Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.01.2013, 13:37   #1
christianp63
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo,
ich hoffe ihr könnt mir helfen

Ich habe mir gestern den GVU-Trojaner eingefangen.
Ich habe mir über einen Nachbarrrechner über Google Informationen geholt.
- Neustart im abgesicherten Modus ausgeführt
- Systemwiederherstellung auf früheren Zeitpunkt ausgeführt -->
war erfolgreich
- malwarebytes geladen, aktualisiert, vollständigen scan ausgeführt
- 2 infizierte Dateien gelöscht, Log-Datei gespeichert

- installiertes Norton Internet Security manuell geupdated (war deaktiviert ?)
- vollständigen Systemscan durchgeführt Bericht gespeichert

- heutemorgen nach euren Vorgaben defogger geladen, ausgeführt, gespeichert
- OTL und GMER geladen, ausgeführt und gespeichert

Alt 12.01.2013, 16:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 12.01.2013, 16:55   #3
christianp63
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo cosinus

Ich glaube, das steht nirgendwo geschrieben. Aber wenn man neu ist im Forum, und kein Computerspezi ist, nimmt man dass, was einem so einfällt. Ich habe nach dem Ausfüllen des Themeneröffnungsfensters das Feld mit den Dateianhängen gesehen und hier die erste Log-Datei reingesetzt. Aber nu mach ich es besser; hoffentlich.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
christian :: LAPTOP [Administrator]

11.01.2013 18:07:41
mbam-log-2013-01-11 (18-07-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440138
Laufzeit: 1 Stunde(n), 1 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBEKPZLD\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\skype.dat (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 12/01/2013 (christian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 12/01/2013 (christian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
OTL Extras logfile created on: 12.01.2013 12:00:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,45 Gb Available Physical Memory | 69,39% Memory free
15,71 Gb Paging File | 13,24 Gb Available in Paging File | 84,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 354,35 Gb Total Space | 284,44 Gb Free Space | 80,27% Space Free | Partition Type: NTFS
Drive E: | 250,00 Gb Total Space | 227,17 Gb Free Space | 90,87% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E93FA9-4EE4-44C2-A580-F76832516E73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2FA815CC-1A19-4F41-B62E-5DEBA783ACCA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44FA42E4-8893-4928-958A-B65F253BE38A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{47F3474B-C033-4F6F-BE3E-CF53D5E9D9CB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4C09A28D-93B3-47FB-849A-8DDF443DF222}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{5346A687-B994-4666-8FBB-0CC4CD8ECC43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{57C7290A-F9CC-447C-997D-D807D3B15F48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6018B0F5-326E-4A9C-A38D-2D4FEBEDABC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65327B28-25C9-4C89-880A-2F675D7C84B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A34040B-54DD-467F-A1FD-156F5AF8213B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6A86BA4C-D396-4757-AF3E-BA00B22AD41E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{79F3362E-F386-4488-818C-FAC6B217ED0F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9267A80B-3B7C-4C3F-B8C0-71122C023CA6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{98F4B4B8-4C59-4EB1-8BBE-48F987F6E2D1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9EAB2773-65EB-4FCB-9EEE-5DA54882AD93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A809DBAC-9F31-44C6-AC03-27E81AA11A82}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A92B214B-964D-4FCE-BBEC-3D73B4C222F6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B18DF574-62FE-4C46-A9A6-A2EEB0613126}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C81E919B-518E-4E22-B2A3-0D9F3C6E64B2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C93DE698-0ECC-4583-B676-3EC6668FF42A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CD492605-47B8-48EB-BDB8-3CDCCF45317C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CD5431B5-558B-45BD-8790-9C3386D09472}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D01B287F-34C9-45EF-A7DF-35F2F931F84C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DD0EEBC7-F2F6-451B-81AE-41C9BF40E867}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD9E345D-36FA-410F-A42A-AE3BA799CFC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E9B9E359-6291-412A-89C4-579487E2CB12}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BED60DE-796D-497C-A4EA-05FC679EB2FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{192E8121-0286-4166-8627-255778A031BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1B85D420-78DC-450D-A489-A1920068CA60}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{30E54174-CC46-4AE9-A030-EE933697D643}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{412718EE-E2BE-447E-BCA6-6C5BED4F95D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{44E21A42-88C7-4732-80BF-4CD6ABCFF98F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D30F6BF-3E1D-46CD-83E8-6A8C48739CF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{4EE35038-D379-48ED-98A2-C1551D6204CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{53630BF5-0B4D-4A7B-B208-DACDA1D186EB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{54BEC5DB-EBE0-41F1-A739-5800B661635F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | 
"{7417C7AA-C88D-4911-A08A-7F897C1E2FAB}" = protocol=6 | dir=out | app=system | 
"{76C03687-B078-432B-A018-E75908DB3096}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{799F3B09-93EE-4655-A0B6-CD9C0AC30E9D}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | 
"{84D07D4A-0BC0-48F5-97BA-EAB76704E3E3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8AD72B4A-7C7B-4188-8E47-A0C50767D5C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{918BAB19-F746-482E-A8B1-909419E14A6A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{95DA8A22-807F-422E-BDD6-6BDB2A43ABD9}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe | 
"{A3C9FDF0-BC46-4FD6-9F95-4149327E6F5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A4664E48-FA33-44F1-8D1C-EF3CD5F32857}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{A5D0D4CD-3F44-4172-86CF-A25CE8B78399}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A6E1A3A0-8A98-4CB2-93B3-1B09340B2B06}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 5.0\app\starmoney.exe | 
"{A83F4130-0AAA-45D0-AF89-7CA6E5A80BBD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{AA06D7F4-93B7-40A7-A3C9-0B334AB2C954}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{B3701F2C-64B4-407E-AFBD-41F8187F47F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B41AB9E6-07B3-4532-954E-5485C62C0931}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C38B5FC1-A3CE-4208-AFC2-580A7CEE7546}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8C7B621-AFDA-46AA-A3AF-09F9EB5BB42B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CDF782F3-0D3F-4204-8C11-EF83B4BDB10B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D2945955-8615-42B2-B9C5-4BC67D470E13}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{D5B74EF9-20CA-491F-8272-ADF917805243}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFB1786D-68B1-452D-8EB5-1993F591AE32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E2587DCB-EEA2-4597-8F9A-7E7272C8CF9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E6BE29CF-B4A8-4E7A-8A22-A9BD0DB4D08C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F481CA42-3A01-4F8B-AC33-94C462B09E7D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F78D3304-A3B4-4AA1-BFE0-3C911D75953F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 5.0\app\starmoney.exe | 
"TCP Query User{9305B60F-6E89-4286-8146-E639535A3242}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{C1E31B82-E3C1-4214-A7A3-213552C37799}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{7188C58D-FD27-457B-879E-9D848EE2F9AF}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{7E25E5AB-D668-4ED0-BF41-5777D33009C1}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37542521-6FA1-4101-8BFD-DDF1CD193ED0}" = BauFaktura
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{44655091-819A-4F91-9D63-A12E1E9C88CF}" = ArCon 2005
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CC0E398-BF90-11D4-8E44-000102A1C932}" = Kunden Manager  68.50.405.0
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50D2066A-A8E2-4BB6-BD11-708F9113DA1D}" = StarMoney Business 5.0 
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL Software User's Guide
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A484263A-C779-4BF2-86CD-3E62D717F5AE}" = PDF Architect
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DIG-CAD 5.0 Demo" = DIG-CAD 5.0 Demo
"eLicenser Control" = eLicenser Control
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL Software User's Guide
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OUTLOOKR" = Microsoft Office Outlook 2007
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PDF Editor 3" = PDF Editor 3
"PremElem90" = Adobe Premiere Elements 9
"ThouVis 3.5 Arch" = ThouVis 3.5 Arch
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"WTA-0371e2ac-d5e4-41fe-b9a0-8e65aca6b030" = Bejeweled 2 Deluxe
"WTA-06284467-b2e1-4ebf-b475-8a87587d341a" = Jewel Quest Solitaire
"WTA-0a69445e-6e55-4e17-824c-fa997d85760d" = John Deere Drive Green
"WTA-214eceb3-7459-474e-8694-d30e75be501b" = Agatha Christie - Death on the Nile
"WTA-23dc4f6b-0358-4754-9555-7d8bdb553a87" = Slingo Deluxe
"WTA-4837f0b9-ac65-4044-86c2-c7968aae8e1c" = Torchlight
"WTA-4ece847f-1436-4a93-a9e0-516ee58b1134" = Polar Bowler
"WTA-629cee93-dfcf-4a8a-b7ef-c0ae64ba7681" = Penguins!
"WTA-66e11033-443f-4753-bfad-08f2c6e2e482" = Crazy Chicken Kart 2
"WTA-79f3d04c-a549-4bdd-a321-6f74a3a971e5" = Chuzzle Deluxe
"WTA-7c680703-df2a-4bd5-962e-692629144c14" = Insaniquarium Deluxe
"WTA-8bc2d5cd-5eb5-4487-829d-b01cc430a9f5" = Virtual Villagers 4 - The Tree of Life
"WTA-9153db62-ee28-4331-8ffb-5cb6fd9c5f15" = Plants vs. Zombies - Game of the Year
"WTA-a383031b-9090-456c-ba40-9540d7bf23f1" = Jewel Match 3
"WTA-b2c2ea39-968e-4f6b-83a8-d61a7a6a42b7" = Final Drive: Nitro
"WTA-b312ce3d-9716-4e83-89aa-b57a25abe7c7" = FATE
"WTA-c7a49a3e-07d2-454a-81be-c0613db80703" = Zuma Deluxe
"WTA-da675c45-a600-4081-b4c1-7dea06ac01fb" = Mystery of Mortlake Mansion
"WTA-e4e74f86-3857-449c-a886-54803c309a47" = Wedding Dash
"Zusatzsymbole Thouvis Arch_is1" = Zusatzsymbole Thouvis Arch 1.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2012 05:02:05 | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.6117.5003,
 Zeitstempel: 0x4f622ef8  Name des fehlerhaften Moduls: EXCEL.EXE, Version: 14.0.6117.5003,
 Zeitstempel: 0x4f622ef8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f857  ID des fehlerhaften
 Prozesses: 0x16dc  Startzeit der fehlerhaften Anwendung: 0x01cdc245dbe2f450  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE  Pfad des fehlerhaften
 Moduls: C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE  Berichtskennung: f59b13e5-2e39-11e2-9d57-dc0ea111d51b
 
Error - 15.11.2012 01:01:57 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.11.2012 00:46:45 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.11.2012 01:59:40 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.11.2012 06:15:15 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.11.2012 00:15:50 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.11.2012 00:47:23 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.11.2012 01:30:21 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.11.2012 00:51:54 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.11.2012 01:10:53 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11.01.2013 11:50:21 | Computer Name = laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%5.
 
