Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.03.2013, 13:35   #1
Chesser
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Ich habe seit einiger Zeit ein komisches Verhalten meines Mozilla-Firefox-Browser ständig wird beim öffnen einer neuen Website am unteren Browserrand ein Popup eingeschoben, dem ich nicht ganz traue und das einfach nervt. Die dort vorgeschlagegenen Links wechseln ständig.
Name:  bug.png
Hits: 206
Größe:  32,8 KB

Zudem kommt beim Öffnen einer neuen Seite hin und wieder in unregelmäßigen Abständen die Meldung "he document has moved, redirecting...".

Dies betrifft allerdings nur firefox und nicht iE. Neuinstalltion von Firefox ändert nichts.

Avira und Malwarebytes bescheinigen mir, mein PC wäre in gutem Zustand. Dem glaube ich aber nicht so ganz. Bei Hilfe wird es selbstverständlich eine Spende/Entlohnung geben.

Hier das OTL-Logfile:OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 07.03.2013 13:31:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 47,51% Memory free
7,71 Gb Paging File | 5,55 Gb Available in Paging File | 71,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,99 Gb Total Space | 184,33 Gb Free Space | 66,31% Space Free | Partition Type: NTFS
Drive D: | 573,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.07 13:30:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.03.07 11:18:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.07 11:18:06 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.07 11:18:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.07 11:18:04 | 000,387,808 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2013.02.27 01:42:20 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
PRC - [2013.02.16 01:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2011.10.16 12:44:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.01 03:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.07.01 03:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.07.01 03:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2011.05.20 17:44:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.27 01:42:20 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2013.02.16 01:34:12 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.07 11:18:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.07 11:18:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.27 01:42:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2011.10.16 12:44:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.29 05:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.07 11:18:42 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.03.07 11:18:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.07 11:18:41 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.16 12:44:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 19:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.16 22:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011.05.10 04:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.05.06 18:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.05 12:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.01.21 02:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011.01.21 02:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.09 11:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{659D3C2D-34AC-4C5B-A28A-5F2EAFA7C704}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4e8463bb-527e-4ec3-998b-03d8737692f0&apn_sauid=6B9FDF3D-CF33-4DB0-8BFA-7A4CDB96824C
IE - HKCU\..\SearchScopes\{7C0F5C78-DA73-4501-A2AA-501F79A8144C}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{7F60373E-F857-46D7-ADE0-A1F52D3A9F9F}: "URL" = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: tXsGT9QxoKlmxUz0Kj%40mDvNgXhNdd92G6vn.com:11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.07 11:23:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.22 17:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.03.07 11:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onrcnnw5.default\extensions
[2013.01.20 07:16:09 | 000,003,702 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\onrcnnw5.default\extensions\tXsGT9QxoKlmxUz0Kj@mDvNgXhNdd92G6vn.com.xpi
[2013.02.20 23:24:57 | 000,002,413 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\onrcnnw5.default\searchplugins\askcom.xml
[2012.09.22 20:59:47 | 000,000,642 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\onrcnnw5.default\searchplugins\search-safer.xml
[2013.03.07 11:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A1C5A3C-E2C9-41E1-9976-62EA541AF85B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C01B7E-0761-43DC-8BF5-8B1F26E1BCD7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.01.10 16:48:42 | 000,172,032 | R--- | M] (Team17 Software Ltd) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000.11.09 19:05:38 | 000,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6da2bc1d-603b-11e1-856e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6da2bc1d-603b-11e1-856e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2001.01.10 16:48:42 | 000,172,032 | R--- | M] (Team17 Software Ltd)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.07 11:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.07 11:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 11:20:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2013.03.07 11:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.07 11:20:18 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.07 11:20:18 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.07 11:20:18 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.07 11:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.05 11:24:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{54DE9F51-99BD-4A13-BB29-FB0E7868335A}
