Hallo,

mein Problem gliedert sich in mehrere Teile.

Seit zwei Tagen habe ich den Verdacht, dass mein email-Konto gehackt wurde. Ein Kontakt aus meinem Adressbuch hat mir eine e-mail geschickt, obwohl ich den Kontakt persönlich gefragt habe und er es nicht getan hat.

Zudem bekam ich von Facebook die Nachricht, dass mein Konto gesperrt wurde mit folgender Fehlermeldung:" Jemand hat kürzlich versucht sich von einem unbekannten Gerät oder Standort für dein Konto anzumelden. Bitte bestätige, dass du diese Person warst. "

Drittens wurde gestern beim Hochfahren beim Updatevorgang angezeigt: Update 4042 von 4042. Weiterhin wurde angezeigt, dass Einträge in der Registry geändert wurden.

Ich vermute dass es irgendwie mit dem Wifi aus dem Urlaub zu tun hat. Dieses war nur mit WEP geschützt. Danach tauchten auch erst die Probleme auf.

Vielen Dank schonmal für Eure Lösungsvorschläge.

Anbei noch die LOGfiles

Hi
wenn der kontakt dir ne mail gesendet hatt, ist wohl sein account gehackt worden.
Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Das ging ja schnell!!

Anbei der Logfile

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hier also der Combofix logfile

[Code]
Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-02-26.01 - XXX 01.03.2013  17:20:27.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8044.5905 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\XXX\136887863
c:\users\XXX\136887863\Alex_137179987\img_010281334_normal.jpg
c:\users\XXX\136887863\Alex_137179987\img_010281336_normal.jpg
c:\users\XXX\136887863\Alex_137179987\Thumbs.db
c:\users\XXX\136887863\Da BoZz_351552812\ap2808500k.wmv
c:\users\XXX\136887863\Da BoZz_351552812\ps-aslm2-a.avi
c:\users\XXX\136887863\JuLe_257416876\jule.bmp
c:\users\XXX\136887863\JuLe_257416876\S4200843.JPG
c:\users\XXX\136887863\JuLe_257416876\Thumbs.db
c:\users\XXX\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-01 bis 2013-03-01  ))))))))))))))))))))))))))))))
.
.
2013-03-01 16:40 . 2013-03-01 16:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-01 16:40 . 2013-03-01 16:40	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-02-19 18:01 . 2013-02-19 18:01	--------	d-----w-	c:\users\XXX\AppData\Local\Passbild_Generator
2013-02-19 18:01 . 2013-02-19 18:01	--------	d-----w-	c:\program files (x86)\Passbild-Generator
2013-02-16 16:25 . 2012-12-13 13:26	112080	----a-r-	c:\windows\system32\drivers\acsock64.sys
2013-02-16 16:25 . 2013-02-16 17:00	--------	d-----w-	c:\program files (x86)\Cisco
2013-02-16 16:25 . 2013-02-16 16:25	--------	d-----w-	c:\users\XXX\AppData\Local\Cisco
2013-02-16 16:23 . 2013-02-16 17:00	--------	d-----w-	c:\programdata\Cisco
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 09:37 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 09:37 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 10:18 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 10:18 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 10:18 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 10:18 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 10:18 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 10:18 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 10:18 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 10:18 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 10:18 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 10:18 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 10:18 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 10:18 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-08 15:22 . 2013-02-08 15:22	--------	d-----r-	c:\program files (x86)\Skype
2013-02-08 15:22 . 2013-02-08 15:22	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 17:54 . 2012-04-02 07:13	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 17:54 . 2011-09-25 11:52	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 09:45 . 2011-09-24 13:14	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 10:18	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-30 19:36 . 2011-09-25 10:13	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-12-30 19:36 . 2011-05-31 10:06	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-12-30 19:36 . 2011-05-31 10:06	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-12-16 17:11 . 2012-12-22 18:05	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 18:05	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 18:05	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 18:05	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2011-09-24 21:59	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-13 13:44 . 2012-12-13 13:44	11336	----a-w-	c:\windows\SysWow64\vpncategories.dll
2012-12-13 13:44 . 2012-12-13 13:44	34376	----a-w-	c:\windows\SysWow64\vpnevents.dll
2012-12-07 13:20 . 2013-01-09 13:06	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 13:06	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 13:06	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 13:06	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 13:06	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 13:06	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 13:06	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 13:06	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 13:06	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 13:06	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 13:06	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 13:06	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 13:06	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 13:06	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 13:06	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 13:06	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 13:06	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 13:06	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 13:06	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 13:06	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 13:06	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 13:06	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 13:06	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 13:06	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 13:06	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 13:06	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 13:06	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 13:06	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 13:06	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 13:06	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 13:06	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 13:06	51712	----a-w-	c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2012-01-05 295448]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-12-08 75048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-13 702024]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-11 110592]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-10 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/12/30 20:38;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-10-08 254448]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-12-13 112080]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-10 349224]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-10 39464]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-30 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-07 279616]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-04-22 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-23 230416]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2012-01-05 256536]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-13 544840]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44720578
*Deregistered* - 44720578
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-05-10 1831528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Preispiratensuche nach markiertem Text - c:\\Program Files (x86)\\Preispiraten6\\preispiraten.html
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\anyzy7tp.default\
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - ExtSQL: 2013-02-19 13:16; toolbar@web.de; c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\anyzy7tp.default\extensions\toolbar@web.de.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)
Toolbar-Locked - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-Locked - (no file)
WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-01  17:45:59
ComboFix-quarantined-files.txt  2013-03-01 16:45
.
Vor Suchlauf: 13 Verzeichnis(se), 412.181.090.304 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 421.045.870.592 Bytes frei
.
- - End Of File - - 091E19047E736DB22D7171B0FC8412D9
         

--- --- ---

Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Ich hab mit Malwarebytes vorher schon gescannt und nichts gefunden. Ich lasse den jetzt nochmal durchlaufen....

Aber dieses Update mit 4042 von 4042 Updates beim Systemstart macht mich stutzig.

Hier nochmal der Malwarevbytes Logfile

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.28.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX-PC [Administrator]

01.03.2013 18:39:24
mbam-log-2013-03-01 (18-39-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 660828
Laufzeit: 5 Stunde(n), 40 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Nochmal OTL

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 01.03.2013 09:43:51 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 75,07% Memory free
15,71 Gb Paging File | 13,53 Gb Available in Paging File | 86,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,54 Gb Total Space | 383,54 Gb Free Space | 56,52% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.01.11 14:15:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.13 14:44:45 | 000,702,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012.12.13 14:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.03.02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012.01.05 14:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2012.01.05 14:22:02 | 000,295,448 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.13 13:49:14 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2011.05.26 07:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2011.03.30 23:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.03.14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.03.14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.03.14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.03.14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.08 16:54:46 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2010.09.30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.09.14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.14 02:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 13:01:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 13:29:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\c24dc5c1953c9617b9529172e61ba202\IAStorCommon.ni.dll
MOD - [2013.01.10 13:29:53 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\01d0ecf3e47d2559aa403d296ad5320a\IAStorUtil.ni.dll
MOD - [2013.01.10 11:26:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 11:24:44 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 11:24:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 11:24:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 11:23:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 11:23:52 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 11:23:40 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.13 14:45:20 | 000,063,560 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2012.01.05 14:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll
MOD - [2011.08.04 01:25:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.03.30 23:05:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.27 18:54:49 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.08 17:01:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.13 14:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.10.23 22:59:18 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 16:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2012.01.05 14:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.11.06 16:10:36 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.30 13:48:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.05.26 07:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.10 13:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.03.30 23:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 14:53:34 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.10.08 15:33:12 | 000,254,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.08 01:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.09.30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 22:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.13 14:26:36 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.10.17 10:13:38 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.07 12:40:02 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.12.29 00:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.05.16 22:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.06 18:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011.04.15 19:08:28 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.30 23:05:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.01 15:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.01.21 02:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011.01.21 02:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011.01.17 23:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.12.10 09:05:02 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.12.10 09:04:52 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.10.08 01:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.14 06:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.09.14 06:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.09.14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.20 08:21:38 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.07.29 14:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.09 04:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{1F0C0E4A-72C8-4560-9612-27AD083921F1}: "URL" = hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=search&search={searchTerms}
IE - HKCU\..\SearchScopes\{47F43F50-68E2-4F28-B949-26EE0EC9C505}: "URL" = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.15 20:34:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.07.25 07:39:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.08 17:01:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.24 15:23:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.08 17:01:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.24 15:23:33 | 000,000,000 | ---D | M]
 