Error - 11.01.2013 11:51:04 | Computer Name = laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 11.01.2013 11:52:47 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.01.2013 11:52:47 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 11.01.2013 14:17:05 | Computer Name = laptop | Source = Service Control Manager | ID = 7002
Description = Der Dienst "IWPORT" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
Error - 11.01.2013 14:19:40 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.01.2013 14:19:40 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 12.01.2013 05:38:21 | Computer Name = laptop | Source = Service Control Manager | ID = 7002
Description = Der Dienst "IWPORT" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
Error - 12.01.2013 05:40:48 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12.01.2013 05:40:48 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-12 13:03:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\uxtdapow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075f31401 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075f31419 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075f31431 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075f3144a 2 bytes [F3, 75]
.text    ...                                                                                                                                                  * 9
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000075f314dd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075f314f5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000075f3150d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075f31525 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075f3153d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000075f31555 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075f3156d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075f31585 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000075f3159d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075f315b5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075f315cd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075f316b2 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075f316bd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                     0000000075f31401 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                       0000000075f31419 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                     0000000075f31431 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                     0000000075f3144a 2 bytes [F3, 75]
.text    ...                                                                                                                                                  * 9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                        0000000075f314dd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                 0000000075f314f5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                        0000000075f3150d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                 0000000075f31525 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                       0000000075f3153d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                            0000000075f31555 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                     0000000075f3156d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                       0000000075f31585 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                          0000000075f3159d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                       0000000075f315b5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                     0000000075f315cd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                 0000000075f316b2 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                 0000000075f316bd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075f31401 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075f31419 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075f31431 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075f3144a 2 bytes [F3, 75]
.text    ...                                                                                                                                                  * 9
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000075f314dd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075f314f5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000075f3150d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075f31525 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075f3153d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000075f31555 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075f3156d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075f31585 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000075f3159d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075f315b5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075f315cd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075f316b2 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075f316bd 2 bytes [F3, 75]

---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5456]                                                             000000006dafe196
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5652]                                                             000000006c193bff
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5728]                                                             000000006bdceec8
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5732]                                                             000000006bdceec8
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5736]                                                             000000006bdceec8
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:2276]                                                             0000000068587019
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:2608]                                                             000000006b6f1854
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:3124]                                                             0000000073c232fb
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:5976]                                                             000000007157a3e0
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:3324]                                                             000000006dafe196
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:1500]                                                             00000000767342ed
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:4652]                                                                               0000000076787587
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:2872]                                                                               000000005f6d0cb3
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:1524]                                                                               00000000770b2e25
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:2220]                                                                               00000000770b3e45
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:4060]                                                                               00000000770b3e45
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236]                                         00000000766c0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008]                                         00000000766c0000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015831128f8                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d8198605bd                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d8198605bd@04180f0cf150                                                             0x09 0xFF 0xA0 0xB4 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015831128f8 (not active ControlSet)                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d8198605bd (not active ControlSet)                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d8198605bd@04180f0cf150                                                                 0x09 0xFF 0xA0 0xB4 ...

---- EOF - GMER 2.0 ----
         
jetzt schon mal vielen Dank für deine Unterstützung

mfG christian
__________________

Alt 12.01.2013, 16:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Ich vermisse die OTL.txt
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.01.2013, 16:57   #5
christianp63
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo cosinus

Ich glaube, das steht nirgendwo geschrieben. Aber wenn man neu ist im Forum, und kein Computerspezi ist, nimmt man dass, was einem so einfällt. Ich habe nach dem Ausfüllen des Themeneröffnungsfensters das Feld mit den Dateianhängen gesehen und hier die erste Log-Datei reingesetzt. Aber nu mach ich es besser; hoffentlich.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
christian :: LAPTOP [Administrator]

11.01.2013 18:07:41
mbam-log-2013-01-11 (18-07-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440138
Laufzeit: 1 Stunde(n), 1 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBEKPZLD\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\skype.dat (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 12/01/2013 (christian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:58 on 12/01/2013 (christian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
OTL Extras logfile created on: 12.01.2013 12:00:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,45 Gb Available Physical Memory | 69,39% Memory free
15,71 Gb Paging File | 13,24 Gb Available in Paging File | 84,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 354,35 Gb Total Space | 284,44 Gb Free Space | 80,27% Space Free | Partition Type: NTFS
Drive E: | 250,00 Gb Total Space | 227,17 Gb Free Space | 90,87% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E93FA9-4EE4-44C2-A580-F76832516E73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2FA815CC-1A19-4F41-B62E-5DEBA783ACCA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44FA42E4-8893-4928-958A-B65F253BE38A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{47F3474B-C033-4F6F-BE3E-CF53D5E9D9CB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4C09A28D-93B3-47FB-849A-8DDF443DF222}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{5346A687-B994-4666-8FBB-0CC4CD8ECC43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{57C7290A-F9CC-447C-997D-D807D3B15F48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6018B0F5-326E-4A9C-A38D-2D4FEBEDABC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65327B28-25C9-4C89-880A-2F675D7C84B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A34040B-54DD-467F-A1FD-156F5AF8213B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6A86BA4C-D396-4757-AF3E-BA00B22AD41E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{79F3362E-F386-4488-818C-FAC6B217ED0F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9267A80B-3B7C-4C3F-B8C0-71122C023CA6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{98F4B4B8-4C59-4EB1-8BBE-48F987F6E2D1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9EAB2773-65EB-4FCB-9EEE-5DA54882AD93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A809DBAC-9F31-44C6-AC03-27E81AA11A82}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A92B214B-964D-4FCE-BBEC-3D73B4C222F6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B18DF574-62FE-4C46-A9A6-A2EEB0613126}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C81E919B-518E-4E22-B2A3-0D9F3C6E64B2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C93DE698-0ECC-4583-B676-3EC6668FF42A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CD492605-47B8-48EB-BDB8-3CDCCF45317C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CD5431B5-558B-45BD-8790-9C3386D09472}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D01B287F-34C9-45EF-A7DF-35F2F931F84C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DD0EEBC7-F2F6-451B-81AE-41C9BF40E867}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD9E345D-36FA-410F-A42A-AE3BA799CFC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E9B9E359-6291-412A-89C4-579487E2CB12}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BED60DE-796D-497C-A4EA-05FC679EB2FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{192E8121-0286-4166-8627-255778A031BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1B85D420-78DC-450D-A489-A1920068CA60}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{30E54174-CC46-4AE9-A030-EE933697D643}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{412718EE-E2BE-447E-BCA6-6C5BED4F95D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{44E21A42-88C7-4732-80BF-4CD6ABCFF98F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D30F6BF-3E1D-46CD-83E8-6A8C48739CF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{4EE35038-D379-48ED-98A2-C1551D6204CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{53630BF5-0B4D-4A7B-B208-DACDA1D186EB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{54BEC5DB-EBE0-41F1-A739-5800B661635F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | 
"{7417C7AA-C88D-4911-A08A-7F897C1E2FAB}" = protocol=6 | dir=out | app=system | 
"{76C03687-B078-432B-A018-E75908DB3096}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{799F3B09-93EE-4655-A0B6-CD9C0AC30E9D}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | 
"{84D07D4A-0BC0-48F5-97BA-EAB76704E3E3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8AD72B4A-7C7B-4188-8E47-A0C50767D5C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{918BAB19-F746-482E-A8B1-909419E14A6A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{95DA8A22-807F-422E-BDD6-6BDB2A43ABD9}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe | 
"{A3C9FDF0-BC46-4FD6-9F95-4149327E6F5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A4664E48-FA33-44F1-8D1C-EF3CD5F32857}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{A5D0D4CD-3F44-4172-86CF-A25CE8B78399}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A6E1A3A0-8A98-4CB2-93B3-1B09340B2B06}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney business 5.0\app\starmoney.exe | 
"{A83F4130-0AAA-45D0-AF89-7CA6E5A80BBD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{AA06D7F4-93B7-40A7-A3C9-0B334AB2C954}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{B3701F2C-64B4-407E-AFBD-41F8187F47F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B41AB9E6-07B3-4532-954E-5485C62C0931}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C38B5FC1-A3CE-4208-AFC2-580A7CEE7546}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8C7B621-AFDA-46AA-A3AF-09F9EB5BB42B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CDF782F3-0D3F-4204-8C11-EF83B4BDB10B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D2945955-8615-42B2-B9C5-4BC67D470E13}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{D5B74EF9-20CA-491F-8272-ADF917805243}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFB1786D-68B1-452D-8EB5-1993F591AE32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E2587DCB-EEA2-4597-8F9A-7E7272C8CF9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E6BE29CF-B4A8-4E7A-8A22-A9BD0DB4D08C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F481CA42-3A01-4F8B-AC33-94C462B09E7D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F78D3304-A3B4-4AA1-BFE0-3C911D75953F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney business 5.0\app\starmoney.exe | 
"TCP Query User{9305B60F-6E89-4286-8146-E639535A3242}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{C1E31B82-E3C1-4214-A7A3-213552C37799}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{7188C58D-FD27-457B-879E-9D848EE2F9AF}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{7E25E5AB-D668-4ED0-BF41-5777D33009C1}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37542521-6FA1-4101-8BFD-DDF1CD193ED0}" = BauFaktura
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{44655091-819A-4F91-9D63-A12E1E9C88CF}" = ArCon 2005
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CC0E398-BF90-11D4-8E44-000102A1C932}" = Kunden Manager  68.50.405.0
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50D2066A-A8E2-4BB6-BD11-708F9113DA1D}" = StarMoney Business 5.0 
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL Software User's Guide
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A484263A-C779-4BF2-86CD-3E62D717F5AE}" = PDF Architect
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DIG-CAD 5.0 Demo" = DIG-CAD 5.0 Demo
"eLicenser Control" = eLicenser Control
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL Software User's Guide
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OUTLOOKR" = Microsoft Office Outlook 2007
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PDF Editor 3" = PDF Editor 3
"PremElem90" = Adobe Premiere Elements 9
"ThouVis 3.5 Arch" = ThouVis 3.5 Arch
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"WTA-0371e2ac-d5e4-41fe-b9a0-8e65aca6b030" = Bejeweled 2 Deluxe
"WTA-06284467-b2e1-4ebf-b475-8a87587d341a" = Jewel Quest Solitaire
"WTA-0a69445e-6e55-4e17-824c-fa997d85760d" = John Deere Drive Green
"WTA-214eceb3-7459-474e-8694-d30e75be501b" = Agatha Christie - Death on the Nile
"WTA-23dc4f6b-0358-4754-9555-7d8bdb553a87" = Slingo Deluxe
"WTA-4837f0b9-ac65-4044-86c2-c7968aae8e1c" = Torchlight
"WTA-4ece847f-1436-4a93-a9e0-516ee58b1134" = Polar Bowler
"WTA-629cee93-dfcf-4a8a-b7ef-c0ae64ba7681" = Penguins!
"WTA-66e11033-443f-4753-bfad-08f2c6e2e482" = Crazy Chicken Kart 2
"WTA-79f3d04c-a549-4bdd-a321-6f74a3a971e5" = Chuzzle Deluxe
"WTA-7c680703-df2a-4bd5-962e-692629144c14" = Insaniquarium Deluxe
"WTA-8bc2d5cd-5eb5-4487-829d-b01cc430a9f5" = Virtual Villagers 4 - The Tree of Life
"WTA-9153db62-ee28-4331-8ffb-5cb6fd9c5f15" = Plants vs. Zombies - Game of the Year
"WTA-a383031b-9090-456c-ba40-9540d7bf23f1" = Jewel Match 3
"WTA-b2c2ea39-968e-4f6b-83a8-d61a7a6a42b7" = Final Drive: Nitro
"WTA-b312ce3d-9716-4e83-89aa-b57a25abe7c7" = FATE
"WTA-c7a49a3e-07d2-454a-81be-c0613db80703" = Zuma Deluxe
"WTA-da675c45-a600-4081-b4c1-7dea06ac01fb" = Mystery of Mortlake Mansion
"WTA-e4e74f86-3857-449c-a886-54803c309a47" = Wedding Dash
"Zusatzsymbole Thouvis Arch_is1" = Zusatzsymbole Thouvis Arch 1.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2012 05:02:05 | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.6117.5003,
 Zeitstempel: 0x4f622ef8  Name des fehlerhaften Moduls: EXCEL.EXE, Version: 14.0.6117.5003,
 Zeitstempel: 0x4f622ef8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f857  ID des fehlerhaften
 Prozesses: 0x16dc  Startzeit der fehlerhaften Anwendung: 0x01cdc245dbe2f450  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE  Pfad des fehlerhaften
 Moduls: C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE  Berichtskennung: f59b13e5-2e39-11e2-9d57-dc0ea111d51b
 