[2013.03.05 11:24:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{358FAC5D-EF00-4554-B4E7-03A6019921CC}
[2013.02.25 01:14:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013.02.25 01:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013.02.24 21:02:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.24 21:02:06 | 000,000,000 | ---D | C] -- C:\Team17
[2013.02.24 21:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17
[2013.02.20 23:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.20 23:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.20 23:31:58 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.02.20 23:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.02.09 15:21:43 | 000,000,000 | ---D | C] -- C:\Users\***\Schach
[2013.02.07 00:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2013.02.07 00:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.07 13:29:17 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.03.07 12:42:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.07 11:27:33 | 000,033,574 | ---- | M] () -- C:\Users\***\Desktop\bug.png
[2013.03.07 11:24:00 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.07 11:20:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 11:20:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 11:20:23 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.07 11:18:42 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.07 11:18:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.07 11:18:41 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.07 11:13:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.07 11:13:04 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.05 21:09:05 | 000,000,083 | ---- | M] () -- C:\Windows\wwp.INI
[2013.03.05 14:32:00 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.05 14:32:00 | 000,654,622 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.05 14:32:00 | 000,616,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.05 14:32:00 | 000,130,204 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.05 14:32:00 | 000,106,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.24 21:02:05 | 000,000,583 | ---- | M] () -- C:\Users\Public\Desktop\Worms World Party.lnk
[2013.02.20 23:32:05 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.14 03:39:34 | 000,318,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.09 16:35:18 | 000,000,017 | ---- | M] () -- C:\Windows\.ini
[2013.02.08 15:35:17 | 000,109,231 | ---- | M] () -- C:\Users\***\Desktop\Masterarbeit Adrian Sudy-KorrekturMH.odt
[2013.02.08 05:39:13 | 000,108,542 | ---- | M] () -- C:\Users\***\Desktop\Masterarbeit Adrian Sudy.odt
[2013.02.08 05:31:24 | 000,030,007 | ---- | M] () -- C:\Users\***\Desktop\Anregungen Arbeit Adrian.odt
[2013.02.07 00:50:04 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.07 13:29:17 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.03.07 11:27:33 | 000,033,574 | ---- | C] () -- C:\Users\***\Desktop\bug.png
[2013.03.07 11:24:00 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.07 11:24:00 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.07 11:20:23 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.25 11:40:22 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2013.02.24 21:02:05 | 000,000,583 | ---- | C] () -- C:\Users\Public\Desktop\Worms World Party.lnk
[2013.02.20 23:32:05 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.20 23:32:05 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.09 16:35:18 | 000,000,017 | ---- | C] () -- C:\Windows\.ini
[2013.02.08 15:35:14 | 000,109,231 | ---- | C] () -- C:\Users\***\Desktop\Masterarbeit Adrian Sudy-KorrekturMH.odt
[2013.02.08 02:03:46 | 000,030,007 | ---- | C] () -- C:\Users\***\Desktop\Anregungen Arbeit Adrian.odt
[2013.02.07 22:21:03 | 000,108,542 | ---- | C] () -- C:\Users\***\Desktop\Masterarbeit Adrian Sudy.odt
[2013.02.07 00:19:50 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.09.27 23:54:11 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.09.27 23:53:48 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.09.27 23:53:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2012.09.27 23:53:48 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.09.27 23:53:47 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2040.INI
[2012.09.27 23:52:51 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2040.dat
[2012.09.27 23:52:37 | 000,000,273 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.09.23 11:50:56 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2012.09.21 14:54:44 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.11 13:34:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.11 13:33:58 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.11 13:33:57 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.11 13:33:56 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.11 13:33:55 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.11 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase
[2012.10.01 16:37:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FloodLightGames
[2012.12.08 23:03:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.01.22 14:42:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.20 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Screensaver
[2013.01.13 03:15:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SNS
[2013.03.06 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.09.21 14:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.12.08 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.11.08 17:51:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

