36.0821 3488 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:20:36.0836 3488 adpu320 - ok
10:20:36.0868 3488 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:20:37.0148 3488 AeLookupSvc - ok
10:20:37.0226 3488 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
10:20:37.0258 3488 afcdp - ok
10:20:37.0492 3488 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:20:37.0616 3488 afcdpsrv - ok
10:20:37.0710 3488 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:20:37.0788 3488 AFD - ok
10:20:37.0835 3488 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:20:37.0866 3488 agp440 - ok
10:20:37.0928 3488 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:20:38.0038 3488 ALG - ok
10:20:38.0069 3488 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:20:38.0100 3488 aliide - ok
10:20:38.0131 3488 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:20:38.0162 3488 amdide - ok
10:20:38.0225 3488 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:20:38.0287 3488 AmdK8 - ok
10:20:38.0318 3488 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:20:38.0396 3488 AmdPPM - ok
10:20:38.0412 3488 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:20:38.0428 3488 amdsata - ok
10:20:38.0459 3488 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:20:38.0459 3488 amdsbs - ok
10:20:38.0474 3488 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:20:38.0490 3488 amdxata - ok
10:20:38.0537 3488 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:20:38.0911 3488 AppID - ok
10:20:38.0974 3488 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:20:39.0067 3488 AppIDSvc - ok
10:20:39.0114 3488 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:20:39.0161 3488 Appinfo - ok
10:20:39.0223 3488 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:20:39.0254 3488 arc - ok
10:20:39.0301 3488 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:20:39.0332 3488 arcsas - ok
10:20:39.0566 3488 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:20:39.0598 3488 aspnet_state - ok
10:20:39.0676 3488 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:20:39.0769 3488 AsyncMac - ok
10:20:39.0832 3488 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:20:39.0847 3488 atapi - ok
10:20:39.0910 3488 [ 185F180536188C1A4ED605234721A5B9 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
10:20:39.0925 3488 AthBTPort - ok
10:20:40.0066 3488 [ 1D1C5E029F0742F04F88C16E7A6AB0E0 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
10:20:40.0081 3488 AtherosSvc - ok
10:20:40.0190 3488 [ C8679A07267F030704168E45E27C3D43 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:20:40.0284 3488 athr - ok
10:20:40.0346 3488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:20:40.0424 3488 AudioEndpointBuilder - ok
10:20:40.0440 3488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:20:40.0471 3488 AudioSrv - ok
10:20:40.0502 3488 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:20:40.0596 3488 AxInstSV - ok
10:20:40.0658 3488 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:20:40.0721 3488 b06bdrv - ok
10:20:40.0752 3488 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:20:40.0814 3488 b57nd60a - ok
10:20:40.0861 3488 [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd C:\Windows\system32\DRIVERS\b57xdbd.sys
10:20:40.0892 3488 b57xdbd - ok
10:20:40.0908 3488 [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp C:\Windows\system32\DRIVERS\b57xdmp.sys
10:20:40.0908 3488 b57xdmp - ok
10:20:40.0955 3488 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:20:40.0986 3488 BBSvc - ok
10:20:41.0033 3488 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:20:41.0064 3488 BBUpdate - ok
10:20:41.0095 3488 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:20:41.0142 3488 BDESVC - ok
10:20:41.0189 3488 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:20:41.0282 3488 Beep - ok
10:20:41.0360 3488 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:20:41.0423 3488 BFE - ok
10:20:41.0579 3488 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130107.001\BHDrvx64.sys
10:20:41.0641 3488 BHDrvx64 - ok
10:20:41.0688 3488 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:20:41.0766 3488 BITS - ok
10:20:41.0797 3488 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:20:41.0828 3488 blbdrive - ok
10:20:41.0860 3488 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:20:41.0922 3488 bowser - ok
10:20:41.0953 3488 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:20:42.0000 3488 BrFiltLo - ok
10:20:42.0031 3488 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:20:42.0047 3488 BrFiltUp - ok
10:20:42.0078 3488 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:20:42.0109 3488 Browser - ok
10:20:42.0125 3488 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:20:42.0187 3488 Brserid - ok
10:20:42.0218 3488 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:20:42.0265 3488 BrSerWdm - ok
10:20:42.0296 3488 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:20:42.0343 3488 BrUsbMdm - ok
10:20:42.0359 3488 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:20:42.0374 3488 BrUsbSer - ok
10:20:42.0421 3488 [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa C:\Windows\system32\DRIVERS\bScsiMSa.sys
10:20:42.0437 3488 bScsiMSa - ok
10:20:42.0484 3488 [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
10:20:42.0499 3488 bScsiSDa - ok
10:20:42.0562 3488 [ D74A81CCF0372C955862692B7AF272C9 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
10:20:42.0593 3488 BTATH_A2DP - ok
10:20:42.0608 3488 [ 3118072D09DAA1961A9F6549A4E8433A ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
10:20:42.0624 3488 btath_avdt - ok
10:20:42.0640 3488 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
10:20:42.0655 3488 BTATH_BUS - ok
10:20:42.0702 3488 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
10:20:42.0718 3488 BTATH_HCRP - ok
10:20:42.0733 3488 [ 8008D892A2BDA67EEFBE25E14EB5DC83 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
10:20:42.0749 3488 BTATH_LWFLT - ok
10:20:42.0764 3488 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
10:20:42.0780 3488 BTATH_RCP - ok
10:20:42.0827 3488 [ 65350DC9B058B34BBD3AC837C38C2817 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
10:20:42.0842 3488 BtFilter - ok
10:20:42.0889 3488 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:20:42.0952 3488 BthEnum - ok
10:20:42.0983 3488 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:20:43.0014 3488 BTHMODEM - ok
10:20:43.0045 3488 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:20:43.0092 3488 BthPan - ok
10:20:43.0139 3488 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:20:43.0201 3488 BTHPORT - ok
10:20:43.0248 3488 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:20:43.0295 3488 bthserv - ok
10:20:43.0310 3488 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:20:43.0326 3488 BTHUSB - ok
10:20:43.0404 3488 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