[2011.09.24 21:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2013.02.19 13:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\anyzy7tp.default\extensions
[2013.02.10 20:11:49 | 000,000,000 | ---D | M] (AF-HSS Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\anyzy7tp.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}
[2013.02.19 13:16:18 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\anyzy7tp.default\extensions\toolbar@web.de.xpi
[2012.12.14 22:23:54 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\anyzy7tp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.19 13:16:21 | 000,000,911 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\anyzy7tp.default\searchplugins\11-suche.xml
[2013.02.19 13:16:21 | 000,002,273 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\anyzy7tp.default\searchplugins\englische-ergebnisse.xml
[2013.02.19 13:16:21 | 000,010,563 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\anyzy7tp.default\searchplugins\gmx-suche.xml
[2013.02.19 13:16:21 | 000,002,432 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\anyzy7tp.default\searchplugins\lastminute.xml
[2013.02.19 13:16:21 | 000,005,545 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\anyzy7tp.default\searchplugins\webde-suche.xml
[2013.02.08 17:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.08 17:01:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.08 17:01:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.08 17:01:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.08 17:01:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.01 20:10:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 19:27:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.01 20:10:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.01 20:10:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.02.08 16:22:48 | 000,001,987 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SP_amazonde.xml
[2007.01.08 12:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SP_preispiraten_de.xml
[2012.01.01 20:10:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.01 20:10:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~2\PREISP~1\IEBUTT~1.DLL ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~2\PREISP~1\IEBUTT~2.DLL ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0381DBD-E018-4E07-AE40-D96AB15083F0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DC096DF-4478-4D61-84C9-0129A69AE8BF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{014664fa-fbac-11e0-82ea-b870f4b2b04c}\Shell - "" = AutoRun
O33 - MountPoints2\{014664fa-fbac-11e0-82ea-b870f4b2b04c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{048116e9-3924-11e1-8b2a-b870f4b2b04c}\Shell - "" = AutoRun
O33 - MountPoints2\{048116e9-3924-11e1-8b2a-b870f4b2b04c}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{04b29ffd-5fc0-11e1-9a66-804307028105}\Shell - "" = AutoRun
O33 - MountPoints2\{04b29ffd-5fc0-11e1-9a66-804307028105}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{dabb1b77-eb5d-11e0-bea1-b870f4b2b04c}\Shell - "" = AutoRun
O33 - MountPoints2\{dabb1b77-eb5d-11e0-bea1-b870f4b2b04c}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\E\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\E\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 23:04:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\XXX\Desktop\HiJackThis204.exe
[2013.02.28 23:03:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2013.02.27 19:11:25 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 19:11:25 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 19:11:25 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 19:11:25 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 19:11:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 19:11:20 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 19:11:15 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 19:11:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 19:11:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 19:11:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 19:11:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 19:11:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 19:11:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 19:11:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 19:11:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 19:11:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 19:11:14 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 19:11:14 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 19:11:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 19:11:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 19:11:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 19:11:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 19:11:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 19:11:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 19:11:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 19:11:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 19:11:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 19:11:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 19:11:13 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 19:11:13 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 19:11:13 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 19:11:13 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 19:11:13 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 19:11:13 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 19:11:13 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 19:11:13 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 19:11:13 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 19:11:12 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 19:11:12 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 19:11:12 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 19:11:12 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.19 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Passbild_Generator
[2013.02.19 19:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
[2013.02.19 19:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Passbild-Generator
[2013.02.19 18:32:04 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{BFE07D40-40F7-43B5-9B6B-D93C37EF3EC3}
[2013.02.16 18:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013.02.16 17:25:41 | 000,112,080 | R--- | C] (Cisco Systems, Inc.) -- C:\Windows\SysNative\drivers\acsock64.sys
[2013.02.16 17:25:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Cisco
[2013.02.16 17:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013.02.16 17:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2013.02.14 10:32:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 10:32:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 10:32:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 10:32:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 10:32:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 10:32:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 10:32:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 10:32:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 10:32:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 10:32:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 10:32:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 10:32:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 10:32:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 10:32:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 10:32:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 11:18:25 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 11:18:24 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 11:18:24 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 11:18:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 11:18:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 11:18:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 11:18:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 11:18:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 11:18:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 11:18:19 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.08 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.08 16:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.08 16:22:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.08 16:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 09:28:57 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 09:28:57 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 09:20:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.01 09:20:42 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.28 23:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.28 22:58:25 | 001,793,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.28 22:58:25 | 000,759,366 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.28 22:58:25 | 000,719,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.28 22:58:25 | 000,170,692 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.28 22:58:25 | 000,146,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.27 18:54:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 18:54:49 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.22 17:26:59 | 000,107,398 | ---- | M] () -- C:\Users\XXX\Desktop\Leistungsnachweis.pdf
[2013.02.16 17:59:16 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.02.16 17:28:15 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2013.02.14 12:55:11 | 000,454,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.03 12:15:13 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2013.02.03 12:15:13 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk
[2013.02.03 09:15:06 | 000,001,069 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.03 09:15:04 | 000,000,680 | ---- | M] () -- C:\Windows\wininit.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.28 23:03:52 | 000,365,568 | ---- | C] () -- C:\Users\XXX\Desktop\gmer-2.0.18444.exe
[2013.02.22 17:26:59 | 000,107,398 | ---- | C] () -- C:\Users\XXX\Desktop\Leistungsnachweis.pdf
[2013.02.16 17:27:12 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2013.01.11 14:17:32 | 000,000,020 | ---- | C] () -- C:\Users\XXX\defogger_reenable
[2012.10.14 22:11:10 | 000,025,978 | ---- | C] () -- C:\Users\XXX\.TransferManager.db
[2012.10.07 21:11:29 | 000,000,001 | R--- | C] () -- C:\Users\XXX\serverport
[2012.06.11 15:44:08 | 000,000,680 | ---- | C] () -- C:\Windows\wininit.ini
[2012.05.30 13:31:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.05.30 13:30:39 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012.01.01 17:46:49 | 000,000,069 | ---- | C] () -- C:\Windows\bpe.INI
[2012.01.01 17:28:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012.01.01 17:28:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012.01.01 17:28:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2012.01.01 17:28:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2012.01.01 17:28:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2012.01.01 17:28:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2012.01.01 17:26:11 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.01.01 17:26:11 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.11.06 16:13:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.09.29 14:22:26 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.25 09:31:37 | 001,821,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.31 11:11:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 11:11:45 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 11:11:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.05.31 11:11:43 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.05.31 11:11:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Extras
OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 01.03.2013 09:43:51 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 75,07% Memory free
15,71 Gb Paging File | 13,53 Gb Available in Paging File | 86,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,54 Gb Total Space | 383,54 Gb Free Space | 56,52% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0883F3D7-803B-4C49-B96A-12758DD78567}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{38706E0C-8A9E-4DB6-AC4D-1379DEE44E53}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{46908DDD-268C-4904-AF28-8CA26878687E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4ACF54DC-42A3-48BF-AABD-CF835E911072}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D136F27-AEE9-4B0F-B973-BC2C2C521A8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4F7BE862-03C5-47F5-BF81-2E8218B20E65}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5105AE5F-A0EF-4268-B05A-4CD04DB7C86F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5357D6C9-7A36-4151-9CE7-15D22ACFC336}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6822BA78-04E1-4494-8E8B-8677A78294C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71F17EC9-98CC-4027-94C9-FE8C7718C382}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{72BE56E0-CD67-4FE5-978A-DC2E96ADD13A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{750E66EE-05CF-4640-AC59-CB71D5547814}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83BF2C09-1430-4CCA-A745-FD41F26651FD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A2943DD8-FF65-4386-9A5D-98AE9A47F87B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A57F193A-3D28-4131-8B1C-85239627654C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A628B142-6AD6-4E77-96B4-C001B29760BC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AAEEEAF3-89D7-4D43-A331-00D3973BC96D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7223A3B-62AC-4A91-A944-D48ED94E5E03}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BC83F442-5749-483A-A7AF-133D385F631C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C4BAC63E-7A0D-446A-A651-51F09469D3AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EBD550AB-5951-47B7-BB3B-6254B9FB6D0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ECD70914-F91C-42E7-8FF5-3D02CCE7E67E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F54FACF6-707F-4624-A506-30683FEE503C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09506E9E-AE38-4F90-B07F-C0397F0CF216}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{163FE0D5-9860-4799-9D60-05122DEB688A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1AB91966-11D8-4B3C-B6EA-9C1DB56D822C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{2BEFFA86-39D0-488B-993E-BD61CB742D3E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{2E20E75D-B919-4023-84DF-93A24455D13F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{379CA82B-C69C-4D48-B945-FCC4BCA3D449}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{430922E7-A5FB-48D1-89E6-58101514BC72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{43988222-CE1B-454C-B6B0-BEF3A51AF03E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{46AFBD89-FD40-4540-BCF5-EBE5D88AB127}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C5DB8C6-5345-4B1F-8DB6-89D3C24D19E9}" = protocol=6 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5B80337C-3889-4E33-AD62-60011B2AFF8E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{5B921983-CDCE-46AE-ADC5-B1C77D28FF92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{637B47F6-EF0A-4D70-8B3B-7F5DF8C19E68}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85CF54EA-A853-4EDD-BFCA-19EA655D4747}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8DB4DCA9-A9DF-44A9-91CE-991DC6C1E1D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{978FABC4-DE7C-4753-9E71-48FF6B26E327}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9BA765E5-13DD-4974-AACF-ACCB085734F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9CDE560D-BA82-421C-BAD8-B456300F1CCF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9FCEA087-D956-48B4-82BC-2875A6C51394}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{A143677B-6BF6-4620-85F5-03EAF27966D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A520B4B7-ACBA-4EAE-8C9F-A8AF5B8318AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AB44EC30-EEC8-445A-AF7E-FCEB31B7BEBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AD779564-A6B8-4963-B15E-9322B26B4011}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B40514BC-5D48-4EFB-8F89-A2AF50AE3E2C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{C49DAF3A-2F8E-44C4-AC08-E36A105AC45D}" = protocol=6 | dir=out | app=system | 
"{C630E16B-5D74-4244-BB3A-CAE37584ECFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D629E24C-4A3F-4086-94F8-FD0456439EC2}" = protocol=17 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E4E84C6D-AC3D-45EF-B1AA-C69B021E525E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{EC6CF3F1-9A88-44E9-85D5-D51D55FBF863}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FD2C47C5-2FD5-49F2-9DC2-03133500AEDD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{09CD68CE-9648-4171-B0D3-24F5ACAD451D}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{3C99FBB4-2356-43CE-9F23-04993E1BAC6E}C:\users\XXX\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\XXX\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
"TCP Query User{4ACE18F7-63BF-4CFD-9892-DA9D7EE4925C}C:\users\XXX\appdata\local\temp\6299.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\XXX\appdata\local\temp\6299.tmp\kmservice.exe | 
"TCP Query User{656D781D-197F-4193-8696-EF33C34B4DF8}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{8F700880-770D-40BA-9166-422DCC508A1F}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{A7CAE12F-732B-42DE-A167-D858C0231197}C:\users\XXX\appdata\local\temp\ef5d.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\XXX\appdata\local\temp\ef5d.tmp\kmservice.exe | 
"TCP Query User{AA16659C-1903-49B7-B96B-A68682013F60}C:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F4D28F7E-B91D-4BD3-96F7-5A37964DD1A5}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{090D698A-94DD-4950-AB32-0453654B59EE}C:\users\XXX\appdata\local\temp\6299.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\XXX\appdata\local\temp\6299.tmp\kmservice.exe | 
"UDP Query User{1E1C39F9-BD8E-4F19-93DE-A065CE3A883B}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{30A42F46-4553-4D7A-B4D3-6580256D8BE3}C:\users\XXX\appdata\local\temp\ef5d.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\XXX\appdata\local\temp\ef5d.tmp\kmservice.exe | 
"UDP Query User{5D8CED19-C76C-426E-AA39-5F0A9C8D3CFF}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{B6994318-1D70-4104-AE4E-7F41BA5D7859}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{C490C8FC-B76E-469D-A57F-6A5BCBAFFD42}C:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{DEF3751A-5DD5-4322-8AB9-52011BF2DFEE}C:\users\XXX\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\XXX\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
"UDP Query User{FCEF1883-4314-4A5D-8ECD-FFEBD5626917}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14A7DBEC-1E2D-4AE2-BDD8-287472B714E3}" = Microsoft SQL Server 2012 RC0 Setup (English)
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A2AA3E06-2A11-4803-8515-A49628E65515}" = Nitro Reader 3
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{439D9ABF-8D1B-4C09-A50D-C9794510D0E4}" = Samsung PC Studio 3
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5384EA8A-FECA-4D6E-B7B4-3D4D9D47E5DF}" = Preispiraten
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{75F9DAD1-792C-44E9-B48B-2E22C76E0CBF}" = OPC Core Components Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E258ED0-CFA1-4DC9-B031-9D1009CA2A0D}" = Process Modeling (HYSYS) V7.1
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AIMP2" = AIMP2
"Avira AntiVir Desktop" = Avira Free Antivirus
"BKChem_is1" = BKChem-0.14.0-pre2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DSMT6" = MathType 6
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"exe" = eXe -- eLearning XHTML editor
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5b
"PowerISO" = PowerISO
"PremElem90" = Adobe Premiere Elements 9
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.11
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WTA-06eb6600-64b5-47c3-b6fa-7ff1ff2f3cfc" = Jewel Quest Solitaire
"WTA-07606b8a-2b3b-4542-be1e-1fbd0fb8a291" = FATE
"WTA-08088377-5408-490f-bc00-811ab5c6a155" = Slingo Deluxe
"WTA-0f12f38c-a64a-46af-b289-be2a46c95da0" = Mystery P.I. - The London Caper
"WTA-46208327-facf-4724-b4eb-fcd31a20c91a" = Virtual Villagers - The Secret City
"WTA-71cb4c31-7f0a-4f0e-8614-b0758e707d95" = Bejeweled 2 Deluxe
"WTA-7a931507-7018-49b2-8194-f5270f35e64a" = Zuma Deluxe
"WTA-813785b6-6024-4c2d-9ceb-4ed1e8a22c86" = Torchlight
"WTA-82596a95-dbbf-4624-92d7-4a0580689489" = Polar Bowler
"WTA-82c3f7f1-e3e5-4d3e-879e-fed9df6ddd15" = Wedding Dash
"WTA-93b4139e-5995-45d6-b869-7e49ad69221d" = John Deere Drive Green
"WTA-98473aaf-1a49-4a16-86b0-e0d836409520" = Diner Dash 2 Restaurant Rescue
"WTA-9e7c7af7-67b5-4fe6-b560-e140de7c5560" = Crazy Chicken Kart 2
"WTA-aa97fe7c-8120-467e-a783-7e1ffa9a52fc" = Plants vs. Zombies - Game of the Year
"WTA-b98c8cd9-181a-464d-b6f1-2e8e061acf54" = Penguins!
"WTA-c2b35758-fa65-4d7c-9f2d-924256554958" = Agatha Christie - 4:50 from Paddington
"WTA-f63728e7-2d28-4ae0-a675-d8025ecad800" = Chuzzle Deluxe
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.02.2013 10:21:11 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.02.2013 10:23:39 | Computer Name = XXX-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.14.1738.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17d0    Startzeit:
 01ce129a4685d7b7    Endzeit: 78    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 b87ea746-7e8d-11e2-9683-b870f4b2b04c  
 
Error - 25.02.2013 04:05:07 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2013 15:33:10 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2013 15:41:34 | Computer Name = XXX-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 28.02.2013 12:27:33 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2013 17:44:35 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2013 18:29:46 | Computer Name = XXX-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c04    Startzeit: 
01ce15ffa2849fef    Endzeit: 0    Anwendungspfad: C:\Users\XXX\Desktop\OTL.exe    Berichts-ID:
   
 
Error - 01.03.2013 04:21:50 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.03.2013 04:43:41 | Computer Name = XXX-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11c0    Startzeit:
 01ce165836ac7a56    Endzeit: 0    Anwendungspfad: C:\Users\XXX\Desktop\OTL.exe    Berichts-ID:
   
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 01.03.2013 04:21:53 | Computer Name = XXX-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1336 NULL object. Cannot establish a connection at this time.
 
Error - 01.03.2013 04:22:01 | Computer Name = XXX-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTransport::OnSocketReadComplete File: .\IP\TlsTransport.cpp
Line:
 519 Invoked Function: ISocketTransportCB::OnSocketReadComplete Return Code: -31588336
 (0xFE1E0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was
 shutdown by the operating system or a remote peer. 
 
Error - 01.03.2013 04:22:01 | Computer Name = XXX-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnSocketReadComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1464 Invoked Function: CSocketTransport::readSocket Return Code: -31588336 (0xFE1E0010)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was shutdown by the operating
 system or a remote peer. 
 
Error - 01.03.2013 04:22:01 | Computer Name = XXX-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnSendRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 373 Invoked Function: CHttpSessionAsync::OnSendRequestComplete Return Code: -31588336
 (0xFE1E0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was
 shutdown by the operating system or a remote peer. 
 
Error - 01.03.2013 04:26:00 | Computer Name = XXX-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 01.03.2013 04:26:00 | Computer Name = XXX-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 01.03.2013 04:26:00 | Computer Name = XXX-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
Error - 01.03.2013 06:05:18 | Computer Name = XXX-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTransport::OnSocketReadComplete File: .\IP\TlsTransport.cpp
Line:
 519 Invoked Function: ISocketTransportCB::OnSocketReadComplete Return Code: -31588336
 (0xFE1E0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was
 shutdown by the operating system or a remote peer. 
 
Error - 01.03.2013 06:05:18 | Computer Name = XXX-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnSocketReadComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1464 Invoked Function: CSocketTransport::readSocket Return Code: -31588336 (0xFE1E0010)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was shutdown by the operating
 system or a remote peer. 
 
Error - 01.03.2013 06:05:18 | Computer Name = XXX-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnSendRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 373 Invoked Function: CHttpSessionAsync::OnSendRequestComplete Return Code: -31588336
 (0xFE1E0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was
 shutdown by the operating system or a remote peer. 
 