--- --- ---


Extras.Txt-File
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.03.2013 13:31:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 47,51% Memory free
7,71 Gb Paging File | 5,55 Gb Available in Paging File | 71,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,99 Gb Total Space | 184,33 Gb Free Space | 66,31% Space Free | Partition Type: NTFS
Drive D: | 573,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1449EB-B174-49D0-974D-1F476AEEABC3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1CEC281A-99F1-4108-A16E-55B4E35B7492}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1CFE6347-77E6-4846-8BF4-025F9604FD10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2710B7A8-B7CE-4B00-9ED7-A4A241108536}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2C704A4C-17E1-4736-8D10-DB6394D5E994}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3186F186-C93E-407C-BCE7-C1FE7265DAB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31CD64DF-E936-4A8B-A119-0562A8284220}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3694CE85-F913-47D4-AF2C-8A05CC698B06}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3C520ABC-B5BE-44DE-97CE-DAF5C549B2F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D750B9D-A76C-438D-8BE6-7A0D59AC5133}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4E500E85-7F7F-4AE8-897F-D8638E96073E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{505E1FB8-1B95-4356-B890-F37E7CA66F93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{50FE77ED-084B-4500-A30C-354C61BDC474}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7E233308-8624-44E5-9F54-F46EA3CE0BF2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{97DDF501-4566-46F3-BDC2-246E80DF4672}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99F2E0A4-8F87-4EB0-BBB8-9A3DE2DF8A25}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3987629-6D87-4A1B-8534-5F8785E5D389}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B18DF574-62FE-4C46-A9A6-A2EEB0613126}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CA986AF7-030C-42BA-A679-DD788292D860}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D01B287F-34C9-45EF-A7DF-35F2F931F84C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E17D1284-FF42-4358-A21D-68FE6384CDE3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E9FDC98A-BD87-459B-83F1-57DD72F124B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB983D6C-F71A-4584-87CA-411BC6B74C93}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FBA6E47F-4CF8-4633-8B74-7B9DE9728B3E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FDA1DACF-929B-4E6C-8ACD-62CCDEA937E3}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B36788-FE15-47F0-A915-7350B5E17B9A}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii public test.exe | 
"{0761572A-D337-432B-8B29-241221161A2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{099A3C09-36C0-48C5-8A2C-B3824F892499}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{0B111F25-FAA4-4E01-9637-36139D1C5C12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B6AFF9F-F4B5-41BB-A21C-D257008C33D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FBFC3C8-E8C7-4AC8-B399-A0ECE08D82D1}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{13A613C4-D43E-453E-97D4-A76CE3B8A112}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{1D0BEA34-B50D-48BD-AF95-092187631C56}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{1D1E1AFA-6657-4388-B48A-6877CB862ADC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{242C51E7-10CF-4919-A08F-93D331D52978}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{26AECBA2-573D-419B-83DC-B89B215BE2F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2727D434-8546-4925-A3E7-EC047F6EC991}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{2E670897-8C5F-4154-97AE-BC9E652BB442}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{3F379F75-D24D-4BB7-8CA9-3FCD5505D6F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4417FFA3-C802-4EA9-9B8F-3CC3399356FD}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{4DC837B4-2E47-4D99-9CC0-895F7B363FF5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{53B2A7AC-0D90-4839-8DF0-BC1365F5C3A8}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{5A36AA7F-E364-4D6B-A455-7A85779F3131}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{5E645617-74B9-40BA-A55F-6F22609A55A3}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{5F0E3C57-55E3-4D97-BDD2-E6C55168ACC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{666378D0-6883-4F24-83EB-50E7AA3BC056}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{68E0DFAF-E16C-4E70-BC93-AD126854696C}" = protocol=6 | dir=out | app=system | 
"{6B88C306-1D77-424C-851D-5BBF8B10B2D4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6EA7EC57-1E2C-449B-A16B-648C57428E16}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{7924ABAD-C133-409D-A45B-EDF5C15B2960}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{80B58A96-59D6-4A88-8531-15757411F2BA}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii public test.exe | 
"{8210DAB9-1A65-4C97-A2C8-06757080937F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D67416C-4C47-40A4-8D6F-69ED22EFA19D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{8DC05D77-6510-4A82-B2F5-1FB82C2433AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{8F689D15-ACA4-489E-A280-84B6DA710D56}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{943A6FD6-0A12-4554-AFD6-DA338E248E02}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{95DA8A22-807F-422E-BDD6-6BDB2A43ABD9}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe | 