10:20:43.0435 3488 ccSet_NIS - ok
10:20:43.0482 3488 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:20:43.0529 3488 cdfs - ok
10:20:43.0576 3488 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:20:43.0591 3488 cdrom - ok
10:20:43.0622 3488 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:20:43.0700 3488 CertPropSvc - ok
10:20:43.0732 3488 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:20:43.0794 3488 circlass - ok
10:20:43.0825 3488 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:20:43.0856 3488 CLFS - ok
10:20:43.0903 3488 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:20:43.0903 3488 clr_optimization_v2.0.50727_32 - ok
10:20:43.0950 3488 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:20:43.0981 3488 clr_optimization_v2.0.50727_64 - ok
10:20:44.0044 3488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:20:44.0075 3488 clr_optimization_v4.0.30319_32 - ok
10:20:44.0106 3488 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:20:44.0122 3488 clr_optimization_v4.0.30319_64 - ok
10:20:44.0168 3488 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:20:44.0200 3488 CmBatt - ok
10:20:44.0215 3488 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:20:44.0231 3488 cmdide - ok
10:20:44.0293 3488 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:20:44.0340 3488 CNG - ok
10:20:44.0371 3488 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:20:44.0387 3488 Compbatt - ok
10:20:44.0434 3488 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:20:44.0480 3488 CompositeBus - ok
10:20:44.0496 3488 COMSysApp - ok
10:20:44.0512 3488 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:20:44.0527 3488 crcdisk - ok
10:20:44.0574 3488 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:20:44.0636 3488 CryptSvc - ok
10:20:44.0699 3488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:20:44.0761 3488 DcomLaunch - ok
10:20:44.0808 3488 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:20:44.0839 3488 defragsvc - ok
10:20:44.0870 3488 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:20:44.0902 3488 DfsC - ok
10:20:44.0948 3488 dgderdrv - ok
10:20:44.0995 3488 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:20:45.0073 3488 Dhcp - ok
10:20:45.0104 3488 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:20:45.0182 3488 discache - ok
10:20:45.0245 3488 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:20:45.0276 3488 Disk - ok
10:20:45.0292 3488 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:20:45.0338 3488 Dnscache - ok
10:20:45.0370 3488 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:20:45.0448 3488 dot3svc - ok
10:20:45.0463 3488 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:20:45.0541 3488 DPS - ok
10:20:45.0572 3488 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:20:45.0604 3488 drmkaud - ok
10:20:45.0650 3488 [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
10:20:45.0682 3488 DsiWMIService - ok
10:20:45.0744 3488 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:20:45.0775 3488 DXGKrnl - ok
10:20:45.0806 3488 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:20:45.0869 3488 EapHost - ok
10:20:45.0962 3488 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:20:46.0087 3488 ebdrv - ok
10:20:46.0150 3488 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:20:46.0196 3488 eeCtrl - ok
10:20:46.0228 3488 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:20:46.0274 3488 EFS - ok
10:20:46.0337 3488 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:20:46.0415 3488 ehRecvr - ok
10:20:46.0462 3488 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:20:46.0493 3488 ehSched - ok
10:20:46.0555 3488 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:20:46.0586 3488 elxstor - ok
10:20:46.0696 3488 [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
10:20:46.0742 3488 ePowerSvc - ok
10:20:46.0789 3488 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:20:46.0805 3488 EraserUtilRebootDrv - ok
10:20:46.0820 3488 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:20:46.0852 3488 ErrDev - ok
10:20:46.0914 3488 [ DBAA0C650C9549DC5C599D1E81DEDAAD ] ETD C:\Windows\system32\DRIVERS\ETD.sys
10:20:46.0945 3488 ETD - ok
10:20:46.0992 3488 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:20:47.0039 3488 EventSystem - ok
10:20:47.0070 3488 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:20:47.0101 3488 exfat - ok
10:20:47.0132 3488 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:20:47.0164 3488 fastfat - ok
10:20:47.0210 3488 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:20:47.0257 3488 Fax - ok
10:20:47.0273 3488 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:20:47.0320 3488 fdc - ok
10:20:47.0351 3488 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:20:47.0398 3488 fdPHost - ok
10:20:47.0413 3488 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:20:47.0444 3488 FDResPub - ok
10:20:47.0476 3488 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:20:47.0507 3488 FileInfo - ok
10:20:47.0522 3488 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:20:47.0616 3488 Filetrace - ok
10:20:47.0632 3488 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:20:47.0647 3488 flpydisk - ok
10:20:47.0678 3488 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:20:47.0678 3488 FltMgr - ok
10:20:47.0741 3488 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:20:47.0788 3488 FontCache - ok
10:20:47.0834 3488 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:20:47.0866 3488 FontCache3.0.0.0 - ok
10:20:47.0881 3488 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:20:47.0897 3488 FsDepends - ok
10:20:47.0928 3488 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:20:47.0944 3488 Fs_Rec - ok
10:20:47.0990 3488 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:20:48.0006 3488 fvevol - ok
10:20:48.0037 3488 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:20:48.0037 3488 gagp30kx - ok
10:20:48.0084 3488 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:20:48.0115 3488 GamesAppService - ok
10:20:48.0178 3488 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:20:48.0256 3488 gpsvc - ok
10:20:48.0334 3488 [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
10:20:48.0349 3488 GREGService - ok
10:20:48.0396 3488 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:20:48.0458 3488 hcw85cir - ok
10:20:48.0490 3488 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:20:48.0521 3488 HdAudAddService - ok
10:20:48.0568 3488 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:20:48.0614 3488 HDAudBus - ok
10:20:48.0630 3488 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:20:48.0661 3488 HidBatt - ok
10:20:48.0692 3488 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:20:48.0708 3488 HidBth - ok
10:20:48.0739 3488 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:20:48.0755 3488 HidIr - ok