[ Media Center Events ]
Error - 09.10.2011 12:43:55 | Computer Name = XXX-PC | Source = MCUpdate | ID = 0
Description = 18:43:55 - Fehler beim Herstellen der Internetverbindung.  18:43:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.10.2011 12:44:04 | Computer Name = XXX-PC | Source = MCUpdate | ID = 0
Description = 18:44:01 - Fehler beim Herstellen der Internetverbindung.  18:44:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.10.2011 04:08:22 | Computer Name = XXX-PC | Source = MCUpdate | ID = 0
Description = 10:08:22 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 10.10.2011 04:08:41 | Computer Name = XXX-PC | Source = MCUpdate | ID = 0
Description = 10:08:38 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 10.10.2011 04:08:44 | Computer Name = XXX-PC | Source = MCUpdate | ID = 0
Description = 10:08:43 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 10.10.2011 04:08:46 | Computer Name = XXX-PC | Source = MCUpdate | ID = 0
Description = 10:08:46 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
[ System Events ]
Error - 25.02.2013 04:04:15 | Computer Name = XXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 25.02.2013 04:04:52 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 25.02.2013 15:31:15 | Computer Name = XXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 25.02.2013 15:31:47 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 28.02.2013 12:26:03 | Computer Name = XXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.02.2013 12:27:09 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 28.02.2013 17:43:42 | Computer Name = XXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.02.2013 17:44:20 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 01.03.2013 04:20:39 | Computer Name = XXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 01.03.2013 04:21:17 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
 
< End of report >
         

--- --- ---

Gmer

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-03-01 13:33:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kgriruod.sys
---- User code sections - GMER 2.0 ----
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                              00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                            00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                            00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                            00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                     000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                 000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                   000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                               000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                              000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\ole32.dll!CoCreateInstance                                                      000007feff2a7490 11 bytes JMP 000007fffdd30228
.text    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1412] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                     000007feff2bbf00 7 bytes JMP 000007fffdd30260
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                         0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                  00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                     0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                   0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                       0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                          0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                  000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                    000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                         0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1356] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                          0000000076859d0b 5 bytes JMP 0000000172441c70
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                    00000000765e1401 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                      00000000765e1419 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                    00000000765e1431 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                    00000000765e144a 2 bytes [5E, 76]
.text    ...* 9
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                       00000000765e14dd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                00000000765e14f5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                       00000000765e150d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                00000000765e1525 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                      00000000765e153d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                           00000000765e1555 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                    00000000765e156d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                      00000000765e1585 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                         00000000765e159d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                      00000000765e15b5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                    00000000765e15cd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                00000000765e16b2 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                00000000765e16bd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                 00000000765e1401 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                   00000000765e1419 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                 00000000765e1431 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                 00000000765e144a 2 bytes [5E, 76]
.text    ...                                                                                                                         * 9
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                    00000000765e14dd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                             00000000765e14f5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                    00000000765e150d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                             00000000765e1525 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                   00000000765e153d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                        00000000765e1555 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                 00000000765e156d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                   00000000765e1585 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                      00000000765e159d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                   00000000765e15b5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                 00000000765e15cd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                             00000000765e16b2 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3276] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                             00000000765e16bd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17               00000000765e1401 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                 00000000765e1419 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17               00000000765e1431 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42               00000000765e144a 2 bytes [5E, 76]
.text    ...* 9
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                  00000000765e14dd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17           00000000765e14f5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                  00000000765e150d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17           00000000765e1525 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                 00000000765e153d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                      00000000765e1555 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17               00000000765e156d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                 00000000765e1585 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                    00000000765e159d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                 00000000765e15b5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17               00000000765e15cd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20           00000000765e16b2 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31           00000000765e16bd 2 bytes [5E, 76]
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                      00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                    00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                    00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                    00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                             000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                         000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                           000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                              000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                       000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                      000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                              000007feff2a7490 11 bytes JMP 000007fffdd30228
.text    C:\Windows\System32\igfxpers.exe[4552] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                             000007feff2bbf00 7 bytes JMP 000007fffdd30260
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                         00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                       00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                       00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                       00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                            000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                              000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                 000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                          000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                           000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                         000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                 000007feff2a7490 11 bytes JMP 000007fffdd30228
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                000007feff2bbf00 7 bytes JMP 000007fffdd30260
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                       00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                     00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                     00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                     00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                              000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                          000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                            000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                               000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                        000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                         000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                       000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\ole32.dll!CoCreateInstance                                                               000007feff2a7490 11 bytes JMP 000007fffdd30228
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                              000007feff2bbf00 7 bytes JMP 000007fffdd30260
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                            00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                          00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                          00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                          00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\kernel32.dll!RegSetValueExA                                   000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                               000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                 000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                    000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                             000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                              000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                            000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\ole32.dll!CoCreateInstance                                    000007feff2a7490 11 bytes JMP 000007fffdd30228
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[4768] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                   000007feff2bbf00 7 bytes JMP 000007fffdd30260
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                          00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                        00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                        00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                        00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                 000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                             000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                               000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                  000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                           000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                            000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                          000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                  000007feff2a7490 11 bytes JMP 000007fffdd30228
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                 000007feff2bbf00 7 bytes JMP 000007fffdd30260
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\dxgi.dll!DXGID3D10CreateDevice                                                              000007fef8d7c638 5 bytes JMP 000007fff8d50148
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                  000007fef8d7dc88 5 bytes JMP 000007fff8d500d8
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4780] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                 000007fef8d7de10 5 bytes JMP 000007fff8d50110
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                              00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                              00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                              00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                       000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                   000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                     000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                        000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                 000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                   0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                               0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                             0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                 0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                            000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                              000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                   0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                    0000000076859d0b 5 bytes JMP 0000000172441c70
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                           00000000765e1401 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17                                             00000000765e1419 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17                                           00000000765e1431 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42                                           00000000765e144a 2 bytes [5E, 76]
.text    ...* 9
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                              00000000765e14dd 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                       00000000765e14f5 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                              00000000765e150d 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                       00000000765e1525 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                             00000000765e153d 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                                                  00000000765e1555 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                           00000000765e156d 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                             00000000765e1585 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                00000000765e159d 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                             00000000765e15b5 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                           00000000765e15cd 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                       00000000765e16b2 2 bytes [5E, 76]
.text    C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4820] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                       00000000765e16bd 2 bytes [5E, 76]
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                 00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                               00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                               00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                               00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                        000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                    000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                      000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                         000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                  000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                         000007feff2a7490 11 bytes JMP 000007fffdd30228
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                        000007feff2bbf00 7 bytes JMP 000007fffdd30260
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                   000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Windows\system32\wbem\unsecapp.exe[5056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                 000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                     00000000765e1401 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                       00000000765e1419 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                     00000000765e1431 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                     00000000765e144a 2 bytes [5E, 76]
.text    ...* 9
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                        00000000765e14dd 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                 00000000765e14f5 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                        00000000765e150d 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                 00000000765e1525 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                       00000000765e153d 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                            00000000765e1555 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                     00000000765e156d 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                       00000000765e1585 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                          00000000765e159d 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                       00000000765e15b5 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                     00000000765e15cd 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                 00000000765e16b2 2 bytes [5E, 76]
.text    C:\Windows\SysWOW64\RunDll32.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                 00000000765e16bd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                       000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                       00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                       00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                         00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                 0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                         000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                           000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4396] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                 0000000076859d0b 5 bytes JMP 0000000172441c70
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                       0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                              000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                              00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                              00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                   0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                 0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                     0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                        0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                  000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                       0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                        0000000076859d0b 5 bytes JMP 0000000172441c70
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                               00000000765e1401 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                 00000000765e1419 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                               00000000765e1431 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                               00000000765e144a 2 bytes [5E, 76]
.text    ...* 9
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                  00000000765e14dd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                           00000000765e14f5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                  00000000765e150d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                           00000000765e1525 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                 00000000765e153d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                      00000000765e1555 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                               00000000765e156d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                 00000000765e1585 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                    00000000765e159d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                 00000000765e15b5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                               00000000765e15cd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                           00000000765e16b2 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                           00000000765e16bd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                            0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                   000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                   00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                   00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                     00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                        0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                      0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                          0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                             0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                     000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                       000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                            0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                             0000000076859d0b 5 bytes JMP 0000000172441c70
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                    00000000765e1401 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                      00000000765e1419 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                    00000000765e1431 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                    00000000765e144a 2 bytes [5E, 76]
.text    ...* 9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                       00000000765e14dd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                00000000765e14f5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                       00000000765e150d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                00000000765e1525 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                      00000000765e153d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                           00000000765e1555 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                    00000000765e156d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                      00000000765e1585 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                         00000000765e159d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                      00000000765e15b5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                    00000000765e15cd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                00000000765e16b2 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                00000000765e16bd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\kernel32.dll!RegSetValueExA           0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW  000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx  00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation  00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW    00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW       0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW     0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW         0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary            0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList    000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo      000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket           0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4460] C:\Windows\syswow64\ole32.dll!CoCreateInstance            0000000076859d0b 5 bytes JMP 0000000172441c70
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                        0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                               000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                               00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                               00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                 00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                    0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                  0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                      0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                         0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                 000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                   000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                        0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[4372] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                         0000000076859d0b 5 bytes JMP 0000000172441c70
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                           00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                         00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                         00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                         00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\kernel32.dll!RegSetValueExA                                  000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                              000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                   000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                            000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                             000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                           000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                               0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                      000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                      00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                      00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                        00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                           0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                         0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                             0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                        000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                          000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                               0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                0000000076859d0b 5 bytes JMP 0000000172441c70
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                       00000000765e1401 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                         00000000765e1419 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                       00000000765e1431 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                       00000000765e144a 2 bytes [5E, 76]
.text    ...* 9
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          00000000765e14dd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                   00000000765e14f5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          00000000765e150d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                   00000000765e1525 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                         00000000765e153d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              00000000765e1555 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                       00000000765e156d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                         00000000765e1585 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            00000000765e159d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                         00000000765e15b5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                       00000000765e15cd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                   00000000765e16b2 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                   00000000765e16bd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                    00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                  00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                  00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                  00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                           000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                       000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                         000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                            000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                     000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                      000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4900] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                    000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                      00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                    00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                    00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                    00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                             000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                         000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                           000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                              000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                       000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                           0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                  000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                  00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                  00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                    00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                       0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                     0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                         0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                            0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                    000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                      000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                           0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Program Files (x86)\Launch Manager\LMworker.exe[2564] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                            0000000076859d0b 5 bytes JMP 0000000172441c70
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                       00000000776aefe0 5 bytes JMP 000000016fff0148
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                     00000000776d99b0 7 bytes JMP 000000016fff00d8
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                     00000000776e94d0 5 bytes JMP 000000016fff0180
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                     00000000776e9640 5 bytes JMP 000000016fff0110
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                              000000007770a500 7 bytes JMP 000000016fff01b8
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                          000007fefdd43460 7 bytes JMP 000007fffdd300d8
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                            000007fefdd49940 6 bytes JMP 000007fffdd30148
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                               000007fefdd49fb0 5 bytes JMP 000007fffdd30180
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                        000007fefdd4a150 5 bytes JMP 000007fffdd30110
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                         000007feff7f89e0 8 bytes JMP 000007fffdd301f0
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                       000007feff7fbe40 8 bytes JMP 000007fffdd301b8
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                               000007feff2a7490 11 bytes JMP 000007fffdd30228
.text    C:\Windows\system32\taskeng.exe[4444] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                              000007feff2bbf00 7 bytes JMP 000007fffdd30260
.text    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[5460] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                             0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[5460] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                    000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[5460] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                    00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[5460] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                    00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[5460] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                      00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                 00000000765e1401 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                   00000000765e1419 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                 00000000765e1431 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                 00000000765e144a 2 bytes [5E, 76]
.text    ...* 9
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                    00000000765e14dd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                             00000000765e14f5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                    00000000765e150d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                             00000000765e1525 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                   00000000765e153d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                        00000000765e1555 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                 00000000765e156d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                   00000000765e1585 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                      00000000765e159d 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                   00000000765e15b5 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                 00000000765e15cd 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                             00000000765e16b2 2 bytes [5E, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                             00000000765e16bd 2 bytes [5E, 76]
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                0000000076721429 7 bytes JMP 0000000172441e90
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                       000000007673b223 5 bytes JMP 0000000172441da0
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                       00000000767b88f4 7 bytes JMP 0000000172441d90
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                       00000000767b8979 5 bytes JMP 0000000172441e80
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                         00000000767b8ccf 5 bytes JMP 0000000172441e10
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                            0000000076f71d1b 5 bytes JMP 0000000172442450
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                          0000000076f71dc9 5 bytes JMP 00000001724424b0
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                              0000000076f72aa4 5 bytes JMP 0000000172442520
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                 0000000076f72d0a 5 bytes JMP 0000000172442620
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                         000000007537e9a2 5 bytes JMP 0000000172441a00
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                           000000007537ebdc 5 bytes JMP 0000000172441a90
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                0000000076825ea5 5 bytes JMP 0000000172441ce0
.text    C:\Users\XXX\Desktop\gmer-2.0.18444.exe[5780] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                 0000000076859d0b 5 bytes JMP 0000000172441c70

---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1320:3924]                                                                                               000000001000e2eb
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1320:4040]                                                                                               00000000010266e0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1320:4044]                                                                                               00000000010266e0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1320:4048]                                                                                               00000000010266e0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1320:4052]                                                                                               0000000001022560
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2444]                                                                            00000000779c3e45
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2468]                                                                            00000000779c2e25
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2480]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2484]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2488]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2492]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2496]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2572]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2576]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2608]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2616]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2620]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2628]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2640]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2644]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2660]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2668]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2680]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2684]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2696]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2956]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3000]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3004]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3016]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3028]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3032]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3040]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3048]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3056]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3068]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2084]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2036]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:1296]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2344]                                                                            00000000779c3e45
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:2040]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3608]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3640]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3644]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3648]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3652]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3656]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3660]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3664]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3668]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3672]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3912]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3916]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3920]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:3424]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:1980]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2172:6020]                                                                            00000000779c7111
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2504]                                                                            00000000779c3e45
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2520]                                                                            00000000779c2e25
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2592]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2596]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2600]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2604]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2612]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2624]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2632]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2636]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2648]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2664]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2672]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2676]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2688]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2700]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2704]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2728]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2732]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2736]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2960]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2964]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2968]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3020]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3024]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3036]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3044]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3052]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3060]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3064]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2136]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2160]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2244]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2312]                                                                            00000000779c3e45
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:2432]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3176]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3180]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3184]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3188]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3192]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3224]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3236]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3240]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3244]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3248]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3252]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:3256]                                                                            00000000720e29e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2452:5044]                                                                            00000000779c7111
---- Processes - GMER 2.0 ----
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1320]                                                                           0000000073040000
---- Registry - GMER 2.0 ----
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ea62d35                                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ea62d35@0007abbc70d1                                                                           0xF6 0xE0 0x6C 0xA7 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ea62d35@0021d2525735                                                                           0x6F 0xB0 0xD3 0xA7 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                             0x15 0xCB 0xA6 0xC9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                       0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                    0x06 0xB2 0x17 0xAA ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                               0xE9 0xFA 0x8F 0x1E ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ea62d35 (not active ControlSet)                                                                    
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ea62d35@0007abbc70d1                                                                               0xF6 0xE0 0x6C 0xA7 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ea62d35@0021d2525735                                                                               0x6F 0xB0 0xD3 0xA7 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                    0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                    0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                 0x15 0xCB 0xA6 0xC9 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                           0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                        0x06 0xB2 0x17 0xAA ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                   0xE9 0xFA 0x8F 0x1E ...
---- EOF - GMER 2.0 ----
         

Hi,
Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

TDDS hat zwei verdächtige Objekte gefunden.