Error - 15.11.2012 01:01:57 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.11.2012 00:46:45 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.11.2012 01:59:40 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.11.2012 06:15:15 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.11.2012 00:15:50 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.11.2012 00:47:23 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.11.2012 01:30:21 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.11.2012 00:51:54 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.11.2012 01:10:53 | Computer Name = laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11.01.2013 11:50:21 | Computer Name = laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%5.
 
Error - 11.01.2013 11:51:04 | Computer Name = laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 11.01.2013 11:52:47 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.01.2013 11:52:47 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 11.01.2013 14:17:05 | Computer Name = laptop | Source = Service Control Manager | ID = 7002
Description = Der Dienst "IWPORT" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
Error - 11.01.2013 14:19:40 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.01.2013 14:19:40 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 12.01.2013 05:38:21 | Computer Name = laptop | Source = Service Control Manager | ID = 7002
Description = Der Dienst "IWPORT" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
Error - 12.01.2013 05:40:48 | Computer Name = laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12.01.2013 05:40:48 | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-12 13:03:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\uxtdapow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075f31401 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075f31419 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075f31431 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075f3144a 2 bytes [F3, 75]
.text    ...                                                                                                                                                  * 9
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000075f314dd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075f314f5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000075f3150d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075f31525 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075f3153d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000075f31555 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075f3156d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075f31585 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000075f3159d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075f315b5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075f315cd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075f316b2 2 bytes [F3, 75]
.text    C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075f316bd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                     0000000075f31401 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                       0000000075f31419 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                     0000000075f31431 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                     0000000075f3144a 2 bytes [F3, 75]
.text    ...                                                                                                                                                  * 9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                        0000000075f314dd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                 0000000075f314f5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                        0000000075f3150d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                 0000000075f31525 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                       0000000075f3153d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                            0000000075f31555 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                     0000000075f3156d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                       0000000075f31585 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                          0000000075f3159d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                       0000000075f315b5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                     0000000075f315cd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                 0000000075f316b2 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                 0000000075f316bd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075f31401 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075f31419 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075f31431 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075f3144a 2 bytes [F3, 75]
.text    ...                                                                                                                                                  * 9
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000075f314dd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075f314f5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000075f3150d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075f31525 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075f3153d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000075f31555 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075f3156d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075f31585 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000075f3159d 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075f315b5 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075f315cd 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075f316b2 2 bytes [F3, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075f316bd 2 bytes [F3, 75]

---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5456]                                                             000000006dafe196
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5652]                                                             000000006c193bff
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5728]                                                             000000006bdceec8
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5732]                                                             000000006bdceec8
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:5736]                                                             000000006bdceec8
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:2276]                                                             0000000068587019
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:2608]                                                             000000006b6f1854
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236:3124]                                                             0000000073c232fb
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:5976]                                                             000000007157a3e0
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:3324]                                                             000000006dafe196
Thread   C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008:1500]                                                             00000000767342ed
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:4652]                                                                               0000000076787587
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:2872]                                                                               000000005f6d0cb3
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:1524]                                                                               00000000770b2e25
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:2220]                                                                               00000000770b3e45
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2580:4060]                                                                               00000000770b3e45
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2236]                                         00000000766c0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [3008]                                         00000000766c0000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015831128f8                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d8198605bd                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d8198605bd@04180f0cf150                                                             0x09 0xFF 0xA0 0xB4 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015831128f8 (not active ControlSet)                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d8198605bd (not active ControlSet)                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d8198605bd@04180f0cf150                                                                 0x09 0xFF 0xA0 0xB4 ...

---- EOF - GMER 2.0 ----
         
jetzt schon mal vielen Dank für deine Unterstützung

mfG christian


Alt 12.01.2013, 17:00   #6
christianp63
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



den hab ich noch vergessen

Code:
ATTFilter
OTL logfile created on: 12.01.2013 12:00:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,45 Gb Available Physical Memory | 69,39% Memory free
15,71 Gb Paging File | 13,24 Gb Available in Paging File | 84,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 354,35 Gb Total Space | 284,44 Gb Free Space | 80,27% Space Free | Partition Type: NTFS
Drive E: | 250,00 Gb Total Space | 227,17 Gb Free Space | 90,87% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.12 11:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
PRC - [2013.01.09 09:15:35 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.01 06:46:24 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2012.01.09 16:03:56 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.07.01 03:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.07.01 03:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.07.01 03:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2011.05.12 16:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.06 06:55:34 | 000,391,240 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.12.06 06:55:02 | 005,578,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.11.16 04:33:40 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.07.29 01:40:56 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.09 09:15:34 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012.12.01 06:46:24 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.12.06 06:54:46 | 011,187,168 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.09 09:15:36 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.01 06:46:24 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.10.08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney Business 5.0 OnlineUpdate)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012.01.09 16:03:56 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.09.16 15:52:06 | 000,105,120 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.08.02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.06.07 12:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.12 16:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.29 05:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.06 06:55:50 | 001,112,744 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.27 15:26:07 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 16:04:00 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.01.09 16:03:41 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2012.01.09 16:03:29 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.01.09 16:03:11 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.11.24 03:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011.09.16 16:01:36 | 000,517,280 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.09.16 16:00:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.09.16 16:00:34 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.09.16 16:00:04 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.09.16 15:59:48 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.09.16 15:59:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.09.16 15:59:18 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.09.16 15:59:02 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.07.14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 19:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.16 22:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011.05.16 21:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011.05.10 04:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.05.06 18:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.05 12:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.01.21 02:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011.01.21 02:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.09 11:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.17 12:27:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.12 10:40:22 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130111.037\ex64.sys -- (NAVEX15)
DRV - [2013.01.12 10:40:22 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130111.037\eng64.sys -- (NAVENG)
DRV - [2012.12.02 12:05:13 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.10.24 00:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130107.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.09.06 03:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130111.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.09 04:46:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001.11.02 09:21:14 | 000,007,896 | ---- | M] (Sven Goers Software) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\IwPort.sys -- (IWPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6Oz02RYj0m&i=26
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6Oz02RYj0m&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2693109.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.10.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6Oz02RYj0m&&i=26&search="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2013.01.11 16:47:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013.01.12 10:39:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.11.23 12:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 06:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 06:46:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.07 16:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions
[2013.01.12 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\s9y5t795.default\extensions
[2013.01.02 07:28:52 | 000,000,000 | ---D | M] (wetter.com) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\s9y5t795.default\extensions\{b5e96f5c-0ccb-49ca-9f2a-3f98d9bb137e}
[2013.01.12 11:39:03 | 000,002,203 | ---- | M] () -- C:\Users\christian\AppData\Roaming\mozilla\firefox\profiles\s9y5t795.default\searchplugins\MyStart Search.xml
[2013.01.02 07:29:41 | 000,001,050 | ---- | M] () -- C:\Users\christian\AppData\Roaming\mozilla\firefox\profiles\s9y5t795.default\searchplugins\wettercom-customized-web-search.xml
[2012.12.01 06:46:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.23 12:14:02 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2013.01.12 10:39:33 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\COFFPLGN
[2012.12.01 06:46:24 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.25 04:18:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.07 05:37:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 04:18:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 04:18:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 04:18:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 04:18:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] C:\Program Files (x86)\StarMoney Business 5.0\app\oflagent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKCU..\Run: [MyPhoneExplorer] C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger)
O4 - HKLM..\RunOnce: [awde7zip23054]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7BA357-A492-4778-BEBB-E619D45A7E81}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B3A69F9-DE62-48EB-BDB6-5C26D971CF6E}: NameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.12 11:58:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.01.12 11:40:09 | 000,000,000 | ---D | C] -- C:\Users\christian\Local Settings
[2013.01.12 11:39:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2013.01.11 18:06:22 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Malwarebytes
[2013.01.11 18:06:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.11 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.11 18:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.11 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.09 05:50:52 | 000,000,000 | R--D | C] -- C:\Users\christian\Documents\Notes
[2012.12.27 14:38:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.12.27 14:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.27 14:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.27 14:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.26 11:21:54 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\{0BC64800-7ADA-400E-8A0E-666AC2AE12B1}
[2012.12.24 08:22:28 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Weto_AG
[2012.12.24 08:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weto - Software
[2012.12.22 10:25:20 | 000,000,000 | ---D | C] -- C:\Weto
[2012.12.22 10:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012.12.19 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\Ford Ranger
[2012.12.16 11:36:33 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.12.15 13:33:43 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Avery
[2012.12.15 13:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.12 11:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.01.12 11:56:25 | 000,000,000 | ---- | M] () -- C:\Users\christian\defogger_reenable
[2013.01.12 11:55:18 | 000,050,477 | ---- | M] () -- C:\Users\christian\Desktop\Defogger.exe
[2013.01.12 11:40:02 | 000,000,455 | ---- | M] () -- C:\user.js
[2013.01.12 11:19:28 | 054,357,508 | ---- | M] () -- C:\Users\christian\Desktop\Norton IS, Behobene Sicherheitsrisiken.mcf
[2013.01.12 11:15:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.12 11:14:22 | 001,599,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.12 11:14:22 | 000,700,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.12 11:14:22 | 000,655,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.12 11:14:22 | 000,149,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.12 11:14:22 | 000,121,968 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.12 11:14:17 | 001,599,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.12 10:45:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 10:45:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 10:38:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.12 10:38:10 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.11 18:06:05 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 11:45:26 | 000,437,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.19 17:09:00 | 000,422,912 | ---- | M] () -- C:\Users\christian\Documents\Visitenkarte in impact.zdl
[2012.12.16 12:59:55 | 000,002,048 | ---- | M] () -- C:\Users\christian\Desktop\Materialliste - Verknüpfung.lnk
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.01.12 11:56:25 | 000,000,000 | ---- | C] () -- C:\Users\christian\defogger_reenable
[2013.01.12 11:55:18 | 000,050,477 | ---- | C] () -- C:\Users\christian\Desktop\Defogger.exe
[2013.01.12 11:40:01 | 000,000,455 | ---- | C] () -- C:\user.js
[2013.01.12 11:19:10 | 054,357,508 | ---- | C] () -- C:\Users\christian\Desktop\Norton IS, Behobene Sicherheitsrisiken.mcf
[2013.01.11 18:06:05 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 13:19:55 | 000,422,912 | ---- | C] () -- C:\Users\christian\Documents\Visitenkarte in impact.zdl
[2012.06.22 16:19:31 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.02.12 13:39:40 | 001,599,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.01.10 17:41:21 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012.01.09 18:14:22 | 000,012,709 | ---- | C] () -- C:\Windows\ASS_150E.INI
[2012.01.09 17:56:42 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.01.07 18:36:15 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012.01.07 18:35:17 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2012.01.07 18:35:17 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2011.10.11 13:34:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.11 13:33:58 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.11 13:33:57 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.11 13:33:56 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.11 13:33:55 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.09 17:59:26 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acronis
[2012.12.15 13:33:43 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Avery
[2012.01.09 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\CAD-KAS
[2012.12.16 11:36:33 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.09 18:15:05 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Deutsche Telekom AG
[2012.04.24 06:03:42 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\DIGCAD5Demo
[2012.01.07 20:14:49 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\HomeMedia
[2013.01.11 16:47:30 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\MyPhoneExplorer
[2012.12.31 12:07:09 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\PDF Software
[2012.11.23 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\pdfforge
[2012.01.07 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\pdfMachine
[2012.06.07 08:20:59 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Samsung
[2012.01.07 15:43:21 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Screensaver
[2012.03.06 05:24:35 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\SNS
 