10:20:48.0786 3488 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:20:48.0833 3488 hidserv - ok
10:20:48.0895 3488 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:20:48.0926 3488 HidUsb - ok
10:20:48.0942 3488 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:20:48.0989 3488 hkmsvc - ok
10:20:49.0036 3488 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:20:49.0082 3488 HomeGroupListener - ok
10:20:49.0098 3488 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:20:49.0129 3488 HomeGroupProvider - ok
10:20:49.0145 3488 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:20:49.0160 3488 HpSAMD - ok
10:20:49.0207 3488 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:20:49.0285 3488 HTTP - ok
10:20:49.0316 3488 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:20:49.0316 3488 hwpolicy - ok
10:20:49.0363 3488 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:20:49.0363 3488 i8042prt - ok
10:20:49.0426 3488 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
10:20:49.0472 3488 iaStor - ok
10:20:49.0535 3488 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:20:49.0566 3488 IAStorDataMgrSvc - ok
10:20:49.0597 3488 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:20:49.0628 3488 iaStorV - ok
10:20:49.0660 3488 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:20:49.0675 3488 idsvc - ok
10:20:49.0753 3488 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130113.001\IDSvia64.sys
10:20:49.0800 3488 IDSVia64 - ok
10:20:50.0081 3488 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:20:50.0424 3488 igfx - ok
10:20:50.0471 3488 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:20:50.0486 3488 iirsp - ok
10:20:50.0518 3488 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:20:50.0580 3488 IKEEXT - ok
10:20:50.0674 3488 [ B60ACCD29F8FAFC4A6344CD2BD5CA3A5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:20:50.0720 3488 IntcAzAudAddService - ok
10:20:50.0767 3488 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:20:50.0798 3488 IntcDAud - ok
10:20:50.0830 3488 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:20:50.0845 3488 intelide - ok
10:20:50.0876 3488 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:20:50.0923 3488 intelppm - ok
10:20:50.0954 3488 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:20:50.0986 3488 IPBusEnum - ok
10:20:51.0001 3488 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:20:51.0032 3488 IpFilterDriver - ok
10:20:51.0079 3488 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:20:51.0142 3488 iphlpsvc - ok
10:20:51.0157 3488 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:20:51.0188 3488 IPMIDRV - ok
10:20:51.0204 3488 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:20:51.0251 3488 IPNAT - ok
10:20:51.0266 3488 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:20:51.0298 3488 IRENUM - ok
10:20:51.0329 3488 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:20:51.0344 3488 isapnp - ok
10:20:51.0376 3488 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:20:51.0391 3488 iScsiPrt - ok
10:20:51.0407 3488 IWPORT - ok
10:20:51.0469 3488 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
10:20:51.0485 3488 k57nd60a - ok
10:20:51.0532 3488 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:20:51.0563 3488 kbdclass - ok
10:20:51.0594 3488 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:20:51.0641 3488 kbdhid - ok
10:20:51.0656 3488 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:20:51.0672 3488 KeyIso - ok
10:20:51.0719 3488 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:20:51.0750 3488 KSecDD - ok
10:20:51.0781 3488 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:20:51.0797 3488 KSecPkg - ok
10:20:51.0828 3488 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:20:51.0875 3488 ksthunk - ok
10:20:51.0906 3488 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:20:51.0968 3488 KtmRm - ok
10:20:52.0000 3488 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:20:52.0046 3488 LanmanServer - ok
10:20:52.0109 3488 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:20:52.0202 3488 LanmanWorkstation - ok
10:20:52.0265 3488 [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
10:20:52.0296 3488 Live Updater Service - ok
10:20:52.0327 3488 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:20:52.0405 3488 lltdio - ok
10:20:52.0436 3488 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:20:52.0468 3488 lltdsvc - ok
10:20:52.0483 3488 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:20:52.0530 3488 lmhosts - ok
10:20:52.0561 3488 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:20:52.0577 3488 LMS - ok
10:20:52.0592 3488 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:20:52.0608 3488 LSI_FC - ok
10:20:52.0624 3488 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:20:52.0624 3488 LSI_SAS - ok
10:20:52.0639 3488 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:20:52.0655 3488 LSI_SAS2 - ok
10:20:52.0670 3488 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:20:52.0686 3488 LSI_SCSI - ok
10:20:52.0717 3488 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:20:52.0780 3488 luafv - ok
10:20:52.0826 3488 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:20:52.0873 3488 Mcx2Svc - ok
10:20:52.0889 3488 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:20:52.0904 3488 megasas - ok
10:20:52.0951 3488 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:20:52.0982 3488 MegaSR - ok
10:20:52.0998 3488 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:20:53.0014 3488 MEIx64 - ok
10:20:53.0045 3488 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:20:53.0076 3488 MMCSS - ok
10:20:53.0092 3488 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:20:53.0138 3488 Modem - ok
10:20:53.0170 3488 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:20:53.0185 3488 monitor - ok
10:20:53.0232 3488 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:20:53.0232 3488 mouclass - ok
10:20:53.0263 3488 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:20:53.0294 3488 mouhid - ok
10:20:53.0326 3488 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:20:53.0357 3488 mountmgr - ok
10:20:53.0419 3488 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:20:53.0435 3488 MozillaMaintenance - ok
10:20:53.0466 3488 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:20:53.0482 3488 mpio - ok
10:20:53.0497 3488 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:20:53.0544 3488 mpsdrv - ok
10:20:53.0575 3488 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:20:53.0638 3488 MpsSvc - ok
10:20:53.0653 3488 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:20:53.0684 3488 MRxDAV - ok
10:20:53.0700 3488 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:20:53.0747 3488 mrxsmb - ok
10:20:53.0778 3488 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:20:53.0794 3488 mrxsmb10 - ok
10:20:53.0825 3488 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:20:53.0840 3488 mrxsmb20 - ok