Was ist denn mit den anderen scans irgendetwas auffälliges??

Code: Alles auswählenAufklappen

ATTFilter

21:35:18.0684 17616  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:35:18.0886 17616  ============================================================
21:35:18.0886 17616  Current date / time: 2013/03/03 21:35:18.0886
21:35:18.0886 17616  SystemInfo:
21:35:18.0886 17616  
21:35:18.0886 17616  OS Version: 6.1.7601 ServicePack: 1.0
21:35:18.0886 17616  Product type: Workstation
21:35:18.0886 17616  ComputerName: XXX-PC
21:35:18.0886 17616  UserName: XXX
21:35:18.0886 17616  Windows directory: C:\Windows
21:35:18.0886 17616  System windows directory: C:\Windows
21:35:18.0886 17616  Running under WOW64
21:35:18.0886 17616  Processor architecture: Intel x64
21:35:18.0886 17616  Number of processors: 8
21:35:18.0886 17616  Page size: 0x1000
21:35:18.0886 17616  Boot type: Normal boot
21:35:18.0886 17616  ============================================================
21:35:19.0885 17616  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:35:19.0900 17616  ============================================================
21:35:19.0900 17616  \Device\Harddisk0\DR0:
21:35:19.0900 17616  MBR partitions:
21:35:19.0900 17616  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
21:35:19.0900 17616  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x54D13000
21:35:19.0900 17616  ============================================================
21:35:19.0932 17616  C: <-> \Device\Harddisk0\DR0\Partition2
21:35:19.0932 17616  ============================================================
21:35:19.0932 17616  Initialize success
21:35:19.0932 17616  ============================================================
21:35:31.0788 17740  ============================================================
21:35:31.0788 17740  Scan started
21:35:31.0788 17740  Mode: Manual; SigCheck; TDLFS; 
21:35:31.0788 17740  ============================================================
21:35:33.0816 17740  ================ Scan system memory ========================
21:35:33.0816 17740  System memory - ok
21:35:33.0816 17740  ================ Scan services =============================
21:35:34.0097 17740  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:35:34.0331 17740  1394ohci - ok
21:35:34.0377 17740  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:35:34.0409 17740  ACPI - ok
21:35:34.0424 17740  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:35:34.0533 17740  AcpiPmi - ok
21:35:34.0611 17740  [ 5AE65DCD983077278A6173C2872BCA99 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
21:35:34.0658 17740  acsock - ok
21:35:34.0752 17740  [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
21:35:34.0783 17740  AdobeActiveFileMonitor9.0 - ok
21:35:34.0861 17740  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:35:34.0892 17740  AdobeARMservice - ok
21:35:35.0064 17740  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:35:35.0079 17740  AdobeFlashPlayerUpdateSvc - ok
21:35:35.0142 17740  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:35:35.0220 17740  adp94xx - ok
21:35:35.0251 17740  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:35:35.0298 17740  adpahci - ok
21:35:35.0313 17740  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:35:35.0345 17740  adpu320 - ok
21:35:35.0376 17740  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:35:35.0672 17740  AeLookupSvc - ok
21:35:35.0735 17740  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:35:35.0828 17740  AFD - ok
21:35:35.0875 17740  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:35:35.0906 17740  agp440 - ok
21:35:35.0937 17740  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:35:36.0031 17740  ALG - ok
21:35:36.0047 17740  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:35:36.0078 17740  aliide - ok
21:35:36.0093 17740  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:35:36.0125 17740  amdide - ok
21:35:36.0140 17740  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:35:36.0187 17740  AmdK8 - ok
21:35:36.0203 17740  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:35:36.0249 17740  AmdPPM - ok
21:35:36.0296 17740  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:35:36.0343 17740  amdsata - ok
21:35:36.0343 17740  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:35:36.0390 17740  amdsbs - ok
21:35:36.0405 17740  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:35:36.0452 17740  amdxata - ok
21:35:36.0546 17740  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:35:36.0561 17740  AntiVirSchedulerService - ok
21:35:36.0608 17740  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:35:36.0639 17740  AntiVirService - ok
21:35:36.0686 17740  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:35:36.0920 17740  AppID - ok
21:35:36.0967 17740  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:35:37.0092 17740  AppIDSvc - ok
21:35:37.0123 17740  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:35:37.0232 17740  Appinfo - ok
21:35:37.0279 17740  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:35:37.0326 17740  arc - ok
21:35:37.0341 17740  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:35:37.0373 17740  arcsas - ok
21:35:37.0451 17740  aspnet_state - ok
21:35:37.0466 17740  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:37.0591 17740  AsyncMac - ok
21:35:37.0638 17740  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:35:37.0669 17740  atapi - ok
21:35:37.0716 17740  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:35:37.0841 17740  AudioEndpointBuilder - ok
21:35:37.0856 17740  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:35:37.0965 17740  AudioSrv - ok
21:35:38.0043 17740  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:35:38.0075 17740  avgntflt - ok
21:35:38.0106 17740  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:35:38.0137 17740  avipbb - ok
21:35:38.0153 17740  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:35:38.0199 17740  avkmgr - ok
21:35:38.0231 17740  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:35:38.0371 17740  AxInstSV - ok
21:35:38.0433 17740  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:35:38.0511 17740  b06bdrv - ok
21:35:38.0558 17740  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:38.0636 17740  b57nd60a - ok
21:35:38.0667 17740  [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
21:35:38.0714 17740  b57xdbd - ok
21:35:38.0730 17740  [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
21:35:38.0761 17740  b57xdmp - ok
21:35:38.0823 17740  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:35:38.0870 17740  BBSvc - ok
21:35:39.0042 17740  [ 85111026F1C5A1C4CCE3697F0DA7BC1A ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:35:39.0307 17740  BCM43XX - ok
21:35:39.0354 17740  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:35:39.0447 17740  BDESVC - ok
21:35:39.0463 17740  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:35:39.0588 17740  Beep - ok
21:35:39.0650 17740  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:35:39.0775 17740  BFE - ok
21:35:39.0822 17740  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
21:35:40.0009 17740  BITS - ok
21:35:40.0040 17740  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:35:40.0087 17740  blbdrive - ok
21:35:40.0134 17740  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:35:40.0212 17740  bowser - ok
21:35:40.0243 17740  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:35:40.0305 17740  BrFiltLo - ok
21:35:40.0305 17740  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:35:40.0352 17740  BrFiltUp - ok
21:35:40.0399 17740  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:35:40.0524 17740  BridgeMP - ok
21:35:40.0539 17740  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:35:40.0649 17740  Browser - ok
21:35:40.0680 17740  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:35:40.0789 17740  Brserid - ok
21:35:40.0805 17740  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:40.0867 17740  BrSerWdm - ok
21:35:40.0867 17740  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:40.0914 17740  BrUsbMdm - ok
21:35:40.0914 17740  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:40.0961 17740  BrUsbSer - ok
21:35:41.0007 17740  [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
21:35:41.0039 17740  bScsiMSa - ok
21:35:41.0085 17740  [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
21:35:41.0117 17740  bScsiSDa - ok
21:35:41.0179 17740  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:35:41.0304 17740  BthEnum - ok
21:35:41.0335 17740  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:41.0382 17740  BTHMODEM - ok
21:35:41.0413 17740  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:35:41.0475 17740  BthPan - ok
21:35:41.0522 17740  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:35:41.0631 17740  BTHPORT - ok
21:35:41.0663 17740  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:35:41.0772 17740  bthserv - ok
21:35:41.0803 17740  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:35:41.0865 17740  BTHUSB - ok
21:35:41.0912 17740  [ 9DE56FA4533E485AE5409D3C11747143 ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
21:35:41.0975 17740  BTWAMPFL - ok
21:35:42.0037 17740  [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:35:42.0068 17740  btwaudio - ok
21:35:42.0099 17740  [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
21:35:42.0146 17740  btwavdt - ok
21:35:42.0224 17740  [ 5B6B009D4F4449E77264AFD6DAD185E0 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:35:42.0302 17740  btwdins - ok
21:35:42.0318 17740  [ E8D2BCD080EA91E74775B9F5EA051F97 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
21:35:42.0349 17740  btwl2cap - ok
21:35:42.0380 17740  [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:35:42.0411 17740  btwrchid - ok
21:35:42.0427 17740  catchme - ok
21:35:42.0474 17740  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:35:42.0583 17740  cdfs - ok
21:35:42.0614 17740  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:35:42.0677 17740  cdrom - ok
21:35:42.0708 17740  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:35:42.0817 17740  CertPropSvc - ok
21:35:42.0864 17740  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:35:42.0911 17740  circlass - ok
21:35:42.0942 17740  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:35:42.0989 17740  CLFS - ok
21:35:43.0098 17740  [ 7AD6AD732247CC3D7A943465748C0D47 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
21:35:43.0269 17740  CLKMSVC10_38F51D56 - ok
21:35:43.0316 17740  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:43.0363 17740  clr_optimization_v2.0.50727_32 - ok
21:35:43.0425 17740  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:35:43.0472 17740  clr_optimization_v2.0.50727_64 - ok
21:35:43.0550 17740  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:35:43.0613 17740  clr_optimization_v4.0.30319_32 - ok
21:35:43.0659 17740  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:35:43.0675 17740  clr_optimization_v4.0.30319_64 - ok
21:35:43.0722 17740  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:35:43.0769 17740  CmBatt - ok
21:35:43.0800 17740  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:35:43.0831 17740  cmdide - ok
21:35:43.0893 17740  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:35:43.0987 17740  CNG - ok
21:35:44.0018 17740  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:35:44.0049 17740  Compbatt - ok
21:35:44.0096 17740  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:35:44.0143 17740  CompositeBus - ok
21:35:44.0159 17740  COMSysApp - ok
21:35:44.0190 17740  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:35:44.0221 17740  crcdisk - ok
21:35:44.0268 17740  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:35:44.0611 17740  CryptSvc - ok
21:35:44.0705 17740  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:35:44.0798 17740  cvhsvc - ok
21:35:44.0814 17740  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
21:35:44.0845 17740  CVirtA - ok
21:35:44.0892 17740  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:35:45.0017 17740  DcomLaunch - ok
21:35:45.0063 17740  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:35:45.0204 17740  defragsvc - ok
21:35:45.0235 17740  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:35:45.0344 17740  DfsC - ok
21:35:45.0360 17740  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:35:45.0453 17740  Dhcp - ok
21:35:45.0500 17740  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:35:45.0609 17740  discache - ok
21:35:45.0641 17740  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:35:45.0687 17740  Disk - ok
21:35:45.0719 17740  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
21:35:45.0750 17740  DNE - ok
21:35:45.0781 17740  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:35:45.0828 17740  Dnscache - ok
21:35:45.0843 17740  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:35:45.0984 17740  dot3svc - ok
21:35:46.0015 17740  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:35:46.0109 17740  DPS - ok
21:35:46.0155 17740  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:35:46.0202 17740  drmkaud - ok
21:35:46.0265 17740  [ 4AB2A58816CC6BE771F1D8C768B804C5 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:35:46.0296 17740  DsiWMIService - ok
21:35:46.0343 17740  [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:35:46.0389 17740  dtsoftbus01 - ok
21:35:46.0421 17740  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:35:46.0514 17740  DXGKrnl - ok
21:35:46.0561 17740  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:35:46.0686 17740  EapHost - ok
21:35:46.0779 17740  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:35:46.0998 17740  ebdrv - ok
21:35:47.0029 17740  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:35:47.0107 17740  EFS - ok
21:35:47.0185 17740  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:35:47.0294 17740  ehRecvr - ok
21:35:47.0310 17740  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:35:47.0372 17740  ehSched - ok
21:35:47.0419 17740  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:35:47.0497 17740  elxstor - ok
21:35:47.0575 17740  [ AC5C64F828C0A6A1350971501AC2A0C7 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
21:35:47.0653 17740  ePowerSvc - ok
21:35:47.0653 17740  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:35:47.0700 17740  ErrDev - ok
21:35:47.0778 17740  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:35:47.0887 17740  EventSystem - ok
21:35:47.0934 17740  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:35:48.0059 17740  exfat - ok
21:35:48.0074 17740  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:35:48.0199 17740  fastfat - ok
21:35:48.0246 17740  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:35:48.0355 17740  Fax - ok
21:35:48.0402 17740  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:35:48.0449 17740  fdc - ok
21:35:48.0480 17740  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:35:48.0573 17740  fdPHost - ok
21:35:48.0589 17740  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:35:48.0683 17740  FDResPub - ok
21:35:48.0714 17740  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:35:48.0761 17740  FileInfo - ok
21:35:48.0776 17740  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:35:48.0885 17740  Filetrace - ok
21:35:48.0963 17740  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:35:49.0057 17740  FLEXnet Licensing Service - ok
21:35:49.0088 17740  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:35:49.0119 17740  flpydisk - ok
21:35:49.0166 17740  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:35:49.0229 17740  FltMgr - ok
21:35:49.0307 17740  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:35:49.0416 17740  FontCache - ok
21:35:49.0478 17740  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:35:49.0525 17740  FontCache3.0.0.0 - ok
21:35:49.0556 17740  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:35:49.0603 17740  FsDepends - ok
21:35:49.0634 17740  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:35:49.0665 17740  Fs_Rec - ok
21:35:49.0697 17740  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:35:49.0743 17740  fvevol - ok
21:35:49.0759 17740  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:35:49.0806 17740  gagp30kx - ok
21:35:49.0868 17740  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:35:49.0931 17740  GamesAppService - ok
21:35:49.0977 17740  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:35:50.0118 17740  gpsvc - ok
21:35:50.0165 17740  [ 84E58FEA8B1A7537696A20C59CB9B0C9 ] GREGService     C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
21:35:50.0196 17740  GREGService ( UnsignedFile.Multi.Generic ) - warning
21:35:50.0196 17740  GREGService - detected UnsignedFile.Multi.Generic (1)
21:35:50.0227 17740  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:35:50.0321 17740  hcw85cir - ok
21:35:50.0352 17740  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:35:50.0414 17740  HdAudAddService - ok
21:35:50.0461 17740  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:35:50.0508 17740  HDAudBus - ok
21:35:50.0508 17740  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:35:50.0555 17740  HidBatt - ok
21:35:50.0570 17740  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:35:50.0617 17740  HidBth - ok
21:35:50.0664 17740  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:35:50.0695 17740  HidIr - ok
21:35:50.0726 17740  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
21:35:50.0835 17740  hidserv - ok
21:35:50.0867 17740  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:35:50.0898 17740  HidUsb - ok
21:35:50.0929 17740  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:35:51.0054 17740  hkmsvc - ok
21:35:51.0085 17740  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:35:51.0147 17740  HomeGroupListener - ok
21:35:51.0179 17740  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:35:51.0225 17740  HomeGroupProvider - ok
21:35:51.0257 17740  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:35:51.0303 17740  HpSAMD - ok