"{A0BE9C6B-1600-4CD1-8651-3AD290F89BAD}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A0D9C656-673F-4B54-A9E6-68848939C0A2}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{A424C86A-E761-48EC-B3E4-EA43B27EDDED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A563A68C-5341-42EC-A890-22F91D148D46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A578DBEF-2205-4D4A-B188-C80E280DFB03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A83F4130-0AAA-45D0-AF89-7CA6E5A80BBD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A92F400F-0F13-43B1-9142-017D4D97356A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{AE7E0050-1AC0-4848-8EF2-62965C22D7A9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{AF777BF4-4DE1-4741-91FC-2ADB9523676D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{BBAFD2B0-3572-46A4-9BE3-A59767326CF0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{C2849A90-DCC8-4C3F-B32B-3E5EE4FC40E2}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{C607865A-2A9D-4969-B159-564F85E08FFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8C7B621-AFDA-46AA-A3AF-09F9EB5BB42B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C913EE1E-3D5B-40A8-8EBA-8ABFE9B0276F}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{CAB28F5C-5983-4C49-AC40-48C1994D7EB3}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{CDF782F3-0D3F-4204-8C11-EF83B4BDB10B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{CE2DD803-58A8-4283-93EB-880243EC2343}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D0B3438F-B449-4B8E-8EC8-0A0783798399}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{DC73187D-7213-4731-AB9F-D7197F9D61C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DF10F85C-1BA1-4EE4-9831-65E67F6AC8BD}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii public test.exe | 
"{E84975AA-E68E-4962-AB66-CD337777719D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E8C002BC-B572-464F-B74C-F2D861FC2888}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{F346FD9B-6EB6-4F14-A460-9802EE268EF9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{F4E3D3E7-AB0A-40F7-AD46-87509CCCC4D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F75749D4-6039-4478-8F33-2A1FA85580EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FA82C199-7705-4455-AA4A-FCC64A2196D8}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii public test.exe | 
"TCP Query User{1434A233-783A-4A3E-A99F-FDA430E7B228}C:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{57952878-4FB1-4ED3-8334-3652B93C2C51}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{916F8011-E969-436D-B26E-1CB7D5D2F3A0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{9868C0E4-DBEE-4D44-8E07-ABBB11944EDB}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{A74F9282-E9C0-4A86-89AA-047ACAC6141E}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{AE94F641-683D-4536-A028-39F1A3B4E3BE}C:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{AECE95F2-49AC-40EB-A077-E4B9B3BD3309}C:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{C4B0DB3A-6907-45B6-96AC-34D29F945FCF}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{EE525A1B-C91A-420C-A872-B712B52F3F07}C:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{321E92DF-BCD4-4DA6-A937-771C5D329EC4}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{654C4EE2-F3D2-46DF-824C-C89C2ABCEC2F}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{85639D44-26AA-41B5-8D49-8C0C1F6DD985}C:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{929395F0-7035-4A44-9932-BF7E9B7A7CC8}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{978A0454-C76C-4B1F-824C-F57ECD328BD0}C:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{A37F7538-AA76-4897-8A6B-269E694E3085}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{B114C87C-1864-4ED2-8FC1-E4482AC141E6}C:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{C758C599-3E85-41E6-B793-1D259C42B640}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{F48AA220-B268-4965-BF6E-35AED29248DC}C:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base23260\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26C8EF65-314F-4353-8329-69093AD325C6}" = ChessBase 12 64-bit
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C343C2D-3053-4BE5-9C52-82611A58CE59}" = Brother HL-2040
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FE8FF1DC-90A3-A976-4ED7-43C280CEC0E0}" = Fooz Kids
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"FL Studio 10" = FL Studio 10
"FoozKids" = Fooz Kids
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PlayChess" = PlayChess 
"PremElem90" = Adobe Premiere Elements 9
"StarCraft II" = StarCraft II
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0371e2ac-d5e4-41fe-b9a0-8e65aca6b030" = Bejeweled 2 Deluxe
"WTA-06284467-b2e1-4ebf-b475-8a87587d341a" = Jewel Quest Solitaire
"WTA-0a69445e-6e55-4e17-824c-fa997d85760d" = John Deere Drive Green
"WTA-214eceb3-7459-474e-8694-d30e75be501b" = Agatha Christie - Death on the Nile
"WTA-23dc4f6b-0358-4754-9555-7d8bdb553a87" = Slingo Deluxe
"WTA-4837f0b9-ac65-4044-86c2-c7968aae8e1c" = Torchlight
"WTA-4ece847f-1436-4a93-a9e0-516ee58b1134" = Polar Bowler
"WTA-629cee93-dfcf-4a8a-b7ef-c0ae64ba7681" = Penguins!
"WTA-66e11033-443f-4753-bfad-08f2c6e2e482" = Crazy Chicken Kart 2
"WTA-79f3d04c-a549-4bdd-a321-6f74a3a971e5" = Chuzzle Deluxe
"WTA-7c680703-df2a-4bd5-962e-692629144c14" = Insaniquarium Deluxe
"WTA-8bc2d5cd-5eb5-4487-829d-b01cc430a9f5" = Virtual Villagers 4 - The Tree of Life
"WTA-9153db62-ee28-4331-8ffb-5cb6fd9c5f15" = Plants vs. Zombies - Game of the Year
"WTA-a383031b-9090-456c-ba40-9540d7bf23f1" = Jewel Match 3
"WTA-b2c2ea39-968e-4f6b-83a8-d61a7a6a42b7" = Final Drive: Nitro
"WTA-b312ce3d-9716-4e83-89aa-b57a25abe7c7" = FATE
"WTA-c7a49a3e-07d2-454a-81be-c0613db80703" = Zuma Deluxe
"WTA-da675c45-a600-4081-b4c1-7dea06ac01fb" = Mystery of Mortlake Mansion
"WTA-e4e74f86-3857-449c-a886-54803c309a47" = Wedding Dash
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.02.2013 10:03:47 | Computer Name = ***-PC2 | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.02.2013 10:13:01 | Computer Name = ***-PC2 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 02.02.2013 13:36:07 | Computer Name = ***-PC2 | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.02.2013 15:16:37 | Computer Name = ***-PC2 | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.02.2013 08:10:17 | Computer Name = ***-PC2 | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.02.2013 09:53:31 | Computer Name = ***-PC2 | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.02.2013 10:02:51 | Computer Name = ***-PC2 | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 04.02.2013 18:05:15 | Computer Name = ***-PC2 | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.02.2013 07:29:08 | Computer Name = ***-PC2 | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.02.2013 12:44:50 | Computer Name = ***-PC2 | Source = WinMgmt | ID = 10
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 20.02.2013 19:01:49 | Computer Name = ***-PC2 | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 08.12.2012 20:45:23 | Computer Name = ***-PC2 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst TuneUp.UtilitiesSvc erreicht.
 