10:20:53.0856 3488 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:20:53.0872 3488 msahci - ok
10:20:53.0872 3488 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:20:53.0872 3488 msdsm - ok
10:20:53.0903 3488 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:20:53.0934 3488 MSDTC - ok
10:20:53.0950 3488 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:20:53.0981 3488 Msfs - ok
10:20:54.0012 3488 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:20:54.0043 3488 mshidkmdf - ok
10:20:54.0074 3488 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:20:54.0074 3488 msisadrv - ok
10:20:54.0106 3488 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:20:54.0168 3488 MSiSCSI - ok
10:20:54.0168 3488 msiserver - ok
10:20:54.0184 3488 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:20:54.0230 3488 MSKSSRV - ok
10:20:54.0246 3488 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:20:54.0340 3488 MSPCLOCK - ok
10:20:54.0355 3488 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:20:54.0433 3488 MSPQM - ok
10:20:54.0449 3488 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:20:54.0464 3488 MsRPC - ok
10:20:54.0480 3488 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:20:54.0496 3488 mssmbios - ok
10:20:54.0527 3488 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:20:54.0620 3488 MSTEE - ok
10:20:54.0636 3488 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:20:54.0652 3488 MTConfig - ok
10:20:54.0667 3488 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:20:54.0667 3488 Mup - ok
10:20:54.0714 3488 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:20:54.0776 3488 napagent - ok
10:20:54.0839 3488 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:20:54.0886 3488 NativeWifiP - ok
10:20:54.0979 3488 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
10:20:55.0010 3488 NAUpdate - ok
10:20:55.0073 3488 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130113.009\ENG64.SYS
10:20:55.0104 3488 NAVENG - ok
10:20:55.0151 3488 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130113.009\EX64.SYS
10:20:55.0198 3488 NAVEX15 - ok
10:20:55.0229 3488 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:20:55.0260 3488 NDIS - ok
10:20:55.0276 3488 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:20:55.0322 3488 NdisCap - ok
10:20:55.0354 3488 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:20:55.0385 3488 NdisTapi - ok
10:20:55.0385 3488 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:20:55.0416 3488 Ndisuio - ok
10:20:55.0447 3488 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:20:55.0510 3488 NdisWan - ok
10:20:55.0525 3488 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:20:55.0572 3488 NDProxy - ok
10:20:55.0588 3488 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:20:55.0619 3488 NetBIOS - ok
10:20:55.0634 3488 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:20:55.0666 3488 NetBT - ok
10:20:55.0697 3488 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:20:55.0697 3488 Netlogon - ok
10:20:55.0744 3488 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:20:55.0822 3488 Netman - ok
10:20:55.0884 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:20:55.0915 3488 NetMsmqActivator - ok
10:20:55.0931 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:20:55.0962 3488 NetPipeActivator - ok
10:20:55.0993 3488 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:20:56.0071 3488 netprofm - ok
10:20:56.0118 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:20:56.0134 3488 NetTcpActivator - ok
10:20:56.0134 3488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:20:56.0149 3488 NetTcpPortSharing - ok
10:20:56.0196 3488 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:20:56.0212 3488 nfrd960 - ok
10:20:56.0274 3488 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
10:20:56.0305 3488 NIS - ok
10:20:56.0336 3488 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:20:56.0383 3488 NlaSvc - ok
10:20:56.0524 3488 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:20:56.0570 3488 NOBU - ok
10:20:56.0586 3488 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:20:56.0617 3488 Npfs - ok
10:20:56.0648 3488 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:20:56.0664 3488 nsi - ok
10:20:56.0680 3488 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:20:56.0726 3488 nsiproxy - ok
10:20:56.0836 3488 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:20:56.0882 3488 Ntfs - ok
10:20:56.0898 3488 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:20:56.0929 3488 Null - ok
10:20:57.0272 3488 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:20:57.0444 3488 nvlddmkm - ok
10:20:57.0475 3488 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
10:20:57.0491 3488 nvpciflt - ok
10:20:57.0522 3488 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:20:57.0538 3488 nvraid - ok
10:20:57.0553 3488 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:20:57.0569 3488 nvstor - ok
10:20:57.0600 3488 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
10:20:57.0631 3488 nvsvc - ok
10:20:57.0709 3488 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:20:57.0772 3488 nvUpdatusService - ok
10:20:57.0803 3488 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:20:57.0818 3488 nv_agp - ok
10:20:57.0912 3488 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:20:57.0959 3488 odserv - ok
10:20:57.0959 3488 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:20:57.0990 3488 ohci1394 - ok
10:20:58.0037 3488 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:20:58.0068 3488 ose - ok
10:20:58.0255 3488 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:20:58.0411 3488 osppsvc - ok
10:20:58.0458 3488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:20:58.0505 3488 p2pimsvc - ok
10:20:58.0536 3488 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:20:58.0583 3488 p2psvc - ok
10:20:58.0598 3488 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:20:58.0614 3488 Parport - ok
10:20:58.0645 3488 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:20:58.0645 3488 partmgr - ok
10:20:58.0676 3488 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:20:58.0708 3488 PcaSvc - ok
10:20:58.0739 3488 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:20:58.0754 3488 pci - ok
10:20:58.0770 3488 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:20:58.0786 3488 pciide - ok
10:20:58.0786 3488 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:20:58.0801 3488 pcmcia - ok
10:20:58.0817 3488 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:20:58.0832 3488 pcw - ok
10:20:58.0926 3488 [ A2EB6CA4F27C21E6612822B1AAA35A46 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
10:20:58.0957 3488 PDF Architect Helper Service - ok
10:20:58.0988 3488 [ A7B011DB400D66F7574E821223C8BB36 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
10:20:59.0004 3488 PDF Architect Service - ok