21:35:51.0335 17740  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:35:51.0459 17740  HTTP - ok
21:35:51.0491 17740  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:35:51.0522 17740  hwpolicy - ok
21:35:51.0537 17740  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:35:51.0584 17740  i8042prt - ok
21:35:51.0647 17740  [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor          C:\Windows\system32\drivers\iaStor.sys
21:35:51.0678 17740  iaStor - ok
21:35:51.0740 17740  [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:35:51.0771 17740  IAStorDataMgrSvc - ok
21:35:51.0818 17740  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:35:51.0881 17740  iaStorV - ok
21:35:51.0959 17740  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:35:52.0005 17740  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:35:52.0005 17740  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:35:52.0068 17740  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:35:52.0193 17740  idsvc - ok
21:35:52.0536 17740  [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:35:53.0175 17740  igfx - ok
21:35:53.0222 17740  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:35:53.0253 17740  iirsp - ok
21:35:53.0316 17740  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:35:53.0456 17740  IKEEXT - ok
21:35:53.0581 17740  [ B60ACCD29F8FAFC4A6344CD2BD5CA3A5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:35:53.0799 17740  IntcAzAudAddService - ok
21:35:53.0846 17740  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:35:53.0924 17740  IntcDAud - ok
21:35:53.0955 17740  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:35:53.0987 17740  intelide - ok
21:35:54.0018 17740  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:35:54.0065 17740  intelppm - ok
21:35:54.0111 17740  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:35:54.0236 17740  IPBusEnum - ok
21:35:54.0252 17740  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:54.0345 17740  IpFilterDriver - ok
21:35:54.0392 17740  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:35:54.0501 17740  iphlpsvc - ok
21:35:54.0517 17740  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:35:54.0564 17740  IPMIDRV - ok
21:35:54.0579 17740  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:35:54.0689 17740  IPNAT - ok
21:35:54.0720 17740  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:35:54.0767 17740  IRENUM - ok
21:35:54.0798 17740  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:35:54.0829 17740  isapnp - ok
21:35:54.0845 17740  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:35:54.0907 17740  iScsiPrt - ok
21:35:54.0954 17740  [ 0469BFF65BBDEE9E46D0C45EE32A08BD ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
21:35:55.0047 17740  k57nd60a - ok
21:35:55.0063 17740  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:55.0094 17740  kbdclass - ok
21:35:55.0110 17740  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:35:55.0157 17740  kbdhid - ok
21:35:55.0188 17740  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:35:55.0219 17740  KeyIso - ok
21:35:55.0250 17740  KMService - ok
21:35:55.0281 17740  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:35:55.0328 17740  KSecDD - ok
21:35:55.0344 17740  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:35:55.0391 17740  KSecPkg - ok
21:35:55.0406 17740  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:35:55.0515 17740  ksthunk - ok
21:35:55.0547 17740  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:35:55.0687 17740  KtmRm - ok
21:35:55.0749 17740  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:35:55.0859 17740  LanmanServer - ok
21:35:55.0890 17740  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:35:55.0983 17740  LanmanWorkstation - ok
21:35:56.0046 17740  [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
21:35:56.0061 17740  Live Updater Service - ok
21:35:56.0124 17740  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:35:56.0233 17740  lltdio - ok
21:35:56.0280 17740  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:35:56.0420 17740  lltdsvc - ok
21:35:56.0436 17740  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:35:56.0545 17740  lmhosts - ok
21:35:56.0592 17740  [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:35:56.0623 17740  LMS - ok
21:35:56.0685 17740  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:35:56.0717 17740  LSI_FC - ok
21:35:56.0732 17740  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:35:56.0779 17740  LSI_SAS - ok
21:35:56.0779 17740  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:35:56.0810 17740  LSI_SAS2 - ok
21:35:56.0826 17740  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:35:56.0857 17740  LSI_SCSI - ok
21:35:56.0888 17740  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:35:56.0997 17740  luafv - ok
21:35:57.0044 17740  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:35:57.0107 17740  Mcx2Svc - ok
21:35:57.0107 17740  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:35:57.0153 17740  megasas - ok
21:35:57.0200 17740  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:35:57.0247 17740  MegaSR - ok
21:35:57.0294 17740  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:35:57.0325 17740  MEIx64 - ok
21:35:57.0434 17740  Microsoft SharePoint Workspace Audit Service - ok
21:35:57.0465 17740  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:35:57.0559 17740  MMCSS - ok
21:35:57.0575 17740  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:35:57.0684 17740  Modem - ok
21:35:57.0715 17740  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:35:57.0762 17740  monitor - ok
21:35:57.0793 17740  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:35:57.0824 17740  mouclass - ok
21:35:57.0855 17740  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:35:57.0902 17740  mouhid - ok
21:35:57.0933 17740  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:35:57.0965 17740  mountmgr - ok
21:35:58.0027 17740  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:35:58.0058 17740  MozillaMaintenance - ok
21:35:58.0074 17740  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:35:58.0121 17740  mpio - ok
21:35:58.0152 17740  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:35:58.0245 17740  mpsdrv - ok
21:35:58.0308 17740  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:35:58.0433 17740  MpsSvc - ok
21:35:58.0464 17740  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:35:58.0526 17740  MRxDAV - ok
21:35:58.0557 17740  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:58.0651 17740  mrxsmb - ok
21:35:58.0682 17740  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:58.0745 17740  mrxsmb10 - ok
21:35:58.0760 17740  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:58.0807 17740  mrxsmb20 - ok
21:35:58.0838 17740  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:35:58.0869 17740  msahci - ok
21:35:58.0869 17740  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:35:58.0916 17740  msdsm - ok
21:35:58.0947 17740  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:35:58.0979 17740  MSDTC - ok
21:35:59.0025 17740  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:35:59.0119 17740  Msfs - ok
21:35:59.0135 17740  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:35:59.0244 17740  mshidkmdf - ok
21:35:59.0259 17740  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:35:59.0291 17740  msisadrv - ok
21:35:59.0337 17740  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:35:59.0447 17740  MSiSCSI - ok
21:35:59.0462 17740  msiserver - ok
21:35:59.0493 17740  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:35:59.0587 17740  MSKSSRV - ok
21:35:59.0587 17740  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:59.0696 17740  MSPCLOCK - ok
21:35:59.0727 17740  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:35:59.0821 17740  MSPQM - ok
21:35:59.0852 17740  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:35:59.0930 17740  MsRPC - ok
21:35:59.0946 17740  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:35:59.0977 17740  mssmbios - ok
21:36:00.0102 17740  MSSQL$SQLEXPRESS - ok
21:36:00.0164 17740  MSSQLSERVER - ok
21:36:00.0227 17740  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:36:00.0305 17740  MSSQLServerADHelper - ok
21:36:00.0351 17740  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:36:00.0461 17740  MSTEE - ok
21:36:00.0461 17740  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:36:00.0492 17740  MTConfig - ok
21:36:00.0523 17740  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:36:00.0554 17740  Mup - ok
21:36:00.0601 17740  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:36:00.0726 17740  napagent - ok
21:36:00.0757 17740  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:36:00.0851 17740  NativeWifiP - ok
21:36:00.0913 17740  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
21:36:00.0960 17740  NAUpdate - ok
21:36:01.0022 17740  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:36:01.0100 17740  NDIS - ok
21:36:01.0131 17740  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:36:01.0225 17740  NdisCap - ok
21:36:01.0256 17740  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:36:01.0350 17740  NdisTapi - ok
21:36:01.0397 17740  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:36:01.0490 17740  Ndisuio - ok
21:36:01.0521 17740  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:36:01.0631 17740  NdisWan - ok
21:36:01.0662 17740  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:36:01.0771 17740  NDProxy - ok
21:36:01.0787 17740  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:36:01.0880 17740  NetBIOS - ok
21:36:01.0896 17740  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:36:01.0989 17740  NetBT - ok
21:36:02.0005 17740  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:36:02.0036 17740  Netlogon - ok
21:36:02.0067 17740  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:36:02.0177 17740  Netman - ok
21:36:02.0208 17740  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:36:02.0317 17740  netprofm - ok
21:36:02.0379 17740  [ 618C55B392238B9467F9113E13525C49 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
21:36:02.0489 17740  netr28ux - ok
21:36:02.0520 17740  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:36:02.0567 17740  NetTcpPortSharing - ok
21:36:02.0598 17740  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:36:02.0645 17740  nfrd960 - ok
21:36:02.0738 17740  [ 30128D3FC1F388E4CBE746F659C69415 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
21:36:02.0801 17740  NitroReaderDriverReadSpool3 - ok
21:36:02.0847 17740  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:36:02.0894 17740  NlaSvc - ok
21:36:03.0019 17740  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:36:03.0191 17740  NOBU - ok
21:36:03.0222 17740  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:36:03.0315 17740  Npfs - ok
21:36:03.0347 17740  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:36:03.0425 17740  nsi - ok
21:36:03.0440 17740  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:36:03.0549 17740  nsiproxy - ok
21:36:03.0627 17740  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:36:03.0799 17740  Ntfs - ok
21:36:03.0861 17740  [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
21:36:03.0893 17740  NTI IScheduleSvc - ok
21:36:03.0924 17740  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
21:36:03.0955 17740  NTIDrvr - ok
21:36:03.0971 17740  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:36:04.0064 17740  Null - ok
21:36:04.0111 17740  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
21:36:04.0173 17740  nusb3hub - ok
21:36:04.0205 17740  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:36:04.0251 17740  nusb3xhc - ok
21:36:04.0626 17740  [ 73DC184AF4D2ADDC41B37344636D2CC7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:36:05.0390 17740  nvlddmkm - ok
21:36:05.0421 17740  [ 477A3CF725C4040F77EB9E2C17B922A0 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
21:36:05.0437 17740  nvpciflt - ok
21:36:05.0468 17740  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:36:05.0515 17740  nvraid - ok
21:36:05.0531 17740  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:36:05.0577 17740  nvstor - ok
21:36:05.0640 17740  [ 6D1056430AFC72A6097409A70A716C15 ] NVSvc           C:\Windows\system32\nvvsvc.exe
21:36:05.0718 17740  NVSvc - ok
21:36:05.0811 17740  [ A072423C3812472D326BC774610055CF ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:36:05.0936 17740  nvUpdatusService - ok
21:36:05.0967 17740  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:36:06.0014 17740  nv_agp - ok
21:36:06.0108 17740  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:36:06.0170 17740  odserv - ok
21:36:06.0201 17740  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:36:06.0248 17740  ohci1394 - ok
21:36:06.0311 17740  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:06.0326 17740  ose - ok
21:36:06.0529 17740  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:36:06.0794 17740  osppsvc - ok
21:36:06.0825 17740  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:36:06.0935 17740  p2pimsvc - ok
21:36:06.0966 17740  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:36:07.0013 17740  p2psvc - ok
21:36:07.0044 17740  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
21:36:07.0075 17740  Parport - ok
21:36:07.0122 17740  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:36:07.0153 17740  partmgr - ok
21:36:07.0169 17740  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:36:07.0215 17740  PcaSvc - ok
21:36:07.0247 17740  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:36:07.0278 17740  pci - ok
21:36:07.0293 17740  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:36:07.0325 17740  pciide - ok
21:36:07.0325 17740  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:36:07.0371 17740  pcmcia - ok
21:36:07.0403 17740  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:36:07.0434 17740  pcw - ok
21:36:07.0449 17740  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:36:07.0605 17740  PEAUTH - ok
21:36:07.0746 17740  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:36:07.0793 17740  PerfHost - ok
21:36:07.0855 17740  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:36:08.0027 17740  pla - ok
21:36:08.0073 17740  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:36:08.0167 17740  PlugPlay - ok
21:36:08.0183 17740  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:36:08.0229 17740  PNRPAutoReg - ok
21:36:08.0261 17740  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:36:08.0292 17740  PNRPsvc - ok
21:36:08.0339 17740  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:36:08.0479 17740  PolicyAgent - ok
21:36:08.0526 17740  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:36:08.0635 17740  Power - ok
21:36:08.0682 17740  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:36:08.0791 17740  PptpMiniport - ok
21:36:08.0807 17740  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:36:08.0853 17740  Processor - ok
21:36:08.0900 17740  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:36:08.0978 17740  ProfSvc - ok
21:36:08.0994 17740  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:36:09.0025 17740  ProtectedStorage - ok
21:36:09.0056 17740  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:36:09.0165 17740  Psched - ok
21:36:09.0212 17740  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
21:36:09.0243 17740  PxHlpa64 - ok
21:36:09.0321 17740  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:36:09.0477 17740  ql2300 - ok
21:36:09.0493 17740  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:36:09.0540 17740  ql40xx - ok
21:36:09.0571 17740  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:36:09.0649 17740  QWAVE - ok
21:36:09.0665 17740  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:36:09.0727 17740  QWAVEdrv - ok
21:36:09.0727 17740  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:36:09.0836 17740  RasAcd - ok
21:36:09.0867 17740  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:36:09.0977 17740  RasAgileVpn - ok
21:36:10.0008 17740  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:36:10.0117 17740  RasAuto - ok
21:36:10.0148 17740  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:36:10.0257 17740  Rasl2tp - ok
21:36:10.0289 17740  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:36:10.0398 17740  RasMan - ok
21:36:10.0413 17740  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:36:10.0523 17740  RasPppoe - ok
21:36:10.0554 17740  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:36:10.0679 17740  RasSstp - ok
21:36:10.0710 17740  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:36:10.0835 17740  rdbss - ok
21:36:10.0850 17740  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:36:10.0897 17740  rdpbus - ok
21:36:10.0928 17740  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:36:11.0022 17740  RDPCDD - ok
21:36:11.0037 17740  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:36:11.0147 17740  RDPENCDD - ok
21:36:11.0147 17740  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:36:11.0240 17740  RDPREFMP - ok
21:36:11.0271 17740  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:36:11.0349 17740  RDPWD - ok
21:36:11.0396 17740  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:36:11.0443 17740  rdyboost - ok
21:36:11.0474 17740  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:36:11.0583 17740  RemoteAccess - ok
21:36:11.0630 17740  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:36:11.0755 17740  RemoteRegistry - ok
21:36:11.0802 17740  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:36:11.0849 17740  RFCOMM - ok
21:36:11.0880 17740  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:36:11.0973 17740  RpcEptMapper - ok
21:36:12.0005 17740  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:36:12.0036 17740  RpcLocator - ok
21:36:12.0067 17740  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:36:12.0161 17740  RpcSs - ok
21:36:12.0207 17740  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:36:12.0317 17740  rspndr - ok