========== Purity Check ==========
 
 

< End of report >
         
edit
doppeltes Log gelöscht //cosinus
/edit

Geändert von cosinus (12.01.2013 um 17:09 Uhr)

Alt 12.01.2013, 17:10   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.01.2013, 12:04   #8
christianp63
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo cosinus

habe Malwarebytes antirootkit durchlaufen lassen,
war nichts zu bereinigen

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8434597888, free: 6290690048

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8434597888, free: 6313152512

------------ Kernel report ------------
     01/13/2013 11:23:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1309000.009\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1309000.009\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\SymIMv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130111.002\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130107.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\bScsiMSa.sys
\SystemRoot\system32\DRIVERS\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\b57xdmp.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130112.007\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130112.007\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800a61c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80080fa050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.01.13.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a61c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a4839c0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800a481890, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa800a482b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a61ce30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xfffffa800a61c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80080fa050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a0055f2520, 0xfffffa800a61c060, 0xfffffa800ddd3090
Lower DeviceData: 0xfffff8a004ddd520, 0xfffffa80080fa050, 0xfffffa800a56b090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F2F8A69D

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 37748736

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 37750784  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 37955584  Numsec = 743124992

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 781080576  Numsec = 684064768

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
         

mf G Christian

Alt 13.01.2013, 20:30   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 05:30   #10
christianp63
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo cosinus

habe asw.MBR.exe geladen; Norton IS meldet "Bedrohung"
und hat es entfernt. Was jetzt ?

Code:
ATTFilter
Vollständiger Pfad: c:\users\christian\desktop\aswmbr.exe
Bedrohung: WS.Reputation.1
____________________________
____________________________
Auf Computern ab 14.01.2013 um 05:19:13
Zuletzt verwendet 14.01.2013 um 05:22:00
Start-Element Nein
Gestarted Nein
____________________________
____________________________
Viele Benutzer
Tausende Benutzer in der Norton Community haben diese Datei verwendet.
____________________________
Schon länger bekannt
Diese Datei wurde vor 2 Monaten  veröffentlicht.
____________________________
Mittel
Das Risiko dieser Datei ist mittel.
____________________________
Bedrohungsdetails
Art der Bedrohung: Insight-Netzwerkbedrohung. Es bestehen mehrere Anzeichen, dass diese Datei nicht vertrauenswürdig und daher nicht sicher ist
____________________________
hxxp://public.avast.com/~gmerek/aswMBR.exe Datei aswmbr.exe
Bedrohungsname: 
WS.Reputation.1 heruntergeladen von
avast.com



aswmbr.exe
____________________________
Dateiaktionen
Infizierte Datei: c:\users\christian\desktop\aswmbr.exe
entfernt
____________________________
Dateiabdruck - SHA:
7af5e982f35f0865124cfee620a8279e420ae48db926480377f6f612615ab9cd
____________________________
Dateiabdruck - MD5:
be3ab4803c963be0357541ec3b17d443
____________________________
         

Alt 14.01.2013, 09:32   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Norton vllt vorher mal deaktivieren?!
aswMBR ist keine Malware!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 10:14   #12
christianp63
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 10:08:06
-----------------------------
10:08:06.487    OS Version: Windows x64 6.1.7601 Service Pack 1
10:08:06.487    Number of processors: 4 586 0x2A07
10:08:06.487    ComputerName: LAPTOP  UserName: 
10:08:07.688    Initialize success
10:08:13.351    AVAST engine defs: 13011301
10:08:33.241    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:08:33.241    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
10:08:33.257    Disk 0 MBR read successfully
10:08:33.272    Disk 0 MBR scan
10:08:33.272    Disk 0 Windows 7 default MBR code
10:08:33.288    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        18432 MB offset 2048
10:08:33.304    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 37750784
10:08:33.319    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       362854 MB offset 37955584
10:08:33.319    Disk 0 Partition - 00     0F Extended LBA            334016 MB offset 781080576
10:08:33.350    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       256000 MB offset 781082624
10:08:33.397    Disk 0 scanning C:\Windows\system32\drivers
10:08:44.083    Service scanning
10:09:14.722    Modules scanning
10:09:14.737    Disk 0 trace - called modules:
10:09:14.753    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
10:09:14.753    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a634060]
10:09:14.769    3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008116050]
10:09:14.769    Scan finished successfully
10:09:41.179    Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
10:09:41.179    The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
         