10:20:59.0035 3488 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:20:59.0082 3488 PEAUTH - ok
10:20:59.0160 3488 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:20:59.0207 3488 PerfHost - ok
10:20:59.0285 3488 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:20:59.0347 3488 pla - ok
10:20:59.0394 3488 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:20:59.0472 3488 PlugPlay - ok
10:20:59.0488 3488 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:20:59.0534 3488 PNRPAutoReg - ok
10:20:59.0566 3488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:20:59.0581 3488 PNRPsvc - ok
10:20:59.0612 3488 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:20:59.0675 3488 PolicyAgent - ok
10:20:59.0690 3488 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:20:59.0737 3488 Power - ok
10:20:59.0784 3488 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:20:59.0878 3488 PptpMiniport - ok
10:20:59.0893 3488 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:20:59.0924 3488 Processor - ok
10:20:59.0956 3488 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:20:59.0987 3488 ProfSvc - ok
10:20:59.0987 3488 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:21:00.0002 3488 ProtectedStorage - ok
10:21:00.0034 3488 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:21:00.0080 3488 Psched - ok
10:21:00.0112 3488 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:21:00.0143 3488 PxHlpa64 - ok
10:21:00.0205 3488 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:21:00.0236 3488 ql2300 - ok
10:21:00.0268 3488 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:21:00.0283 3488 ql40xx - ok
10:21:00.0299 3488 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:21:00.0330 3488 QWAVE - ok
10:21:00.0330 3488 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:21:00.0392 3488 QWAVEdrv - ok
10:21:00.0392 3488 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:21:00.0424 3488 RasAcd - ok
10:21:00.0470 3488 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:00.0502 3488 RasAgileVpn - ok
10:21:00.0533 3488 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:21:00.0564 3488 RasAuto - ok
10:21:00.0595 3488 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:00.0626 3488 Rasl2tp - ok
10:21:00.0673 3488 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:21:00.0704 3488 RasMan - ok
10:21:00.0736 3488 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:00.0798 3488 RasPppoe - ok
10:21:00.0829 3488 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:21:00.0860 3488 RasSstp - ok
10:21:00.0892 3488 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:21:00.0985 3488 rdbss - ok
10:21:01.0001 3488 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
10:21:01.0016 3488 rdpbus - ok
10:21:01.0032 3488 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:01.0063 3488 RDPCDD - ok
10:21:01.0079 3488 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:21:01.0110 3488 RDPENCDD - ok
10:21:01.0141 3488 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:21:01.0172 3488 RDPREFMP - ok
10:21:01.0204 3488 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:21:01.0266 3488 RdpVideoMiniport - ok
10:21:01.0297 3488 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:21:01.0328 3488 RDPWD - ok
10:21:01.0360 3488 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:21:01.0375 3488 rdyboost - ok
10:21:01.0406 3488 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:21:01.0484 3488 RemoteAccess - ok
10:21:01.0516 3488 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:21:01.0594 3488 RemoteRegistry - ok
10:21:01.0625 3488 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:21:01.0672 3488 RFCOMM - ok
10:21:01.0687 3488 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:21:01.0734 3488 RpcEptMapper - ok
10:21:01.0765 3488 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:21:01.0781 3488 RpcLocator - ok
10:21:01.0796 3488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:21:01.0828 3488 RpcSs - ok
10:21:01.0859 3488 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:21:01.0890 3488 rspndr - ok
10:21:01.0906 3488 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:21:01.0921 3488 SamSs - ok
10:21:01.0937 3488 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:21:01.0952 3488 sbp2port - ok
10:21:01.0968 3488 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:21:01.0999 3488 SCardSvr - ok
10:21:02.0015 3488 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:21:02.0046 3488 scfilter - ok
10:21:02.0077 3488 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:21:02.0140 3488 Schedule - ok
10:21:02.0155 3488 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:21:02.0186 3488 SCPolicySvc - ok
10:21:02.0202 3488 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:21:02.0233 3488 sdbus - ok
10:21:02.0264 3488 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:21:02.0311 3488 SDRSVC - ok
10:21:02.0327 3488 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:21:02.0374 3488 secdrv - ok
10:21:02.0405 3488 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:21:02.0452 3488 seclogon - ok
10:21:02.0483 3488 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:21:02.0514 3488 SENS - ok
10:21:02.0545 3488 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:21:02.0592 3488 SensrSvc - ok
10:21:02.0623 3488 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
10:21:02.0654 3488 Serenum - ok
10:21:02.0686 3488 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
10:21:02.0717 3488 Serial - ok
10:21:02.0732 3488 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:21:02.0748 3488 sermouse - ok
10:21:02.0779 3488 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:21:02.0826 3488 SessionEnv - ok
10:21:02.0842 3488 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:21:02.0857 3488 sffdisk - ok
10:21:02.0888 3488 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:21:02.0951 3488 sffp_mmc - ok
10:21:02.0966 3488 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:21:02.0998 3488 sffp_sd - ok
10:21:02.0998 3488 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:21:03.0029 3488 sfloppy - ok
10:21:03.0076 3488 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:21:03.0122 3488 SharedAccess - ok
10:21:03.0154 3488 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:21:03.0200 3488 ShellHWDetection - ok
10:21:03.0232 3488 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:21:03.0247 3488 SiSRaid2 - ok
10:21:03.0263 3488 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:21:03.0278 3488 SiSRaid4 - ok
10:21:03.0310 3488 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:21:03.0356 3488 Smb - ok
10:21:03.0388 3488 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:21:03.0403 3488 snapman - ok
10:21:03.0434 3488 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:21:03.0481 3488 SNMPTRAP - ok
10:21:03.0512 3488 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:21:03.0528 3488 spldr - ok