21:36:12.0332 17740  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:36:12.0363 17740  SamSs - ok
21:36:12.0457 17740  [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
21:36:12.0473 17740  SamsungAllShareV2.0 - ok
21:36:12.0504 17740  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:36:12.0535 17740  sbp2port - ok
21:36:12.0566 17740  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:36:12.0675 17740  SCardSvr - ok
21:36:12.0753 17740  [ 07237C66E05DA6778E9F3CB67FA00736 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
21:36:12.0800 17740  SCDEmu - ok
21:36:12.0816 17740  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:36:12.0925 17740  scfilter - ok
21:36:12.0956 17740  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:36:13.0097 17740  Schedule - ok
21:36:13.0128 17740  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:36:13.0206 17740  SCPolicySvc - ok
21:36:13.0253 17740  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:36:13.0299 17740  sdbus - ok
21:36:13.0331 17740  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:36:13.0409 17740  SDRSVC - ok
21:36:13.0471 17740  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:36:13.0518 17740  SeaPort - ok
21:36:13.0549 17740  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:36:13.0658 17740  secdrv - ok
21:36:13.0689 17740  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:36:13.0783 17740  seclogon - ok
21:36:13.0814 17740  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
21:36:13.0923 17740  SENS - ok
21:36:13.0939 17740  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:36:14.0001 17740  SensrSvc - ok
21:36:14.0017 17740  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:36:14.0064 17740  Serenum - ok
21:36:14.0079 17740  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
21:36:14.0142 17740  Serial - ok
21:36:14.0157 17740  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:36:14.0220 17740  sermouse - ok
21:36:14.0251 17740  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:36:14.0360 17740  SessionEnv - ok
21:36:14.0360 17740  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:36:14.0407 17740  sffdisk - ok
21:36:14.0423 17740  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:36:14.0485 17740  sffp_mmc - ok
21:36:14.0485 17740  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:36:14.0532 17740  sffp_sd - ok
21:36:14.0547 17740  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:36:14.0594 17740  sfloppy - ok
21:36:14.0657 17740  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
21:36:14.0719 17740  Sftfs - ok
21:36:14.0781 17740  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:36:14.0859 17740  sftlist - ok
21:36:14.0875 17740  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:36:14.0922 17740  Sftplay - ok
21:36:14.0937 17740  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:36:14.0969 17740  Sftredir - ok
21:36:14.0969 17740  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
21:36:15.0000 17740  Sftvol - ok
21:36:15.0031 17740  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:36:15.0047 17740  sftvsa - ok
21:36:15.0093 17740  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:36:15.0203 17740  SharedAccess - ok
21:36:15.0249 17740  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:36:15.0374 17740  ShellHWDetection - ok
21:36:15.0421 17740  [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
21:36:15.0468 17740  SimpleSlideShowServer - ok
21:36:15.0499 17740  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:36:15.0530 17740  SiSRaid2 - ok
21:36:15.0546 17740  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:36:15.0577 17740  SiSRaid4 - ok
21:36:15.0639 17740  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:36:15.0671 17740  SkypeUpdate - ok
21:36:15.0686 17740  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:36:15.0795 17740  Smb - ok
21:36:15.0842 17740  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:36:15.0889 17740  SNMPTRAP - ok
21:36:15.0905 17740  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:36:15.0936 17740  spldr - ok
21:36:15.0983 17740  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:36:16.0076 17740  Spooler - ok
21:36:16.0170 17740  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:36:16.0419 17740  sppsvc - ok
21:36:16.0435 17740  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:36:16.0529 17740  sppuinotify - ok
21:36:16.0591 17740  sptd - ok
21:36:16.0700 17740  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:36:16.0763 17740  SQLBrowser - ok
21:36:16.0809 17740  [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:36:16.0841 17740  SQLWriter - ok
21:36:16.0887 17740  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:36:16.0981 17740  srv - ok
21:36:16.0997 17740  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:36:17.0075 17740  srv2 - ok
21:36:17.0090 17740  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:36:17.0137 17740  srvnet - ok
21:36:17.0215 17740  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
21:36:17.0309 17740  ssadbus - ok
21:36:17.0355 17740  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:36:17.0418 17740  ssadmdfl - ok
21:36:17.0449 17740  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
21:36:17.0511 17740  ssadmdm - ok
21:36:17.0558 17740  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:36:17.0667 17740  SSDPSRV - ok
21:36:17.0699 17740  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:36:17.0792 17740  SstpSvc - ok
21:36:17.0823 17740  StarOpen - ok
21:36:17.0855 17740  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:36:17.0886 17740  stexstor - ok
21:36:17.0933 17740  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:36:18.0011 17740  stisvc - ok
21:36:18.0011 17740  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:36:18.0042 17740  swenum - ok
21:36:18.0073 17740  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:36:18.0198 17740  swprv - ok
21:36:18.0260 17740  [ EF51B22706DB03F0857FADE127C804EC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:36:18.0385 17740  SynTP - ok
21:36:18.0432 17740  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:36:18.0557 17740  SysMain - ok
21:36:18.0572 17740  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:36:18.0650 17740  TabletInputService - ok
21:36:18.0697 17740  [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
21:36:18.0728 17740  taphss - ok
21:36:18.0744 17740  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:36:18.0837 17740  TapiSrv - ok
21:36:18.0869 17740  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:36:18.0962 17740  TBS - ok
21:36:19.0056 17740  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:36:19.0274 17740  Tcpip - ok
21:36:19.0321 17740  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:36:19.0415 17740  TCPIP6 - ok
21:36:19.0446 17740  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:36:19.0477 17740  tcpipreg - ok
21:36:19.0524 17740  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:36:19.0586 17740  TDPIPE - ok
21:36:19.0617 17740  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:36:19.0649 17740  TDTCP - ok
21:36:19.0680 17740  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:36:19.0789 17740  tdx - ok
21:36:19.0820 17740  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:36:19.0851 17740  TermDD - ok
21:36:19.0883 17740  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:36:20.0039 17740  TermService - ok
21:36:20.0054 17740  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:36:20.0101 17740  Themes - ok
21:36:20.0117 17740  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:36:20.0210 17740  THREADORDER - ok
21:36:20.0226 17740  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:36:20.0335 17740  TrkWks - ok
21:36:20.0366 17740  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:36:20.0475 17740  TrustedInstaller - ok
21:36:20.0522 17740  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:36:20.0616 17740  tssecsrv - ok
21:36:20.0631 17740  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:36:20.0694 17740  TsUsbFlt - ok
21:36:20.0694 17740  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:36:20.0725 17740  TsUsbGD - ok
21:36:20.0756 17740  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:36:20.0865 17740  tunnel - ok
21:36:20.0897 17740  [ 48743B69EA47C020A792D8649F753F44 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
21:36:20.0928 17740  TurboB - ok
21:36:21.0006 17740  [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:36:21.0037 17740  TurboBoost - ok
21:36:21.0053 17740  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:36:21.0099 17740  uagp35 - ok
21:36:21.0146 17740  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
21:36:21.0162 17740  UBHelper - ok
21:36:21.0193 17740  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:36:21.0318 17740  udfs - ok
21:36:21.0349 17740  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:36:21.0396 17740  UI0Detect - ok
21:36:21.0411 17740  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:36:21.0458 17740  uliagpkx - ok
21:36:21.0474 17740  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:36:21.0521 17740  umbus - ok
21:36:21.0552 17740  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:36:21.0599 17740  UmPass - ok
21:36:21.0739 17740  [ A678E5DDD974903DD71F503BDCACA218 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:36:21.0895 17740  UNS - ok
21:36:21.0942 17740  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:36:22.0051 17740  upnphost - ok
21:36:22.0082 17740  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:36:22.0145 17740  usbccgp - ok
21:36:22.0191 17740  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:36:22.0238 17740  usbcir - ok
21:36:22.0269 17740  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:36:22.0316 17740  usbehci - ok
21:36:22.0347 17740  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:36:22.0441 17740  usbhub - ok
21:36:22.0472 17740  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:36:22.0519 17740  usbohci - ok
21:36:22.0535 17740  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:36:22.0597 17740  usbprint - ok
21:36:22.0644 17740  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:36:22.0691 17740  usbscan - ok
21:36:22.0706 17740  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:36:22.0784 17740  USBSTOR - ok
21:36:22.0815 17740  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:36:22.0862 17740  usbuhci - ok
21:36:22.0909 17740  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:36:22.0956 17740  usbvideo - ok
21:36:22.0971 17740  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:36:23.0081 17740  UxSms - ok
21:36:23.0096 17740  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:36:23.0127 17740  VaultSvc - ok
21:36:23.0159 17740  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:36:23.0190 17740  vdrvroot - ok
21:36:23.0221 17740  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:36:23.0361 17740  vds - ok
21:36:23.0377 17740  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:36:23.0424 17740  vga - ok
21:36:23.0439 17740  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:36:23.0549 17740  VgaSave - ok
21:36:23.0549 17740  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:36:23.0595 17740  vhdmp - ok
21:36:23.0627 17740  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:36:23.0658 17740  viaide - ok
21:36:23.0689 17740  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:36:23.0720 17740  volmgr - ok
21:36:23.0751 17740  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:36:23.0783 17740  volmgrx - ok
21:36:23.0798 17740  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:36:23.0861 17740  volsnap - ok
21:36:23.0970 17740  [ 19AFBA7191A78EDCA6D235456D65E002 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
21:36:24.0017 17740  vpnagent - ok
21:36:24.0032 17740  [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
21:36:24.0063 17740  vpnva - ok
21:36:24.0095 17740  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:36:24.0141 17740  vsmraid - ok
21:36:24.0204 17740  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:36:24.0422 17740  VSS - ok
21:36:24.0469 17740  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:36:24.0531 17740  vwifibus - ok
21:36:24.0563 17740  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:36:24.0625 17740  vwififlt - ok
21:36:24.0672 17740  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:36:24.0719 17740  vwifimp - ok
21:36:24.0765 17740  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:36:24.0859 17740  W32Time - ok
21:36:24.0890 17740  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:36:24.0937 17740  WacomPen - ok
21:36:24.0984 17740  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:36:25.0093 17740  WANARP - ok
21:36:25.0093 17740  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:36:25.0187 17740  Wanarpv6 - ok
21:36:25.0233 17740  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:36:25.0405 17740  wbengine - ok
21:36:25.0436 17740  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:36:25.0499 17740  WbioSrvc - ok
21:36:25.0530 17740  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:36:25.0608 17740  wcncsvc - ok
21:36:25.0623 17740  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:36:25.0686 17740  WcsPlugInService - ok
21:36:25.0717 17740  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:36:25.0748 17740  Wd - ok
21:36:25.0795 17740  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:36:25.0904 17740  Wdf01000 - ok
21:36:25.0920 17740  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:36:26.0045 17740  WdiServiceHost - ok
21:36:26.0045 17740  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:36:26.0091 17740  WdiSystemHost - ok
21:36:26.0138 17740  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:36:26.0232 17740  WebClient - ok
21:36:26.0247 17740  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:36:26.0357 17740  Wecsvc - ok
21:36:26.0372 17740  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:36:26.0466 17740  wercplsupport - ok
21:36:26.0497 17740  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:36:26.0591 17740  WerSvc - ok
21:36:26.0637 17740  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:26.0731 17740  WfpLwf - ok
21:36:26.0747 17740  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:36:26.0778 17740  WIMMount - ok
21:36:26.0793 17740  WinDefend - ok
21:36:26.0809 17740  WinHttpAutoProxySvc - ok
21:36:26.0871 17740  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:36:26.0965 17740  Winmgmt - ok
21:36:27.0059 17740  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:36:27.0308 17740  WinRM - ok
21:36:27.0371 17740  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:36:27.0402 17740  WinUsb - ok
21:36:27.0449 17740  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:36:27.0542 17740  Wlansvc - ok
21:36:27.0620 17740  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:36:27.0651 17740  wlcrasvc - ok
21:36:27.0745 17740  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:36:27.0885 17740  wlidsvc - ok
21:36:27.0917 17740  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:36:27.0963 17740  WmiAcpi - ok
21:36:27.0995 17740  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:36:28.0057 17740  wmiApSrv - ok
21:36:28.0088 17740  WMPNetworkSvc - ok
21:36:28.0119 17740  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:36:28.0182 17740  WPCSvc - ok
21:36:28.0197 17740  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:36:28.0275 17740  WPDBusEnum - ok
21:36:28.0307 17740  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:36:28.0400 17740  ws2ifsl - ok
21:36:28.0431 17740  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:36:28.0494 17740  wscsvc - ok
21:36:28.0494 17740  WSearch - ok
21:36:28.0603 17740  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:36:28.0759 17740  wuauserv - ok
21:36:28.0790 17740  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:36:28.0868 17740  WudfPf - ok
21:36:28.0915 17740  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:28.0962 17740  WUDFRd - ok
21:36:28.0993 17740  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:36:29.0040 17740  wudfsvc - ok
21:36:29.0087 17740  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:36:29.0165 17740  WwanSvc - ok
21:36:29.0227 17740  ================ Scan global ===============================
21:36:29.0258 17740  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:36:29.0289 17740  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:36:29.0321 17740  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:36:29.0336 17740  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:36:29.0367 17740  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:36:29.0383 17740  [Global] - ok
21:36:29.0383 17740  ================ Scan MBR ==================================
21:36:29.0399 17740  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:36:30.0381 17740  \Device\Harddisk0\DR0 - ok
21:36:30.0381 17740  ================ Scan VBR ==================================
21:36:30.0381 17740  [ 5294F6C9A1CA83793769CD67130B4485 ] \Device\Harddisk0\DR0\Partition1
21:36:30.0381 17740  \Device\Harddisk0\DR0\Partition1 - ok
21:36:30.0413 17740  [ 23F296F98784E2F4FA9FDE6B133A540D ] \Device\Harddisk0\DR0\Partition2
21:36:30.0413 17740  \Device\Harddisk0\DR0\Partition2 - ok
21:36:30.0413 17740  ============================================================
21:36:30.0413 17740  Scan finished
21:36:30.0413 17740  ============================================================
21:36:30.0444 7788  Detected object count: 2
21:36:30.0444 7788  Actual detected object count: 2
21:36:35.0639 7788  GREGService ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:35.0639 7788  GREGService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:35.0639 7788  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:35.0639 7788  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:38.0103 5960  Deinitialize success
         