Code:
ATTFilter
10:19:27.0619 2024  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:19:27.0900 2024  ============================================================
10:19:27.0900 2024  Current date / time: 2013/01/14 10:19:27.0900
10:19:27.0900 2024  SystemInfo:
10:19:27.0900 2024  
10:19:27.0900 2024  OS Version: 6.1.7601 ServicePack: 1.0
10:19:27.0900 2024  Product type: Workstation
10:19:27.0900 2024  ComputerName: LAPTOP
10:19:27.0900 2024  UserName: christian
10:19:27.0900 2024  Windows directory: C:\Windows
10:19:27.0900 2024  System windows directory: C:\Windows
10:19:27.0900 2024  Running under WOW64
10:19:27.0900 2024  Processor architecture: Intel x64
10:19:27.0900 2024  Number of processors: 4
10:19:27.0900 2024  Page size: 0x1000
10:19:27.0900 2024  Boot type: Normal boot
10:19:27.0900 2024  ============================================================
10:19:28.0805 2024  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:19:28.0805 2024  ============================================================
10:19:28.0805 2024  \Device\Harddisk0\DR0:
10:19:28.0820 2024  MBR partitions:
10:19:28.0820 2024  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
10:19:28.0820 2024  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x2C4B3000
10:19:28.0867 2024  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2E8E6000, BlocksNum 0x1F400000
10:19:28.0867 2024  ============================================================
10:19:28.0930 2024  C: <-> \Device\Harddisk0\DR0\Partition2
10:19:29.0039 2024  E: <-> \Device\Harddisk0\DR0\Partition3
10:19:29.0039 2024  ============================================================
10:19:29.0039 2024  Initialize success
10:19:29.0039 2024  ============================================================
10:20:34.0840 3488  ============================================================
10:20:34.0840 3488  Scan started
10:20:34.0840 3488  Mode: Manual; SigCheck; TDLFS; 
10:20:34.0840 3488  ============================================================
10:20:35.0120 3488  ================ Scan system memory ========================
10:20:35.0120 3488  System memory - ok
10:20:35.0120 3488  ================ Scan services =============================
10:20:35.0401 3488  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:20:35.0542 3488  1394ohci - ok
10:20:35.0635 3488  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:20:35.0666 3488  ACPI - ok
10:20:35.0713 3488  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:20:35.0869 3488  AcpiPmi - ok
10:20:36.0056 3488  [ 3DD353A5BF7AF6DB7AFF1166435D4AE0 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:20:36.0103 3488  AcrSch2Svc - ok
10:20:36.0181 3488  [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
10:20:36.0212 3488  AdobeActiveFileMonitor9.0 - ok
10:20:36.0275 3488  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:20:36.0306 3488  AdobeARMservice - ok
10:20:36.0540 3488  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:20:36.0571 3488  AdobeFlashPlayerUpdateSvc - ok
10:20:36.0665 3488  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:20:36.0696 3488  adp94xx - ok
10:20:36.0758 3488  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:20:36.0805 3488  adpahci - ok
10:20:36.0821 3488  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:20:36.0836 3488  adpu320 - ok
10:20:36.0868 3488  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:20:37.0148 3488  AeLookupSvc - ok
10:20:37.0226 3488  [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
10:20:37.0258 3488  afcdp - ok
10:20:37.0492 3488  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:20:37.0616 3488  afcdpsrv - ok
10:20:37.0710 3488  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:20:37.0788 3488  AFD - ok
10:20:37.0835 3488  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:20:37.0866 3488  agp440 - ok
10:20:37.0928 3488  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:20:38.0038 3488  ALG - ok
10:20:38.0069 3488  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:20:38.0100 3488  aliide - ok
10:20:38.0131 3488  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:20:38.0162 3488  amdide - ok
10:20:38.0225 3488  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:20:38.0287 3488  AmdK8 - ok
10:20:38.0318 3488  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:20:38.0396 3488  AmdPPM - ok
10:20:38.0412 3488  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:20:38.0428 3488  amdsata - ok
10:20:38.0459 3488  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:20:38.0459 3488  amdsbs - ok
10:20:38.0474 3488  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:20:38.0490 3488  amdxata - ok
10:20:38.0537 3488  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:20:38.0911 3488  AppID - ok
10:20:38.0974 3488  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:20:39.0067 3488  AppIDSvc - ok
10:20:39.0114 3488  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:20:39.0161 3488  Appinfo - ok
10:20:39.0223 3488  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
10:20:39.0254 3488  arc - ok
10:20:39.0301 3488  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:20:39.0332 3488  arcsas - ok
10:20:39.0566 3488  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:20:39.0598 3488  aspnet_state - ok
10:20:39.0676 3488  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:20:39.0769 3488  AsyncMac - ok
10:20:39.0832 3488  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:20:39.0847 3488  atapi - ok
10:20:39.0910 3488  [ 185F180536188C1A4ED605234721A5B9 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
10:20:39.0925 3488  AthBTPort - ok
10:20:40.0066 3488  [ 1D1C5E029F0742F04F88C16E7A6AB0E0 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
10:20:40.0081 3488  AtherosSvc - ok
10:20:40.0190 3488  [ C8679A07267F030704168E45E27C3D43 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
10:20:40.0284 3488  athr - ok
10:20:40.0346 3488  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:20:40.0424 3488  AudioEndpointBuilder - ok
10:20:40.0440 3488  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:20:40.0471 3488  AudioSrv - ok
10:20:40.0502 3488  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:20:40.0596 3488  AxInstSV - ok
10:20:40.0658 3488  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:20:40.0721 3488  b06bdrv - ok
10:20:40.0752 3488  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:20:40.0814 3488  b57nd60a - ok
10:20:40.0861 3488  [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
10:20:40.0892 3488  b57xdbd - ok
10:20:40.0908 3488  [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
10:20:40.0908 3488  b57xdmp - ok
10:20:40.0955 3488  [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:20:40.0986 3488  BBSvc - ok
10:20:41.0033 3488  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:20:41.0064 3488  BBUpdate - ok
10:20:41.0095 3488  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:20:41.0142 3488  BDESVC - ok
10:20:41.0189 3488  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:20:41.0282 3488  Beep - ok
10:20:41.0360 3488  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:20:41.0423 3488  BFE - ok
10:20:41.0579 3488  [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130107.001\BHDrvx64.sys
10:20:41.0641 3488  BHDrvx64 - ok
10:20:41.0688 3488  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:20:41.0766 3488  BITS - ok
10:20:41.0797 3488  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:20:41.0828 3488  blbdrive - ok
10:20:41.0860 3488  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:20:41.0922 3488  bowser - ok
10:20:41.0953 3488  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:20:42.0000 3488  BrFiltLo - ok
10:20:42.0031 3488  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:20:42.0047 3488  BrFiltUp - ok
10:20:42.0078 3488  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:20:42.0109 3488  Browser - ok
10:20:42.0125 3488  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:20:42.0187 3488  Brserid - ok
10:20:42.0218 3488  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:20:42.0265 3488  BrSerWdm - ok
10:20:42.0296 3488  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:20:42.0343 3488  BrUsbMdm - ok
10:20:42.0359 3488  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:20:42.0374 3488  BrUsbSer - ok
10:20:42.0421 3488  [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
10:20:42.0437 3488  bScsiMSa - ok
10:20:42.0484 3488  [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
10:20:42.0499 3488  bScsiSDa - ok
10:20:42.0562 3488  [ D74A81CCF0372C955862692B7AF272C9 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
10:20:42.0593 3488  BTATH_A2DP - ok
10:20:42.0608 3488  [ 3118072D09DAA1961A9F6549A4E8433A ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
10:20:42.0624 3488  btath_avdt - ok
10:20:42.0640 3488  [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
10:20:42.0655 3488  BTATH_BUS - ok
10:20:42.0702 3488  [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
10:20:42.0718 3488  BTATH_HCRP - ok
10:20:42.0733 3488  [ 8008D892A2BDA67EEFBE25E14EB5DC83 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
10:20:42.0749 3488  BTATH_LWFLT - ok
10:20:42.0764 3488  [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
10:20:42.0780 3488  BTATH_RCP - ok
10:20:42.0827 3488  [ 65350DC9B058B34BBD3AC837C38C2817 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
10:20:42.0842 3488  BtFilter - ok
10:20:42.0889 3488  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:20:42.0952 3488  BthEnum - ok
10:20:42.0983 3488  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:20:43.0014 3488  BTHMODEM - ok
10:20:43.0045 3488  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:20:43.0092 3488  BthPan - ok
10:20:43.0139 3488  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
10:20:43.0201 3488  BTHPORT - ok
10:20:43.0248 3488  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:20:43.0295 3488  bthserv - ok
10:20:43.0310 3488  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
10:20:43.0326 3488  BTHUSB - ok
10:20:43.0404 3488  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
10:20:43.0435 3488  ccSet_NIS - ok
10:20:43.0482 3488  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:20:43.0529 3488  cdfs - ok
10:20:43.0576 3488  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:20:43.0591 3488  cdrom - ok
10:20:43.0622 3488  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:20:43.0700 3488  CertPropSvc - ok
10:20:43.0732 3488  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
10:20:43.0794 3488  circlass - ok
10:20:43.0825 3488  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:20:43.0856 3488  CLFS - ok
10:20:43.0903 3488  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:20:43.0903 3488  clr_optimization_v2.0.50727_32 - ok
10:20:43.0950 3488  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:20:43.0981 3488  clr_optimization_v2.0.50727_64 - ok
10:20:44.0044 3488  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:20:44.0075 3488  clr_optimization_v4.0.30319_32 - ok
10:20:44.0106 3488  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:20:44.0122 3488  clr_optimization_v4.0.30319_64 - ok
10:20:44.0168 3488  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:20:44.0200 3488  CmBatt - ok
10:20:44.0215 3488  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:20:44.0231 3488  cmdide - ok
10:20:44.0293 3488  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:20:44.0340 3488  CNG - ok
10:20:44.0371 3488  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:20:44.0387 3488  Compbatt - ok
10:20:44.0434 3488  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:20:44.0480 3488  CompositeBus - ok
10:20:44.0496 3488  COMSysApp - ok
10:20:44.0512 3488  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:20:44.0527 3488  crcdisk - ok
10:20:44.0574 3488  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:20:44.0636 3488  CryptSvc - ok
10:20:44.0699 3488  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:20:44.0761 3488  DcomLaunch - ok
10:20:44.0808 3488  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:20:44.0839 3488  defragsvc - ok
10:20:44.0870 3488  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:20:44.0902 3488  DfsC - ok
10:20:44.0948 3488  dgderdrv - ok
10:20:44.0995 3488  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:20:45.0073 3488  Dhcp - ok
10:20:45.0104 3488  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:20:45.0182 3488  discache - ok
10:20:45.0245 3488  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
10:20:45.0276 3488  Disk - ok
10:20:45.0292 3488  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:20:45.0338 3488  Dnscache - ok
10:20:45.0370 3488  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:20:45.0448 3488  dot3svc - ok
10:20:45.0463 3488  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:20:45.0541 3488  DPS - ok
10:20:45.0572 3488  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:20:45.0604 3488  drmkaud - ok
10:20:45.0650 3488  [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
10:20:45.0682 3488  DsiWMIService - ok
10:20:45.0744 3488  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:20:45.0775 3488  DXGKrnl - ok
10:20:45.0806 3488  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:20:45.0869 3488  EapHost - ok
10:20:45.0962 3488  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:20:46.0087 3488  ebdrv - ok
10:20:46.0150 3488  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:20:46.0196 3488  eeCtrl - ok
10:20:46.0228 3488  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:20:46.0274 3488  EFS - ok
10:20:46.0337 3488  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:20:46.0415 3488  ehRecvr - ok
10:20:46.0462 3488  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:20:46.0493 3488  ehSched - ok
10:20:46.0555 3488  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:20:46.0586 3488  elxstor - ok
10:20:46.0696 3488  [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
10:20:46.0742 3488  ePowerSvc - ok
10:20:46.0789 3488  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:20:46.0805 3488  EraserUtilRebootDrv - ok
10:20:46.0820 3488  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:20:46.0852 3488  ErrDev - ok
10:20:46.0914 3488  [ DBAA0C650C9549DC5C599D1E81DEDAAD ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
10:20:46.0945 3488  ETD - ok
10:20:46.0992 3488  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:20:47.0039 3488  EventSystem - ok
10:20:47.0070 3488  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:20:47.0101 3488  exfat - ok
10:20:47.0132 3488  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:20:47.0164 3488  fastfat - ok
10:20:47.0210 3488  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:20:47.0257 3488  Fax - ok
10:20:47.0273 3488  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
10:20:47.0320 3488  fdc - ok
10:20:47.0351 3488  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:20:47.0398 3488  fdPHost - ok
10:20:47.0413 3488  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:20:47.0444 3488  FDResPub - ok
10:20:47.0476 3488  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:20:47.0507 3488  FileInfo - ok
10:20:47.0522 3488  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:20:47.0616 3488  Filetrace - ok
10:20:47.0632 3488  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:20:47.0647 3488  flpydisk - ok
10:20:47.0678 3488  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:20:47.0678 3488  FltMgr - ok
10:20:47.0741 3488  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:20:47.0788 3488  FontCache - ok
10:20:47.0834 3488  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:20:47.0866 3488  FontCache3.0.0.0 - ok
10:20:47.0881 3488  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:20:47.0897 3488  FsDepends - ok
10:20:47.0928 3488  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:20:47.0944 3488  Fs_Rec - ok
10:20:47.0990 3488  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:20:48.0006 3488  fvevol - ok
10:20:48.0037 3488  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:20:48.0037 3488  gagp30kx - ok
10:20:48.0084 3488  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:20:48.0115 3488  GamesAppService - ok
10:20:48.0178 3488  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:20:48.0256 3488  gpsvc - ok
10:20:48.0334 3488  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService     C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
10:20:48.0349 3488  GREGService - ok
10:20:48.0396 3488  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:20:48.0458 3488  hcw85cir - ok
10:20:48.0490 3488  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:20:48.0521 3488  HdAudAddService - ok
10:20:48.0568 3488  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:20:48.0614 3488  HDAudBus - ok
10:20:48.0630 3488  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:20:48.0661 3488  HidBatt - ok
10:20:48.0692 3488  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:20:48.0708 3488  HidBth - ok
10:20:48.0739 3488  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:20:48.0755 3488  HidIr - ok
10:20:48.0786 3488  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:20:48.0833 3488  hidserv - ok
10:20:48.0895 3488  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:20:48.0926 3488  HidUsb - ok