10:21:03.0559 3488 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:21:03.0606 3488 Spooler - ok
10:21:03.0715 3488 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:21:03.0871 3488 sppsvc - ok
10:21:03.0887 3488 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:21:03.0918 3488 sppuinotify - ok
10:21:04.0012 3488 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
10:21:04.0058 3488 SRTSP - ok
10:21:04.0074 3488 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
10:21:04.0074 3488 SRTSPX - ok
10:21:04.0105 3488 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:21:04.0152 3488 srv - ok
10:21:04.0168 3488 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:21:04.0199 3488 srv2 - ok
10:21:04.0230 3488 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:21:04.0246 3488 srvnet - ok
10:21:04.0277 3488 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:21:04.0324 3488 SSDPSRV - ok
10:21:04.0339 3488 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:21:04.0370 3488 SstpSvc - ok
10:21:04.0464 3488 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney Business 5.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
10:21:04.0495 3488 StarMoney Business 5.0 OnlineUpdate - ok
10:21:04.0526 3488 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:21:04.0542 3488 stexstor - ok
10:21:04.0589 3488 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:21:04.0636 3488 stisvc - ok
10:21:04.0667 3488 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:21:04.0682 3488 swenum - ok
10:21:04.0729 3488 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:21:04.0760 3488 swprv - ok
10:21:04.0823 3488 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
10:21:04.0854 3488 SymDS - ok
10:21:04.0901 3488 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
10:21:04.0948 3488 SymEFA - ok
10:21:04.0994 3488 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:21:04.0994 3488 SymEvent - ok
10:21:05.0057 3488 [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
10:21:05.0072 3488 SymIM - ok
10:21:05.0104 3488 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
10:21:05.0135 3488 SymIRON - ok
10:21:05.0166 3488 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
10:21:05.0182 3488 SymNetS - ok
10:21:05.0228 3488 SynasUSB - ok
10:21:05.0260 3488 [ BCB6AA197267D3506BE2535342FC40E0 ] synusb64 C:\Windows\system32\DRIVERS\synusb64.sys
10:21:05.0275 3488 synusb64 - ok
10:21:05.0353 3488 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:21:05.0416 3488 SysMain - ok
10:21:05.0447 3488 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:21:05.0462 3488 TabletInputService - ok
10:21:05.0462 3488 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:21:05.0494 3488 TapiSrv - ok
10:21:05.0509 3488 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:21:05.0556 3488 TBS - ok
10:21:05.0618 3488 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:21:05.0665 3488 Tcpip - ok
10:21:05.0743 3488 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:21:05.0806 3488 TCPIP6 - ok
10:21:05.0837 3488 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:21:05.0837 3488 tcpipreg - ok
10:21:05.0868 3488 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:21:05.0915 3488 TDPIPE - ok
10:21:05.0930 3488 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
10:21:05.0962 3488 tdrpman273 - ok
10:21:05.0977 3488 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:21:05.0993 3488 TDTCP - ok
10:21:06.0024 3488 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:21:06.0055 3488 tdx - ok
10:21:06.0086 3488 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:21:06.0086 3488 TermDD - ok
10:21:06.0133 3488 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:21:06.0196 3488 TermService - ok
10:21:06.0211 3488 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:21:06.0227 3488 Themes - ok
10:21:06.0242 3488 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:21:06.0274 3488 THREADORDER - ok
10:21:06.0320 3488 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:21:06.0352 3488 timounter - ok
10:21:06.0383 3488 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:21:06.0414 3488 TrkWks - ok
10:21:06.0461 3488 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:21:06.0508 3488 TrustedInstaller - ok
10:21:06.0539 3488 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:06.0570 3488 tssecsrv - ok
10:21:06.0617 3488 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:21:06.0664 3488 TsUsbFlt - ok
10:21:06.0695 3488 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:21:06.0742 3488 TsUsbGD - ok
10:21:06.0788 3488 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:21:06.0835 3488 tunnel - ok
10:21:06.0866 3488 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
10:21:06.0882 3488 TurboB - ok
10:21:06.0913 3488 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:21:06.0913 3488 TurboBoost - ok
10:21:06.0929 3488 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:21:06.0944 3488 uagp35 - ok
10:21:06.0960 3488 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:21:06.0991 3488 udfs - ok
10:21:07.0022 3488 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:21:07.0022 3488 UI0Detect - ok
10:21:07.0054 3488 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:21:07.0054 3488 uliagpkx - ok
10:21:07.0069 3488 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:21:07.0100 3488 umbus - ok
10:21:07.0132 3488 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:21:07.0147 3488 UmPass - ok
10:21:07.0272 3488 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:21:07.0334 3488 UNS - ok
10:21:07.0366 3488 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:21:07.0412 3488 upnphost - ok
10:21:07.0444 3488 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:07.0459 3488 usbccgp - ok
10:21:07.0475 3488 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:21:07.0490 3488 usbcir - ok
10:21:07.0522 3488 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:21:07.0553 3488 usbehci - ok
10:21:07.0600 3488 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:21:07.0631 3488 usbhub - ok
10:21:07.0662 3488 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:21:07.0693 3488 usbohci - ok
10:21:07.0709 3488 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:21:07.0740 3488 usbprint - ok
10:21:07.0771 3488 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:07.0802 3488 USBSTOR - ok
10:21:07.0849 3488 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:21:07.0896 3488 usbuhci - ok
10:21:07.0912 3488 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:21:07.0943 3488 usbvideo - ok
10:21:07.0974 3488 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:21:08.0036 3488 UxSms - ok
10:21:08.0068 3488 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:21:08.0068 3488 VaultSvc - ok
10:21:08.0130 3488 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:21:08.0161 3488 vdrvroot - ok