passt

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Hmm also hab gerade nochmal antivir laufen lassen und das hat 106 Funde gemeldet!!!!!!!!!!!!! Die anderen Softwares aber nichts oder nur einen...... Hier mal das Antivir LOG

Code: Alles auswählenAufklappen

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 4. März 2013  17:30

Es wird nach 5129762 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : XXX
Computername   : XXX-PC

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 12:56:59
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  18.07.2012 16:04:38
LUKE.DLL       : 12.3.0.15      68304 Bytes  18.07.2012 16:04:31
AVSCPLR.DLL    : 12.3.0.27      97064 Bytes  18.07.2012 16:04:24
AVREG.DLL      : 12.3.0.33     232232 Bytes  18.07.2012 16:04:23
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 22:37:35
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 16:04:37
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 18:58:39
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 13:42:04
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 22:04:16
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 22:04:16
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 22:04:16
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 22:04:16
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 22:04:16
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 22:03:34
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 22:03:34
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 22:03:33
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 11:59:53
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 11:59:51
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 19:55:21
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 20:24:37
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 20:24:37
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 08:47:42
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 14:26:07
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 19:36:40
VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 17:26:07
VBASE025.VDF   : 7.11.63.71    209408 Bytes  01.03.2013 18:51:15
VBASE026.VDF   : 7.11.63.121   257536 Bytes  04.03.2013 16:16:46
VBASE027.VDF   : 7.11.63.122     2048 Bytes  04.03.2013 16:16:46
VBASE028.VDF   : 7.11.63.123     2048 Bytes  04.03.2013 16:16:46
VBASE029.VDF   : 7.11.63.124     2048 Bytes  04.03.2013 16:16:46
VBASE030.VDF   : 7.11.63.125     2048 Bytes  04.03.2013 16:16:47
VBASE031.VDF   : 7.11.63.136    45056 Bytes  04.03.2013 16:16:47
Engineversion  : 8.2.12.10 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  29.08.2012 14:54:53
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  24.02.2013 14:26:15
AESCN.DLL      : 8.1.10.0      131445 Bytes  14.12.2012 21:25:26
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.07.2012 16:04:20
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 17:49:57
AEPACK.DLL     : 8.3.1.12      815480 Bytes  28.02.2013 17:26:47
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 14:58:03
AEHEUR.DLL     : 8.1.4.222    5767545 Bytes  28.02.2013 17:26:46
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 15:06:19
AEGEN.DLL      : 8.1.6.16      434549 Bytes  25.01.2013 08:42:17
AEEXP.DLL      : 8.4.0.6       192885 Bytes  28.02.2013 17:26:47
AEEMU.DLL      : 8.1.3.2       393587 Bytes  29.08.2012 14:54:52
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 20:24:38
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 14:58:02
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  18.07.2012 16:04:25
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 12:56:59
AVREP.DLL      : 12.3.0.15     179208 Bytes  18.07.2012 16:04:23
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 12:56:59
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  18.07.2012 16:04:22
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  18.07.2012 16:04:34
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  18.07.2012 16:04:24
NETNT.DLL      : 12.3.0.15      17104 Bytes  18.07.2012 16:04:31
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  18.07.2012 16:04:41
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 12:56:58

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 4. März 2013  17:30

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'DeviceDetector.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShareDMS.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMutilps32.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '67' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '5978' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Packard Bell>
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\82bfec0-5d28e075
  [0] Archivtyp: ZIP
  --> main.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\2935be4b-4b5f4677
  [0] Archivtyp: ZIP
  --> main.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.BK
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\7168ca0e-1cff4e4e
  [0] Archivtyp: ZIP
  --> s_a.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/3544.CU.1.B
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> s_d.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
  --> lz.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CX.2
  --> s_b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CN.1
  --> s_c.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.EB
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\710ec8d0-6bf6eec5
  [0] Archivtyp: ZIP
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.CM
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
  --> c.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  --> a.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HE
  --> t.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3f0d2d51-5f3de9ce
  [0] Archivtyp: ZIP
  --> a/Help.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> a/Test.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\40feb752-4ab4ba8a
  [0] Archivtyp: ZIP
  --> syyflqdglpbafelc/atcqmmftagwhue.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Mabowl.Gen
  --> syyflqdglpbafelc/csfqmtlnjbc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\599cce57-172d38e5
  [0] Archivtyp: ZIP
  --> s_a.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/3544.CU.1.B
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> s_d.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
  --> lz.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CX.2
  --> s_b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CN.1
  --> s_c.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.EB
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\16582319-26a704d0
  [0] Archivtyp: ZIP
  --> Effect.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Pycle.Gen
  --> Field.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Small.AO.2
  --> first.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.Expkit.J
  --> Photo.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\407c4183-4beccb28
  [0] Archivtyp: ZIP
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DC
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> zb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
  --> zc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  --> za.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HE
  --> t.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\76a555a2-16264ea4
  [0] Archivtyp: ZIP
  --> a/Help.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> a/Test.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3754a6e6-4a11092b
  [0] Archivtyp: ZIP
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HR
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> a.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
  --> b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  --> c.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HE
  --> t.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41a8eba9-605bce7f
  [0] Archivtyp: ZIP
  --> wkftybt/ypffsjryf.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
  --> wkftybt/wpknbwqsgpyjnevrhwrsust.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Jovab.Gen
  --> wkftybt/ujsemdmwhglyrblyjglcutfa.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Jovab.Gen
  --> wkftybt/pavpgcl.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Jovab.Gen
  --> wkftybt/dayufnbbqpvemvedydfg.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Jovab.Gen
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1fd605aa-25ab8ef2
  [0] Archivtyp: ZIP
  --> rrtrqbrgcu/abedcqlptewvphn.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.PW
  --> rrtrqbrgcu/aedgmy.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.CK.1
  --> rrtrqbrgcu/jphpbkj.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.ES
  --> rrtrqbrgcu/ntlngvftegheyncbcsj.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.ET
  --> rrtrqbrgcu/rhkbtuythjaqlnb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.A.437
  --> rrtrqbrgcu/uyneecumcgfvcpf.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.EU
  --> rrtrqbrgcu/vvqnvftuyy.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.PX
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\487ac36b-3fdc3921
  [0] Archivtyp: ZIP
  --> Effect.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Pycle.Gen
  --> Field.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.A.10
  --> first.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.A.81
  --> Matrix.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.A.4
  --> Photo.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.PC
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\f7167f0-66ae0aff
  [0] Archivtyp: ZIP
  --> kmkcfysyekmhbnnllk/gkemgre.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DV
  --> kmkcfysyekmhbnnllk/grgpldk.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Mabowl.Gen
  --> kmkcfysyekmhbnnllk/hashbjnsedqqhjyyrqbaph.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.EA
  --> kmkcfysyekmhbnnllk/jlltvmmjeffbfvvnvcfhrmlk.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Mabowl.Gen
  --> kmkcfysyekmhbnnllk/mkwfbwngesmgmkjaccnhsrl.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
  --> kmkcfysyekmhbnnllk/vfgdwahasmffcjyjyghjkv.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Mabowl.Gen
  --> kmkcfysyekmhbnnllk/wnkpptpgsr.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DZ
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\580cc9b5-35b05ca0
  [0] Archivtyp: ZIP
  --> Field.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HG
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  --> m.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3a9987fa-51060aec
  [0] Archivtyp: ZIP
  --> roiqa/roiqa.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ivinest.Gen
  --> roiqa/roiqc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.9
  --> roiqa/roiqd.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.18
  --> roiqa/roiqb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.7
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\26ea53bc-7e4c3db0
  [0] Archivtyp: ZIP
  --> n111111a/n111111f.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> n111111a/n111111a.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.GY
  --> n111111a/n111111c.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.DM
  --> n111111a/n111111d.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Kara.BB
  --> n111111a/n111111b.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Kara.BC
  --> n111111a/n111111e.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2008-5353.CR
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\3543a7fc-4362dd07
  [0] Archivtyp: ZIP
  --> s_a.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/3544.CU.1.B
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> s_d.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
  --> lz.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CX.2
  --> s_b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CN.1
  --> s_c.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.EB
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\24e1467d-46bebb40
  [0] Archivtyp: ZIP
  --> hw.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.DW
  --> mac.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.DO
  --> test.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.DX
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\17db837e-3f1a5016
  [0] Archivtyp: ZIP
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.DI
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
  --> a.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  --> t.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Pesur.BM
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2c67de3e-1692557d
  [0] Archivtyp: ZIP
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DC
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> zb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
  --> zc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  --> za.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HE
  --> t.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\60f656c7-61716cb3
  [0] Archivtyp: ZIP
  --> a/Help.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> a/Test.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
C:\Users\XXX\exe\UNI-Programme\aspenONEV71\aspenONEV71\aspenONEV7.1dvd1\AES\aspenonev7.1dvd1\Aspen Basic Engineering V7.1\AZ9FEA~1.cab
  [0] Archivtyp: CAB (Microsoft)
  --> AZAspRead.dll
      [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen7
C:\Users\XXX\exe\UNI-Programme\aspenONEV71\aspenONEV71\aspenONEV7.1dvd1\AES\aspenonev7.1dvd1\Aspen Process Manual V7.1\AS62BD~1.cab
  [0] Archivtyp: CAB (Microsoft)
  --> promanstruct.dll
      [FUND]      Ist das Trojanische Pferd TR/BHO.Gen

Beginne mit der Desinfektion:
C:\Users\XXX\exe\UNI-Programme\aspenONEV71\aspenONEV71\aspenONEV7.1dvd1\AES\aspenonev7.1dvd1\Aspen Process Manual V7.1\AS62BD~1.cab
  [FUND]      Ist das Trojanische Pferd TR/BHO.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57d0a89a.qua' verschoben!
C:\Users\XXX\exe\UNI-Programme\aspenONEV71\aspenONEV71\aspenONEV7.1dvd1\AES\aspenonev7.1dvd1\Aspen Basic Engineering V7.1\AZ9FEA~1.cab
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen7
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f428734.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\60f656c7-61716cb3
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1de8ddaa.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2c67de3e-1692557d
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7b2f9227.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\17db837e-3f1a5016
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Pesur.BM
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3e59bf4d.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\24e1467d-46bebb40
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.DX
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '41418d2b.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\3543a7fc-4362dd07
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.EB
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0d0aa160.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\26ea53bc-7e4c3db0
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2008-5353.CR
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '71e1e137.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3a9987fa-51060aec
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.7
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5c4fce11.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\580cc9b5-35b05ca0
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ruios.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '452cf5e3.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\f7167f0-66ae0aff
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DZ
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2973d9d2.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\487ac36b-3fdc3921
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.PC
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58c0e046.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1fd605aa-25ab8ef2
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.PX
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '562fd0d3.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41a8eba9-605bce7f
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Jovab.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1309a9c4.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3754a6e6-4a11092b
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1afead69.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\76a555a2-16264ea4
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4243b403.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\407c4183-4beccb28
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6e4dcdd5.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\16582319-26a704d0
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50b5ad15.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\599cce57-172d38e5
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.EB
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '33bf866b.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\40feb752-4ab4ba8a
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1582c661.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3f0d2d51-5f3de9ce
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '27e8bd8e.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\710ec8d0-6bf6eec5
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2dad96a5.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\7168ca0e-1cff4e4e
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.EB
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '12f0f2e0.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\2935be4b-4b5f4677
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.BK
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6cdffecf.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\82bfec0-5d28e075
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3958fa0d.qua' verschoben!