10:20:48.0942 3488  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:20:48.0989 3488  hkmsvc - ok
10:20:49.0036 3488  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:20:49.0082 3488  HomeGroupListener - ok
10:20:49.0098 3488  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:20:49.0129 3488  HomeGroupProvider - ok
10:20:49.0145 3488  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:20:49.0160 3488  HpSAMD - ok
10:20:49.0207 3488  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:20:49.0285 3488  HTTP - ok
10:20:49.0316 3488  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:20:49.0316 3488  hwpolicy - ok
10:20:49.0363 3488  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:20:49.0363 3488  i8042prt - ok
10:20:49.0426 3488  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
10:20:49.0472 3488  iaStor - ok
10:20:49.0535 3488  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:20:49.0566 3488  IAStorDataMgrSvc - ok
10:20:49.0597 3488  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:20:49.0628 3488  iaStorV - ok
10:20:49.0660 3488  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:20:49.0675 3488  idsvc - ok
10:20:49.0753 3488  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130113.001\IDSvia64.sys
10:20:49.0800 3488  IDSVia64 - ok
10:20:50.0081 3488  [ 9937600A1584FF00565D5379EB4C9EDB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:20:50.0424 3488  igfx - ok
10:20:50.0471 3488  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:20:50.0486 3488  iirsp - ok
10:20:50.0518 3488  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:20:50.0580 3488  IKEEXT - ok
10:20:50.0674 3488  [ B60ACCD29F8FAFC4A6344CD2BD5CA3A5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:20:50.0720 3488  IntcAzAudAddService - ok
10:20:50.0767 3488  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
10:20:50.0798 3488  IntcDAud - ok
10:20:50.0830 3488  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:20:50.0845 3488  intelide - ok
10:20:50.0876 3488  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:20:50.0923 3488  intelppm - ok
10:20:50.0954 3488  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:20:50.0986 3488  IPBusEnum - ok
10:20:51.0001 3488  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:20:51.0032 3488  IpFilterDriver - ok
10:20:51.0079 3488  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:20:51.0142 3488  iphlpsvc - ok
10:20:51.0157 3488  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:20:51.0188 3488  IPMIDRV - ok
10:20:51.0204 3488  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:20:51.0251 3488  IPNAT - ok
10:20:51.0266 3488  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:20:51.0298 3488  IRENUM - ok
10:20:51.0329 3488  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:20:51.0344 3488  isapnp - ok
10:20:51.0376 3488  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:20:51.0391 3488  iScsiPrt - ok
10:20:51.0407 3488  IWPORT - ok
10:20:51.0469 3488  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
10:20:51.0485 3488  k57nd60a - ok
10:20:51.0532 3488  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:20:51.0563 3488  kbdclass - ok
10:20:51.0594 3488  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:20:51.0641 3488  kbdhid - ok
10:20:51.0656 3488  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:20:51.0672 3488  KeyIso - ok
10:20:51.0719 3488  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:20:51.0750 3488  KSecDD - ok
10:20:51.0781 3488  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:20:51.0797 3488  KSecPkg - ok
10:20:51.0828 3488  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:20:51.0875 3488  ksthunk - ok
10:20:51.0906 3488  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:20:51.0968 3488  KtmRm - ok
10:20:52.0000 3488  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:20:52.0046 3488  LanmanServer - ok
10:20:52.0109 3488  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:20:52.0202 3488  LanmanWorkstation - ok
10:20:52.0265 3488  [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
10:20:52.0296 3488  Live Updater Service - ok
10:20:52.0327 3488  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:20:52.0405 3488  lltdio - ok
10:20:52.0436 3488  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:20:52.0468 3488  lltdsvc - ok
10:20:52.0483 3488  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:20:52.0530 3488  lmhosts - ok
10:20:52.0561 3488  [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:20:52.0577 3488  LMS - ok
10:20:52.0592 3488  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:20:52.0608 3488  LSI_FC - ok
10:20:52.0624 3488  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:20:52.0624 3488  LSI_SAS - ok
10:20:52.0639 3488  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:20:52.0655 3488  LSI_SAS2 - ok
10:20:52.0670 3488  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:20:52.0686 3488  LSI_SCSI - ok
10:20:52.0717 3488  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:20:52.0780 3488  luafv - ok
10:20:52.0826 3488  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:20:52.0873 3488  Mcx2Svc - ok
10:20:52.0889 3488  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:20:52.0904 3488  megasas - ok
10:20:52.0951 3488  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:20:52.0982 3488  MegaSR - ok
10:20:52.0998 3488  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:20:53.0014 3488  MEIx64 - ok
10:20:53.0045 3488  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:20:53.0076 3488  MMCSS - ok
10:20:53.0092 3488  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:20:53.0138 3488  Modem - ok
10:20:53.0170 3488  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:20:53.0185 3488  monitor - ok
10:20:53.0232 3488  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:20:53.0232 3488  mouclass - ok
10:20:53.0263 3488  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:20:53.0294 3488  mouhid - ok
10:20:53.0326 3488  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:20:53.0357 3488  mountmgr - ok
10:20:53.0419 3488  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:20:53.0435 3488  MozillaMaintenance - ok
10:20:53.0466 3488  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:20:53.0482 3488  mpio - ok
10:20:53.0497 3488  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:20:53.0544 3488  mpsdrv - ok
10:20:53.0575 3488  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:20:53.0638 3488  MpsSvc - ok
10:20:53.0653 3488  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:20:53.0684 3488  MRxDAV - ok
10:20:53.0700 3488  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:20:53.0747 3488  mrxsmb - ok
10:20:53.0778 3488  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:20:53.0794 3488  mrxsmb10 - ok
10:20:53.0825 3488  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:20:53.0840 3488  mrxsmb20 - ok
10:20:53.0856 3488  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:20:53.0872 3488  msahci - ok
10:20:53.0872 3488  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:20:53.0872 3488  msdsm - ok
10:20:53.0903 3488  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:20:53.0934 3488  MSDTC - ok
10:20:53.0950 3488  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:20:53.0981 3488  Msfs - ok
10:20:54.0012 3488  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:20:54.0043 3488  mshidkmdf - ok
10:20:54.0074 3488  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:20:54.0074 3488  msisadrv - ok
10:20:54.0106 3488  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:20:54.0168 3488  MSiSCSI - ok
10:20:54.0168 3488  msiserver - ok
10:20:54.0184 3488  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:20:54.0230 3488  MSKSSRV - ok
10:20:54.0246 3488  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:20:54.0340 3488  MSPCLOCK - ok
10:20:54.0355 3488  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:20:54.0433 3488  MSPQM - ok
10:20:54.0449 3488  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:20:54.0464 3488  MsRPC - ok
10:20:54.0480 3488  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:20:54.0496 3488  mssmbios - ok
10:20:54.0527 3488  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:20:54.0620 3488  MSTEE - ok
10:20:54.0636 3488  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:20:54.0652 3488  MTConfig - ok
10:20:54.0667 3488  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:20:54.0667 3488  Mup - ok
10:20:54.0714 3488  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:20:54.0776 3488  napagent - ok
10:20:54.0839 3488  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:20:54.0886 3488  NativeWifiP - ok
10:20:54.0979 3488  [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
10:20:55.0010 3488  NAUpdate - ok
10:20:55.0073 3488  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130113.009\ENG64.SYS
10:20:55.0104 3488  NAVENG - ok
10:20:55.0151 3488  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130113.009\EX64.SYS
10:20:55.0198 3488  NAVEX15 - ok
10:20:55.0229 3488  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:20:55.0260 3488  NDIS - ok
10:20:55.0276 3488  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:20:55.0322 3488  NdisCap - ok
10:20:55.0354 3488  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:20:55.0385 3488  NdisTapi - ok
10:20:55.0385 3488  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:20:55.0416 3488  Ndisuio - ok
10:20:55.0447 3488  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:20:55.0510 3488  NdisWan - ok
10:20:55.0525 3488  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:20:55.0572 3488  NDProxy - ok
10:20:55.0588 3488  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:20:55.0619 3488  NetBIOS - ok
10:20:55.0634 3488  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:20:55.0666 3488  NetBT - ok
10:20:55.0697 3488  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:20:55.0697 3488  Netlogon - ok
10:20:55.0744 3488  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:20:55.0822 3488  Netman - ok
10:20:55.0884 3488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:20:55.0915 3488  NetMsmqActivator - ok
10:20:55.0931 3488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:20:55.0962 3488  NetPipeActivator - ok
10:20:55.0993 3488  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:20:56.0071 3488  netprofm - ok
10:20:56.0118 3488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:20:56.0134 3488  NetTcpActivator - ok
10:20:56.0134 3488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:20:56.0149 3488  NetTcpPortSharing - ok
10:20:56.0196 3488  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:20:56.0212 3488  nfrd960 - ok
10:20:56.0274 3488  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
10:20:56.0305 3488  NIS - ok
10:20:56.0336 3488  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:20:56.0383 3488  NlaSvc - ok
10:20:56.0524 3488  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:20:56.0570 3488  NOBU - ok
10:20:56.0586 3488  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:20:56.0617 3488  Npfs - ok
10:20:56.0648 3488  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:20:56.0664 3488  nsi - ok
10:20:56.0680 3488  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:20:56.0726 3488  nsiproxy - ok
10:20:56.0836 3488  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:20:56.0882 3488  Ntfs - ok
10:20:56.0898 3488  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:20:56.0929 3488  Null - ok
10:20:57.0272 3488  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:20:57.0444 3488  nvlddmkm - ok
10:20:57.0475 3488  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
10:20:57.0491 3488  nvpciflt - ok
10:20:57.0522 3488  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:20:57.0538 3488  nvraid - ok
10:20:57.0553 3488  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:20:57.0569 3488  nvstor - ok
10:20:57.0600 3488  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:20:57.0631 3488  nvsvc - ok
10:20:57.0709 3488  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:20:57.0772 3488  nvUpdatusService - ok
10:20:57.0803 3488  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:20:57.0818 3488  nv_agp - ok
10:20:57.0912 3488  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:20:57.0959 3488  odserv - ok
10:20:57.0959 3488  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:20:57.0990 3488  ohci1394 - ok
10:20:58.0037 3488  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:20:58.0068 3488  ose - ok
10:20:58.0255 3488  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:20:58.0411 3488  osppsvc - ok
10:20:58.0458 3488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:20:58.0505 3488  p2pimsvc - ok
10:20:58.0536 3488  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:20:58.0583 3488  p2psvc - ok
10:20:58.0598 3488  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
10:20:58.0614 3488  Parport - ok
10:20:58.0645 3488  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:20:58.0645 3488  partmgr - ok
10:20:58.0676 3488  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:20:58.0708 3488  PcaSvc - ok
10:20:58.0739 3488  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:20:58.0754 3488  pci - ok
10:20:58.0770 3488  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:20:58.0786 3488  pciide - ok
10:20:58.0786 3488  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:20:58.0801 3488  pcmcia - ok
10:20:58.0817 3488  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:20:58.0832 3488  pcw - ok
10:20:58.0926 3488  [ A2EB6CA4F27C21E6612822B1AAA35A46 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
10:20:58.0957 3488  PDF Architect Helper Service - ok
10:20:58.0988 3488  [ A7B011DB400D66F7574E821223C8BB36 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
10:20:59.0004 3488  PDF Architect Service - ok
10:20:59.0035 3488  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:20:59.0082 3488  PEAUTH - ok
10:20:59.0160 3488  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:20:59.0207 3488  PerfHost - ok
10:20:59.0285 3488  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:20:59.0347 3488  pla - ok
10:20:59.0394 3488  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:20:59.0472 3488  PlugPlay - ok
10:20:59.0488 3488  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:20:59.0534 3488  PNRPAutoReg - ok
10:20:59.0566 3488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:20:59.0581 3488  PNRPsvc - ok
10:20:59.0612 3488  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:20:59.0675 3488  PolicyAgent - ok
10:20:59.0690 3488  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:20:59.0737 3488  Power - ok
10:20:59.0784 3488  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:20:59.0878 3488  PptpMiniport - ok
10:20:59.0893 3488  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
10:20:59.0924 3488  Processor - ok
10:20:59.0956 3488  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:20:59.0987 3488  ProfSvc - ok
10:20:59.0987 3488  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:21:00.0002 3488  ProtectedStorage - ok
10:21:00.0034 3488  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:21:00.0080 3488  Psched - ok
10:21:00.0112 3488  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
10:21:00.0143 3488  PxHlpa64 - ok
10:21:00.0205 3488  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:21:00.0236 3488  ql2300 - ok
10:21:00.0268 3488  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:21:00.0283 3488  ql40xx - ok
10:21:00.0299 3488  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:21:00.0330 3488  QWAVE - ok
10:21:00.0330 3488  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:21:00.0392 3488  QWAVEdrv - ok
10:21:00.0392 3488  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:21:00.0424 3488  RasAcd - ok
10:21:00.0470 3488  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:00.0502 3488  RasAgileVpn - ok
10:21:00.0533 3488  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:21:00.0564 3488  RasAuto - ok
10:21:00.0595 3488  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:00.0626 3488  Rasl2tp - ok
10:21:00.0673 3488  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:21:00.0704 3488  RasMan - ok
10:21:00.0736 3488  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:00.0798 3488  RasPppoe - ok
10:21:00.0829 3488  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:21:00.0860 3488  RasSstp - ok
10:21:00.0892 3488  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:21:00.0985 3488  rdbss - ok
10:21:01.0001 3488  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:21:01.0016 3488  rdpbus - ok
10:21:01.0032 3488  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:01.0063 3488  RDPCDD - ok
10:21:01.0079 3488  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:21:01.0110 3488  RDPENCDD - ok
10:21:01.0141 3488  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:21:01.0172 3488  RDPREFMP - ok
10:21:01.0204 3488  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:21:01.0266 3488  RdpVideoMiniport - ok
10:21:01.0297 3488  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:21:01.0328 3488  RDPWD - ok
10:21:01.0360 3488  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:21:01.0375 3488  rdyboost - ok