10:21:08.0208 3488 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:21:08.0286 3488 vds - ok
10:21:08.0333 3488 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:08.0364 3488 vga - ok
10:21:08.0380 3488 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:21:08.0426 3488 VgaSave - ok
10:21:08.0442 3488 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:21:08.0458 3488 vhdmp - ok
10:21:08.0489 3488 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:21:08.0489 3488 viaide - ok
10:21:08.0520 3488 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:21:08.0536 3488 volmgr - ok
10:21:08.0551 3488 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:21:08.0567 3488 volmgrx - ok
10:21:08.0582 3488 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:21:08.0598 3488 volsnap - ok
10:21:08.0629 3488 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:21:08.0629 3488 vsmraid - ok
10:21:08.0676 3488 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:21:08.0723 3488 VSS - ok
10:21:08.0754 3488 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:21:08.0785 3488 vwifibus - ok
10:21:08.0801 3488 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:08.0832 3488 vwififlt - ok
10:21:08.0863 3488 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:08.0879 3488 vwifimp - ok
10:21:08.0941 3488 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:21:09.0004 3488 W32Time - ok
10:21:09.0035 3488 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:21:09.0050 3488 WacomPen - ok
10:21:09.0082 3488 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:21:09.0175 3488 WANARP - ok
10:21:09.0175 3488 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:21:09.0206 3488 Wanarpv6 - ok
10:21:09.0284 3488 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:21:09.0347 3488 wbengine - ok
10:21:09.0378 3488 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:21:09.0409 3488 WbioSrvc - ok
10:21:09.0425 3488 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:21:09.0456 3488 wcncsvc - ok
10:21:09.0472 3488 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:21:09.0518 3488 WcsPlugInService - ok
10:21:09.0550 3488 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:21:09.0565 3488 Wd - ok
10:21:09.0596 3488 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:21:09.0628 3488 Wdf01000 - ok
10:21:09.0659 3488 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:21:09.0752 3488 WdiServiceHost - ok
10:21:09.0752 3488 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:21:09.0768 3488 WdiSystemHost - ok
10:21:09.0784 3488 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:21:09.0815 3488 WebClient - ok
10:21:09.0846 3488 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:21:09.0862 3488 Wecsvc - ok
10:21:09.0893 3488 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:21:09.0924 3488 wercplsupport - ok
10:21:09.0940 3488 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:21:09.0971 3488 WerSvc - ok
10:21:09.0986 3488 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:21:10.0018 3488 WfpLwf - ok
10:21:10.0033 3488 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:21:10.0033 3488 WIMMount - ok
10:21:10.0064 3488 WinDefend - ok
10:21:10.0064 3488 WinHttpAutoProxySvc - ok
10:21:10.0127 3488 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:21:10.0174 3488 Winmgmt - ok
10:21:10.0283 3488 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
10:21:10.0361 3488 WinRM - ok
10:21:10.0423 3488 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:21:10.0470 3488 WinUsb - ok
10:21:10.0501 3488 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:21:10.0548 3488 Wlansvc - ok
10:21:10.0595 3488 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:21:10.0626 3488 wlcrasvc - ok
10:21:10.0704 3488 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:21:10.0751 3488 wlidsvc - ok
10:21:10.0798 3488 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:21:10.0829 3488 WmiAcpi - ok
10:21:10.0860 3488 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:21:10.0876 3488 wmiApSrv - ok
10:21:10.0922 3488 WMPNetworkSvc - ok
10:21:10.0954 3488 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:21:10.0985 3488 WPCSvc - ok
10:21:11.0000 3488 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:21:11.0016 3488 WPDBusEnum - ok
10:21:11.0047 3488 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:21:11.0063 3488 ws2ifsl - ok
10:21:11.0094 3488 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:21:11.0125 3488 wscsvc - ok
10:21:11.0125 3488 WSearch - ok
10:21:11.0219 3488 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:21:11.0266 3488 wuauserv - ok
10:21:11.0297 3488 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:21:11.0328 3488 WudfPf - ok
10:21:11.0359 3488 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:11.0390 3488 WUDFRd - ok
10:21:11.0422 3488 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:21:11.0468 3488 wudfsvc - ok
10:21:11.0500 3488 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:21:11.0531 3488 WwanSvc - ok
10:21:11.0562 3488 ================ Scan global ===============================
10:21:11.0578 3488 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:21:11.0624 3488 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:21:11.0640 3488 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:21:11.0671 3488 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:21:11.0702 3488 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:21:11.0702 3488 [Global] - ok
10:21:11.0702 3488 ================ Scan MBR ==================================
10:21:11.0718 3488 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:21:12.0217 3488 \Device\Harddisk0\DR0 - ok
10:21:12.0217 3488 ================ Scan VBR ==================================
10:21:12.0248 3488 [ BC1DCEE578092CD5594346F7A6B3EB84 ] \Device\Harddisk0\DR0\Partition1
10:21:12.0248 3488 \Device\Harddisk0\DR0\Partition1 - ok
10:21:12.0264 3488 [ 97A5D221FEDAD2EEA9A909B6FB64D6E0 ] \Device\Harddisk0\DR0\Partition2
10:21:12.0264 3488 \Device\Harddisk0\DR0\Partition2 - ok
10:21:12.0295 3488 [ CBA86F58B0900F026D167426AE760950 ] \Device\Harddisk0\DR0\Partition3
10:21:12.0295 3488 \Device\Harddisk0\DR0\Partition3 - ok
10:21:12.0295 3488 ============================================================
10:21:12.0295 3488 Scan finished
10:21:12.0295 3488 ============================================================
10:21:12.0311 1940 Detected object count: 0
10:21:12.0311 1940 Actual detected object count: 0
|
|
14.01.2013, 10:45
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 11:35
| #14 |
| | GVU-Trojaner eingefangenCode:
ATTFilter ComboFix 13-01-13.01 - christian 14.01.2013 11:05:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.6130 [GMT 1:00]
ausgeführt von:: c:\users\christian\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-14 bis 2013-01-14 ))))))))))))))))))))))))))))))
.