Ende des Suchlaufs: Montag, 4. März 2013  21:39
Benötigte Zeit:  4:05:44 Stunde(n)

Der Suchlauf wurde abgebrochen!

  30927 Verzeichnisse wurden überprüft
 1813296 Dateien wurden geprüft
    106 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
     25 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1813190 Dateien ohne Befall
  20773 Archive wurden durchsucht
      0 Warnungen
     25 Hinweise
 1135281 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         

und, stand was von avira in meiner letzten Anweisung? den Scan hättest du dir sparen können, denn die Dateien währen gelöscht worden, würdest du meine Schritte ausführen

ne stand nichts aber wollte in der Zwischenzeit nicht tatenlos sein.
Wollte Deinen Sachverstand nicht in Frage stellen oder so....
Also jetzt der cccleaner....

so hier die CCleaner liste

Code: Alles auswählenAufklappen

ATTFilter

ACD/Labs Software in C:\ACDFREE12\	ACD/Labs	09.11.2012		v12.00, FREE   notwendig
Acrobat.com	Adobe Systems Incorporated	31.05.2011	1,60MB	1.6.65   notwendig
Adobe AIR	Adobe Systems Inc.	03.08.2011		1.5.3.9130
Adobe Community Help	Adobe Systems Incorporated	03.08.2011		3.2.1.650
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	27.02.2013	6,00MB	11.6.602.171 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	27.02.2013	6,00MB	11.6.602.171 notwendig
Adobe Photoshop 7.0	Adobe Systems, Inc.	11.12.2011		7.0 notwendig
Adobe Photoshop Elements 9	Adobe Systems Incorporated	03.08.2011	2,60GB	9.0 notwendig
Adobe Premiere Elements 9	Adobe Systems Incorporated	03.08.2011	1,23GB	9.0 notwendig
Adobe Reader X (10.1.6) - Deutsch	Adobe Systems Incorporated	24.02.2013	169MB	10.1.6 notwendig
AIMP2	AIMP DevTeam	25.09.2011	notwendig 	
Apple Application Support	Apple Inc.	11.01.2013	64,9MB	2.3 unnötig
Apple Software Update	Apple Inc.	25.09.2011	2,38MB	2.1.3.127 unnötig
Avira Free Antivirus	Avira	14.11.2012	110MB	12.1.9.1236 notwendig
Bewerbungsfoto-/Passbild-Generator v3.5b		19.02.2013	1,28MB	notwendig
Bing Bar	Microsoft Corporation	03.08.2011	24,4MB	7.0.610.0 unnötig
BKChem-0.14.0-pre2	Reinis Danne	25.10.2011	19,9MB	 notwendig
Broadcom Card Reader Driver Installer	Broadcom Corporation	31.05.2011	2,76MB	14.8.2.2 notwendig
Broadcom Gigabit NetLink Controller	Broadcom Corporation	31.05.2011	496KB	14.6.1.2 notwendig
CCleaner	Piriform	25.02.2013		3.28 notwendig
Cisco AnyConnect Secure Mobility Client	Cisco Systems, Inc.	16.02.2013		3.1.02026 notwendig
Citavi	Swiss Academic Software	23.10.2012	70,4MB	3.3.0.0 notwendig
CyberLink MediaEspresso	CyberLink Corp.	31.05.2011	164MB	6.5.2113_41116 unnötig
CyberLink PowerDVD 10	CyberLink Corp.	25.09.2011	228MB	10.0.2428.52 notwendig
DAEMON Tools Lite	DT Soft Ltd	06.01.2012		4.45.1.0236 notwendig
DivX-Setup	DivX, LLC	10.07.2012		2.6.1.9 notwendig
dm-Fotowelt	CEWE COLOR AG u Co. OHG	03.02.2013	394MB	5.0.1 notwendig
Dropbox	Dropbox, Inc.	03.02.2013		1.6.16 notwendig
EASEUS Data Recovery Wizard Free Edition 5.5.1	EASEUS	25.02.2012	33,9MB notwendig	
eXe -- eLearning XHTML editor	eXe Project	27.09.2011		notwendig
Free Audio CD Burner version 1.3	DVDVideoSoft Limited.	30.12.2011	8,06MB	unnötig
Free YouTube to MP3 Converter version 3.10.14.1206	DVDVideoSoft Ltd.	30.12.2011	77,6MB	unnötig
HomeMedia	CyberLink Corporation	03.08.2011		2.0.8520 notwendig
Identity Card	Packard Bell	03.08.2011		1.00.3006 notwendig
Intel(R) Control Center	Intel Corporation	03.08.2011		1.2.1.1007  notwendig
Intel(R) Management Engine Components	Intel Corporation	04.08.2011		7.0.0.1144 notwendig
Intel(R) Processor Graphics	Intel Corporation	04.08.2011		8.15.10.2372 notwendig
Intel(R) Rapid Storage Technology	Intel Corporation	04.08.2011		10.0.0.1046 notwendig
Java 7 Update 17	Oracle	04.03.2013	129MB	7.0.170  notwendig
Launch Manager	Packard Bell	03.08.2011		5.1.4 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	04.01.2013	18,4MB	1.70.0.1100 notwendig
MathType 6	Design Science, Inc.	23.10.2011		6.7 notwendig
MATLAB R2008a	The MathWorks, Inc.	03.01.2012		7.6 notwendig
Microsoft .NET Framework 1.1	Microsoft	01.01.2012	34,8MB	1.1.4322 unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	10.07.2012	38,8MB	4.0.30320 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	10.07.2012	2,93MB	4.0.30320  notwendig
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	25.09.2011		14.0.4763.1000  notwendig
Microsoft Office Professional Plus 2010	Microsoft Corporation	15.10.2011		14.0.6029.1000 notwendig
Microsoft Office Visio Professional 2007	Microsoft Corporation	27.03.2012		12.0.6612.1000  notwendig
Microsoft Silverlight	Microsoft Corporation	14.05.2012	100MB	4.1.10329.0 notwendig
Microsoft SQL Server 2005	Microsoft Corporation	09.01.2012	 notwendig	
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	31.05.2011	1,69MB	3.1.0000   notwendig
Microsoft SQL Server 2012 RC0 Setup (English)	Microsoft Corporation	01.01.2012	42,2MB	11.0.1750.32   notwendig
Microsoft SQL Server Native Client	Microsoft Corporation	02.01.2012	5,83MB	9.00.5000.00  notwendig
Microsoft SQL Server Setup Support Files (English)	Microsoft Corporation	09.01.2012	24,5MB	9.00.5000.00  notwendig
Microsoft SQL Server VSS Writer	Microsoft Corporation	02.01.2012	1,10MB	9.00.5000.00   notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	250KB	8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.09.2011	298KB	8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	31.05.2011	784KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	25.09.2011	788KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	29.02.2012	234KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	31.05.2011	240KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	31.05.2011	596KB	9.0.30729.4148  unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.09.2011	600KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	02.01.2012	13,8MB	10.0.40219 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	02.01.2012	15,0MB	10.0.40219 unbekannt
Mozilla Firefox 19.0 (x86 de)	Mozilla	02.03.2013	44,9MB	19.0 notwendig
Mozilla Maintenance Service	Mozilla	02.03.2013	330KB	19.0  notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	24.09.2011	1,27MB	4.20.9870.0  notwendig
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.09.2011	1,33MB	4.20.9876.0   notwendig
Nero DiscSpeed 10	Nero AG	31.05.2011	7,21MB	6.2.10500.2.100   notwendig
Nero Express 10	Nero AG	31.05.2011	165MB	10.2.12000.21.100    notwendig
Nero Multimedia Suite 10 Essentials	Nero AG	31.05.2011	372MB	10.5.10300   notwendig
Nero StartSmart 10	Nero AG	31.05.2011	143MB	10.2.11600.14.100   notwendig
Nero Update	Nero AG	31.05.2011	1,43MB	1.0.0018  notwendig
Nitro Reader 3	Nitro	01.11.2012	108MB	3.0.5.5 notwendig
Norton Online Backup	Symantec Corporation	31.05.2011	6,19MB	2.1.17869 unnötig
NVIDIA Grafiktreiber 306.97	NVIDIA Corporation	04.03.2013		306.97 notwendig
NVIDIA PhysX	NVIDIA Corporation	03.08.2011	78,9MB	9.10.0514 notwendig
NVIDIA Update 1.10.8	NVIDIA Corporation	04.03.2013		1.10.8 notwendig
OPC Core Components Redistributable	OPC Foundation	01.01.2012	892KB	3.00.101  unbekannt
Opera 12.14	Opera Software ASA	09.02.2013		12.14.1738 notwendig
Packard Bell Games	WildTangent	31.05.2011		1.0.2.4  unnötig
Packard Bell MyBackup	NTI Corporation	23.02.2012	349MB	3.0.0.100 notwendig
Packard Bell Power Management	Packard Bell	03.08.2011		6.00.3007 notwendig
Packard Bell Recovery Management	Packard Bell	31.05.2011		5.00.3004 notwendig
Packard Bell Registration	Packard Bell	03.08.2011		1.04.3501 notwendig
Packard Bell ScreenSaver	Packard Bell 	03.08.2011		1.1.0811.2010 notwendig
Packard Bell Social Networks	CyberLink Corp.	31.05.2011	26,2MB	2.0.2913 unnötig
Packard Bell Updater	Packard Bell	31.05.2011		1.02.3500  notwendig
pdfsam		24.03.2012		2.2.0   notwendig
PowerISO	PowerISO Computing, Inc.	29.09.2011		4.6   notwendig
Preispiraten	metaspinner net GmbH	25.09.2011		6   notwendig
Process Modeling (HYSYS) V7.1	AspenTech	07.01.2012	8,72GB	23.0.0  unbekannt
QuickTime	Apple Inc.	11.01.2013	73,1MB	7.73.80.64  notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	03.08.2011		6.0.1.6329  notwendig 
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	03.08.2011	1,00MB	2.0.26.0   notwendig
Rosetta Stone Version 3	Rosetta Stone Ltd.	30.09.2011	138MB	3.3.5.2   notwendig
Samsung AllShare	Samsung Electronics Co., Ltd.	10.07.2012	74,3MB	2.1.0.12031_10  notwendig
SAMSUNG Mobile Composite Device Software		30.05.2012	notwendig 	
SAMSUNG Mobile Modem Driver Set		30.05.2012		notwendig
Samsung Mobile phone USB driver Drive Software		30.05.2012   notwendig		
SAMSUNG Mobile USB Modem 1.0 Software		30.05.2012	 notwendig	
SAMSUNG Mobile USB Modem Software		30.05.2012	notwendig	
Samsung PC Studio 3	Samsung Electronics Co., Ltd.	30.05.2012		3.2.2.80404  notwendig
Samsung PC Studio 3 USB Driver Installer	Samsung Electronics Co., Ltd.	30.05.2012		3.2.0.70701    notwendig
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)	Microsoft	01.01.2012	288KB	1.0.0  unbekannt
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)	Microsoft	01.01.2012	57,0KB	1.0.0  unbekannt
Skype™ 6.1	Skype Technologies S.A.	08.02.2013	21,1MB	6.1.129  notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	03.08.2011	46,4MB	15.1.6.0  unbekannt
Uninstall 1.0.0.1		30.12.2011	10,5MB	unbekannt
Veetle TV	Veetle, Inc	27.09.2011		0.9.18 unnötig
Video Web Camera	CyberLink Corp.	03.08.2011	33,7MB	1.0.1523  notwendig
VLC media player 1.1.11	VideoLAN	24.09.2011		1.1.11   notwendig
Welcome Center	Packard Bell	03.08.2011		1.02.3501  unnötig
WIDCOMM Bluetooth Software	Broadcom Corporation	03.08.2011	183MB	6.3.0.7300  notwendig
Windows Live Essentials	Microsoft Corporation	31.05.2011		15.4.3508.1109  notwendig
WinRAR		24.09.2011		notwendig
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0	Intel	03.08.2011	27,5MB	2.0.82.0  notwendig