10:21:01.0406 3488  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:21:01.0484 3488  RemoteAccess - ok
10:21:01.0516 3488  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:21:01.0594 3488  RemoteRegistry - ok
10:21:01.0625 3488  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:21:01.0672 3488  RFCOMM - ok
10:21:01.0687 3488  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:21:01.0734 3488  RpcEptMapper - ok
10:21:01.0765 3488  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:21:01.0781 3488  RpcLocator - ok
10:21:01.0796 3488  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:21:01.0828 3488  RpcSs - ok
10:21:01.0859 3488  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:21:01.0890 3488  rspndr - ok
10:21:01.0906 3488  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:21:01.0921 3488  SamSs - ok
10:21:01.0937 3488  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:21:01.0952 3488  sbp2port - ok
10:21:01.0968 3488  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:21:01.0999 3488  SCardSvr - ok
10:21:02.0015 3488  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:21:02.0046 3488  scfilter - ok
10:21:02.0077 3488  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:21:02.0140 3488  Schedule - ok
10:21:02.0155 3488  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:21:02.0186 3488  SCPolicySvc - ok
10:21:02.0202 3488  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
10:21:02.0233 3488  sdbus - ok
10:21:02.0264 3488  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:21:02.0311 3488  SDRSVC - ok
10:21:02.0327 3488  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:21:02.0374 3488  secdrv - ok
10:21:02.0405 3488  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:21:02.0452 3488  seclogon - ok
10:21:02.0483 3488  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:21:02.0514 3488  SENS - ok
10:21:02.0545 3488  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:21:02.0592 3488  SensrSvc - ok
10:21:02.0623 3488  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:21:02.0654 3488  Serenum - ok
10:21:02.0686 3488  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
10:21:02.0717 3488  Serial - ok
10:21:02.0732 3488  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:21:02.0748 3488  sermouse - ok
10:21:02.0779 3488  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:21:02.0826 3488  SessionEnv - ok
10:21:02.0842 3488  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:21:02.0857 3488  sffdisk - ok
10:21:02.0888 3488  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:21:02.0951 3488  sffp_mmc - ok
10:21:02.0966 3488  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:21:02.0998 3488  sffp_sd - ok
10:21:02.0998 3488  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:21:03.0029 3488  sfloppy - ok
10:21:03.0076 3488  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:21:03.0122 3488  SharedAccess - ok
10:21:03.0154 3488  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:21:03.0200 3488  ShellHWDetection - ok
10:21:03.0232 3488  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:21:03.0247 3488  SiSRaid2 - ok
10:21:03.0263 3488  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:21:03.0278 3488  SiSRaid4 - ok
10:21:03.0310 3488  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:21:03.0356 3488  Smb - ok
10:21:03.0388 3488  [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
10:21:03.0403 3488  snapman - ok
10:21:03.0434 3488  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:21:03.0481 3488  SNMPTRAP - ok
10:21:03.0512 3488  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:21:03.0528 3488  spldr - ok
10:21:03.0559 3488  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:21:03.0606 3488  Spooler - ok
10:21:03.0715 3488  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:21:03.0871 3488  sppsvc - ok
10:21:03.0887 3488  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:21:03.0918 3488  sppuinotify - ok
10:21:04.0012 3488  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
10:21:04.0058 3488  SRTSP - ok
10:21:04.0074 3488  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
10:21:04.0074 3488  SRTSPX - ok
10:21:04.0105 3488  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:21:04.0152 3488  srv - ok
10:21:04.0168 3488  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:21:04.0199 3488  srv2 - ok
10:21:04.0230 3488  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:21:04.0246 3488  srvnet - ok
10:21:04.0277 3488  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:21:04.0324 3488  SSDPSRV - ok
10:21:04.0339 3488  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:21:04.0370 3488  SstpSvc - ok
10:21:04.0464 3488  [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney Business 5.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
10:21:04.0495 3488  StarMoney Business 5.0 OnlineUpdate - ok
10:21:04.0526 3488  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:21:04.0542 3488  stexstor - ok
10:21:04.0589 3488  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:21:04.0636 3488  stisvc - ok
10:21:04.0667 3488  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:21:04.0682 3488  swenum - ok
10:21:04.0729 3488  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:21:04.0760 3488  swprv - ok
10:21:04.0823 3488  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
10:21:04.0854 3488  SymDS - ok
10:21:04.0901 3488  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
10:21:04.0948 3488  SymEFA - ok
10:21:04.0994 3488  [ 894579207E39C465737E850A252CE4F2 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:21:04.0994 3488  SymEvent - ok
10:21:05.0057 3488  [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
10:21:05.0072 3488  SymIM - ok
10:21:05.0104 3488  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
10:21:05.0135 3488  SymIRON - ok
10:21:05.0166 3488  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
10:21:05.0182 3488  SymNetS - ok
10:21:05.0228 3488  SynasUSB - ok
10:21:05.0260 3488  [ BCB6AA197267D3506BE2535342FC40E0 ] synusb64        C:\Windows\system32\DRIVERS\synusb64.sys
10:21:05.0275 3488  synusb64 - ok
10:21:05.0353 3488  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:21:05.0416 3488  SysMain - ok
10:21:05.0447 3488  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:21:05.0462 3488  TabletInputService - ok
10:21:05.0462 3488  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:21:05.0494 3488  TapiSrv - ok
10:21:05.0509 3488  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:21:05.0556 3488  TBS - ok
10:21:05.0618 3488  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:21:05.0665 3488  Tcpip - ok
10:21:05.0743 3488  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:21:05.0806 3488  TCPIP6 - ok
10:21:05.0837 3488  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:21:05.0837 3488  tcpipreg - ok
10:21:05.0868 3488  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:21:05.0915 3488  TDPIPE - ok
10:21:05.0930 3488  [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
10:21:05.0962 3488  tdrpman273 - ok
10:21:05.0977 3488  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:21:05.0993 3488  TDTCP - ok
10:21:06.0024 3488  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:21:06.0055 3488  tdx - ok
10:21:06.0086 3488  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:21:06.0086 3488  TermDD - ok
10:21:06.0133 3488  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:21:06.0196 3488  TermService - ok
10:21:06.0211 3488  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:21:06.0227 3488  Themes - ok
10:21:06.0242 3488  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:21:06.0274 3488  THREADORDER - ok
10:21:06.0320 3488  [ EBBAEA02F0095A798000C7E06B16D41B ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
10:21:06.0352 3488  timounter - ok
10:21:06.0383 3488  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:21:06.0414 3488  TrkWks - ok
10:21:06.0461 3488  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:21:06.0508 3488  TrustedInstaller - ok
10:21:06.0539 3488  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:06.0570 3488  tssecsrv - ok
10:21:06.0617 3488  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:21:06.0664 3488  TsUsbFlt - ok
10:21:06.0695 3488  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:21:06.0742 3488  TsUsbGD - ok
10:21:06.0788 3488  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:21:06.0835 3488  tunnel - ok
10:21:06.0866 3488  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
10:21:06.0882 3488  TurboB - ok
10:21:06.0913 3488  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:21:06.0913 3488  TurboBoost - ok
10:21:06.0929 3488  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:21:06.0944 3488  uagp35 - ok
10:21:06.0960 3488  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:21:06.0991 3488  udfs - ok
10:21:07.0022 3488  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:21:07.0022 3488  UI0Detect - ok
10:21:07.0054 3488  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:21:07.0054 3488  uliagpkx - ok
10:21:07.0069 3488  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:21:07.0100 3488  umbus - ok
10:21:07.0132 3488  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:21:07.0147 3488  UmPass - ok
10:21:07.0272 3488  [ A678E5DDD974903DD71F503BDCACA218 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:21:07.0334 3488  UNS - ok
10:21:07.0366 3488  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:21:07.0412 3488  upnphost - ok
10:21:07.0444 3488  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:07.0459 3488  usbccgp - ok
10:21:07.0475 3488  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:21:07.0490 3488  usbcir - ok
10:21:07.0522 3488  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:21:07.0553 3488  usbehci - ok
10:21:07.0600 3488  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:21:07.0631 3488  usbhub - ok
10:21:07.0662 3488  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:21:07.0693 3488  usbohci - ok
10:21:07.0709 3488  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:21:07.0740 3488  usbprint - ok
10:21:07.0771 3488  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:07.0802 3488  USBSTOR - ok
10:21:07.0849 3488  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:21:07.0896 3488  usbuhci - ok
10:21:07.0912 3488  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:21:07.0943 3488  usbvideo - ok
10:21:07.0974 3488  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:21:08.0036 3488  UxSms - ok
10:21:08.0068 3488  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:21:08.0068 3488  VaultSvc - ok
10:21:08.0130 3488  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:21:08.0161 3488  vdrvroot - ok
10:21:08.0208 3488  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:21:08.0286 3488  vds - ok
10:21:08.0333 3488  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:08.0364 3488  vga - ok
10:21:08.0380 3488  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:21:08.0426 3488  VgaSave - ok
10:21:08.0442 3488  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:21:08.0458 3488  vhdmp - ok
10:21:08.0489 3488  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:21:08.0489 3488  viaide - ok
10:21:08.0520 3488  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:21:08.0536 3488  volmgr - ok
10:21:08.0551 3488  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:21:08.0567 3488  volmgrx - ok
10:21:08.0582 3488  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:21:08.0598 3488  volsnap - ok
10:21:08.0629 3488  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:21:08.0629 3488  vsmraid - ok
10:21:08.0676 3488  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:21:08.0723 3488  VSS - ok
10:21:08.0754 3488  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:21:08.0785 3488  vwifibus - ok
10:21:08.0801 3488  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:08.0832 3488  vwififlt - ok
10:21:08.0863 3488  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:08.0879 3488  vwifimp - ok
10:21:08.0941 3488  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:21:09.0004 3488  W32Time - ok
10:21:09.0035 3488  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:21:09.0050 3488  WacomPen - ok
10:21:09.0082 3488  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:21:09.0175 3488  WANARP - ok
10:21:09.0175 3488  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:21:09.0206 3488  Wanarpv6 - ok
10:21:09.0284 3488  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:21:09.0347 3488  wbengine - ok
10:21:09.0378 3488  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:21:09.0409 3488  WbioSrvc - ok
10:21:09.0425 3488  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:21:09.0456 3488  wcncsvc - ok
10:21:09.0472 3488  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:21:09.0518 3488  WcsPlugInService - ok
10:21:09.0550 3488  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
10:21:09.0565 3488  Wd - ok
10:21:09.0596 3488  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:21:09.0628 3488  Wdf01000 - ok
10:21:09.0659 3488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:21:09.0752 3488  WdiServiceHost - ok
10:21:09.0752 3488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:21:09.0768 3488  WdiSystemHost - ok
10:21:09.0784 3488  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:21:09.0815 3488  WebClient - ok
10:21:09.0846 3488  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:21:09.0862 3488  Wecsvc - ok
10:21:09.0893 3488  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:21:09.0924 3488  wercplsupport - ok
10:21:09.0940 3488  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:21:09.0971 3488  WerSvc - ok
10:21:09.0986 3488  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:21:10.0018 3488  WfpLwf - ok
10:21:10.0033 3488  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:21:10.0033 3488  WIMMount - ok
10:21:10.0064 3488  WinDefend - ok
10:21:10.0064 3488  WinHttpAutoProxySvc - ok
10:21:10.0127 3488  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:21:10.0174 3488  Winmgmt - ok
10:21:10.0283 3488  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:21:10.0361 3488  WinRM - ok
10:21:10.0423 3488  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:21:10.0470 3488  WinUsb - ok
10:21:10.0501 3488  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:21:10.0548 3488  Wlansvc - ok
10:21:10.0595 3488  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:21:10.0626 3488  wlcrasvc - ok
10:21:10.0704 3488  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:21:10.0751 3488  wlidsvc - ok
10:21:10.0798 3488  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:21:10.0829 3488  WmiAcpi - ok
10:21:10.0860 3488  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:21:10.0876 3488  wmiApSrv - ok
10:21:10.0922 3488  WMPNetworkSvc - ok
10:21:10.0954 3488  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:21:10.0985 3488  WPCSvc - ok
10:21:11.0000 3488  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:21:11.0016 3488  WPDBusEnum - ok
10:21:11.0047 3488  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:21:11.0063 3488  ws2ifsl - ok
10:21:11.0094 3488  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:21:11.0125 3488  wscsvc - ok
10:21:11.0125 3488  WSearch - ok
10:21:11.0219 3488  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:21:11.0266 3488  wuauserv - ok
10:21:11.0297 3488  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:21:11.0328 3488  WudfPf - ok
10:21:11.0359 3488  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:11.0390 3488  WUDFRd - ok
10:21:11.0422 3488  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:21:11.0468 3488  wudfsvc - ok
10:21:11.0500 3488  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:21:11.0531 3488  WwanSvc - ok
10:21:11.0562 3488  ================ Scan global ===============================
10:21:11.0578 3488  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:21:11.0624 3488  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:21:11.0640 3488  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:21:11.0671 3488  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:21:11.0702 3488  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:21:11.0702 3488  [Global] - ok
10:21:11.0702 3488  ================ Scan MBR ==================================
10:21:11.0718 3488  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:21:12.0217 3488  \Device\Harddisk0\DR0 - ok
10:21:12.0217 3488  ================ Scan VBR ==================================
10:21:12.0248 3488  [ BC1DCEE578092CD5594346F7A6B3EB84 ] \Device\Harddisk0\DR0\Partition1
10:21:12.0248 3488  \Device\Harddisk0\DR0\Partition1 - ok
10:21:12.0264 3488  [ 97A5D221FEDAD2EEA9A909B6FB64D6E0 ] \Device\Harddisk0\DR0\Partition2
10:21:12.0264 3488  \Device\Harddisk0\DR0\Partition2 - ok
10:21:12.0295 3488  [ CBA86F58B0900F026D167426AE760950 ] \Device\Harddisk0\DR0\Partition3
10:21:12.0295 3488  \Device\Harddisk0\DR0\Partition3 - ok
10:21:12.0295 3488  ============================================================
10:21:12.0295 3488  Scan finished
10:21:12.0295 3488  ============================================================
10:21:12.0311 1940  Detected object count: 0
10:21:12.0311 1940  Actual detected object count: 0
         