.
2013-01-14 10:17 . 2013-01-14 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 10:17 . 2013-01-14 10:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-12 10:40 . 2013-01-12 10:40 455 ----a-w- C:\user.js
2013-01-11 17:06 . 2013-01-11 17:06 -------- d-----w- c:\users\christian\AppData\Roaming\Malwarebytes
2013-01-11 17:06 . 2013-01-11 17:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-11 17:06 . 2013-01-11 17:06 -------- d-----w- c:\programdata\Malwarebytes
2013-01-11 17:06 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-11 16:03 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-11 16:03 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-11 16:00 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-27 13:38 . 2012-12-27 13:38 -------- d-----w- c:\windows\Sun
2012-12-27 13:37 . 2012-12-27 13:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-27 13:37 . 2012-12-27 13:36 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-27 13:37 . 2012-12-27 13:36 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-27 13:36 . 2012-12-27 13:36 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-27 13:36 . 2012-12-27 13:36 -------- d-----w- c:\program files (x86)\Java
2012-12-24 07:22 . 2012-12-24 07:22 -------- d-----w- c:\users\christian\AppData\Local\Weto_AG
2012-12-22 09:25 . 2012-12-22 09:25 -------- d-----w- C:\Weto
2012-12-22 09:23 . 2012-12-22 09:23 -------- d-----w- c:\programdata\InstallShield
2012-12-22 09:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 09:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 10:36 . 2012-12-16 10:36 -------- d-----w- c:\users\christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-12-15 12:33 . 2012-12-15 12:33 -------- d-----w- c:\users\christian\AppData\Roaming\Avery
2012-12-15 12:27 . 2012-12-23 16:59 -------- d-----w- c:\programdata\Avery
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 10:00 . 2012-01-08 05:41 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 08:15 . 2012-04-01 07:10 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 08:15 . 2011-10-11 12:20 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-30 04:45 . 2013-01-11 16:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 06:23 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 06:23 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 06:24 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 06:24 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 06:24 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 06:24 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 06:24 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 06:24 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 06:24 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 06:24 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 06:24 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 06:24 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 06:24 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 06:24 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 06:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 06:24 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 06:24 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 06:24 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 06:24 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 06:24 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 06:24 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 06:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 05:02 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 05:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 05:02 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 05:02 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-28 17:32 . 2012-11-23 11:13 103936 ----a-w- c:\windows\system32\pdfcmon.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-11-13 20:41 91784 ----a-w- c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-11-13 731784]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MyPhoneExplorer"="c:\program files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe" [2012-08-10 4853464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2570688]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-06 5578920]
"SMB50StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 5.0\app\oflagent.exe" [2012-10-11 56528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IWPORT;IWPORT;c:\windows\SYSTEM32\DRIVERS\IWPORT.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-09-16 517280]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SynasUSB;SynasUSB;sysWOW64\drivers\SynUSB64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-05-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-01-09 1263200]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130113.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-09 3246040]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-04-22 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-13 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-13 905864]
S2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-09 285280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [2010-09-17 30352]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 55054183
*NewlyCreated* - ASWMBR
*Deregistered* - 55054183
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-08-02 1831016]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 391240]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredibar.com/mb201?a=6Oz02RYj0m&i=26
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: Interfaces\{8B3A69F9-DE62-48EB-BDB6-5C26D971CF6E}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\s9y5t795.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6Oz02RYj0m&&i=26&search=
FF - ExtSQL: 2012-11-23 12:14; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2013-01-02 07:28; {b5e96f5c-0ccb-49ca-9f2a-3f98d9bb137e}; c:\users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\s9y5t795.default\extensions\{b5e96f5c-0ccb-49ca-9f2a-3f98d9bb137e}
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oz02RYj0m&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 166836af00000000000006de2b6fcba0
FF - user.js: extensions.incredibar_i.instlDay - 15717
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:39
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6Oz02RYj0m
FF - user.js: extensions.incredibar_i.upn2n - 92262783697827602
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 77777600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14 11:31:56
ComboFix-quarantined-files.txt 2013-01-14 10:31
.
Vor Suchlauf: 12 Verzeichnis(se), 303.692.627.968 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 304.476.106.752 Bytes frei
.
- - End Of File - - 449ABB759008521BB08865DFC5983160
|
|
14.01.2013, 11:45
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU-Trojaner eingefangen |
| 2 infizierte dateien, abgesicherten, bericht, dateien gelöscht, deaktiviert, durchgeführt, eingefangen, euren, geladen, gelöscht, gmer, google, hoffe, infizierte, internet, log-datei, malwarebytes, manuell, modus, neustart, norton, norton internet security, scan, security, systemwiederherstellung, trojan.winlock |
Linear-Darstellung