Alt 14.01.2013, 10:45   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 11:35   #14
christianp63
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Code:
ATTFilter
ComboFix 13-01-13.01 - christian 14.01.2013  11:05:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8044.6130 [GMT 1:00]
ausgeführt von:: c:\users\christian\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-14 bis 2013-01-14  ))))))))))))))))))))))))))))))
.
.
2013-01-14 10:17 . 2013-01-14 10:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-14 10:17 . 2013-01-14 10:17	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-01-12 10:40 . 2013-01-12 10:40	455	----a-w-	C:\user.js
2013-01-11 17:06 . 2013-01-11 17:06	--------	d-----w-	c:\users\christian\AppData\Roaming\Malwarebytes
2013-01-11 17:06 . 2013-01-11 17:06	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-11 17:06 . 2013-01-11 17:06	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-11 17:06 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-11 16:03 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-11 16:03 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-11 16:00 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-27 13:38 . 2012-12-27 13:38	--------	d-----w-	c:\windows\Sun
2012-12-27 13:37 . 2012-12-27 13:37	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-12-27 13:37 . 2012-12-27 13:36	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-12-27 13:37 . 2012-12-27 13:36	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-27 13:36 . 2012-12-27 13:36	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-27 13:36 . 2012-12-27 13:36	--------	d-----w-	c:\program files (x86)\Java
2012-12-24 07:22 . 2012-12-24 07:22	--------	d-----w-	c:\users\christian\AppData\Local\Weto_AG
2012-12-22 09:25 . 2012-12-22 09:25	--------	d-----w-	C:\Weto
2012-12-22 09:23 . 2012-12-22 09:23	--------	d-----w-	c:\programdata\InstallShield
2012-12-22 09:17 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 09:17 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 09:17 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-22 09:17 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 10:36 . 2012-12-16 10:36	--------	d-----w-	c:\users\christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-12-15 12:33 . 2012-12-15 12:33	--------	d-----w-	c:\users\christian\AppData\Roaming\Avery
2012-12-15 12:27 . 2012-12-23 16:59	--------	d-----w-	c:\programdata\Avery
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 10:00 . 2012-01-08 05:41	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 08:15 . 2012-04-01 07:10	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 08:15 . 2011-10-11 12:20	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-30 04:45 . 2013-01-11 16:02	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 06:23	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 06:23	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 06:24	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 06:24	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 06:24	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 06:24	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 06:24	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 06:24	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 06:24	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 06:24	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 06:24	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 06:24	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 06:24	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 06:24	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 06:24	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 06:24	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 06:24	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 06:24	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 06:24	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 06:24	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 06:24	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 06:24	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 05:02	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 05:02	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 05:02	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 05:02	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-10-28 17:32 . 2012-11-23 11:13	103936	----a-w-	c:\windows\system32\pdfcmon.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-11-13 20:41	91784	----a-w-	c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-11-13 731784]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MyPhoneExplorer"="c:\program files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe" [2012-08-10 4853464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2570688]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-06 5578920]
"SMB50StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 5.0\app\oflagent.exe" [2012-10-11 56528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IWPORT;IWPORT;c:\windows\SYSTEM32\DRIVERS\IWPORT.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-09-16 517280]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SynasUSB;SynasUSB;sysWOW64\drivers\SynUSB64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-05-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-01-09 1263200]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130113.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-09 3246040]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-04-22 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-13 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-13 905864]
S2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-09 285280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [2010-09-17 30352]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 55054183
*NewlyCreated* - ASWMBR
*Deregistered* - 55054183
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-08-02 1831016]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 391240]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredibar.com/mb201?a=6Oz02RYj0m&i=26
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: Interfaces\{8B3A69F9-DE62-48EB-BDB6-5C26D971CF6E}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\s9y5t795.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6Oz02RYj0m&&i=26&search=
FF - ExtSQL: 2012-11-23 12:14; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2013-01-02 07:28; {b5e96f5c-0ccb-49ca-9f2a-3f98d9bb137e}; c:\users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\s9y5t795.default\extensions\{b5e96f5c-0ccb-49ca-9f2a-3f98d9bb137e}
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oz02RYj0m&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 166836af00000000000006de2b6fcba0
FF - user.js: extensions.incredibar_i.instlDay - 15717
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:39
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6Oz02RYj0m
FF - user.js: extensions.incredibar_i.upn2n - 92262783697827602
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 77777600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14  11:31:56
ComboFix-quarantined-files.txt  2013-01-14 10:31
.
Vor Suchlauf: 12 Verzeichnis(se), 303.692.627.968 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 304.476.106.752 Bytes frei
.
- - End Of File - - 449ABB759008521BB08865DFC5983160
         

Alt 14.01.2013, 11:45   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu GVU-Trojaner eingefangen
2 infizierte dateien, abgesicherten, bericht, dateien gelöscht, deaktiviert, durchgeführt, eingefangen, euren, geladen, gelöscht, gmer, google, hoffe, infizierte, internet, log-datei, malwarebytes, manuell, modus, neustart, norton, norton internet security, scan, security, systemwiederherstellung, trojan.winlock




Ähnliche Themen: GVU-Trojaner eingefangen


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)

Zum Thema GVU-Trojaner eingefangen - Hallo, ich hoffe ihr könnt mir helfen Ich habe mir gestern den GVU-Trojaner eingefangen. Ich habe mir über einen Nachbarrrechner über Google Informationen geholt. - Neustart im abgesicherten Modus ausgeführt - GVU-Trojaner eingefangen...
Archiv
Du betrachtest: GVU-Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.