Error - 08.12.2012 20:45:53 | Computer Name = ***-PC2 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst TuneUp.UtilitiesSvc erreicht.
 
Error - 11.12.2012 16:45:50 | Computer Name = ***-PC2 | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle 
Auftragsanzahl für den ***-PC2\***-Benutzer ("60") ist gleich oder größer
 als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können
 das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die
 kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den
 BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird,
 bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits
 pro Benutzer und pro Computer zu erhöhen.
 
Error - 11.12.2012 16:45:56 | Computer Name = ***-PC2 | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle 
Auftragsanzahl für den ***-PC2\***-Benutzer ("60") ist gleich oder größer
 als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können
 das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die
 kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den
 BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird,
 bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits
 pro Benutzer und pro Computer zu erhöhen.
 
Error - 11.12.2012 17:59:27 | Computer Name = ***-PC2 | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle 
Auftragsanzahl für den ***-PC2\***-Benutzer ("60") ist gleich oder größer
 als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können
 das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die
 kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den
 BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird,
 bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits
 pro Benutzer und pro Computer zu erhöhen.
 
Error - 12.12.2012 21:33:10 | Computer Name = ***-PC2 | Source = DCOM | ID = 10010
Description = 
 
Error - 14.12.2012 12:14:23 | Computer Name = ***-PC2 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst GREGService erreicht.
 
Error - 21.12.2012 08:03:48 | Computer Name = ***-PC2 | Source = DCOM | ID = 10010
Description = 
 
Error - 17.01.2013 17:17:38 | Computer Name = ***-PC2 | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle 
Auftragsanzahl für den ***-PC2\***-Benutzer ("60") ist gleich oder größer
 als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können
 das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die
 kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den
 BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird,
 bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits
 pro Benutzer und pro Computer zu erhöhen.
 
Error - 17.01.2013 17:20:50 | Computer Name = ***-PC2 | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle 
Auftragsanzahl für den ***-PC2\***-Benutzer ("60") ist gleich oder größer
 als das durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können
 das Problem beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die
 kein Fortschritt festgestellt wurde, indem Sie sich den Fehler ansehen, und den
 BITS-Dienst anschließend neu starten. Falls der Fehler weiterhin angezeigt wird,
 bitten Sie den Administrator, die durch die Gruppenrichtlinie angegebenen Auftragslimits
 pro Benutzer und pro Computer zu erhöhen.
 
 
< End of report >
         
--- --- ---

Geändert von Chesser (07.03.2013 um 14:16 Uhr)

Alt 07.03.2013, 13:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 07.03.2013, 14:21   #3
Chesser
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Ich habe Avira heute noch einmal neu installiert. Das ist der Bericht von heute:


Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 7. März 2013  11:41


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : ***
Computername   : ***-PC2

Versionsinformationen:
BUILD.DAT      : 13.0.0.3185          Bytes  30.01.2013 10:05:00
AVSCAN.EXE     : 13.6.0.584    640224 Bytes  07.03.2013 10:18:08
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  07.03.2013 10:18:08
LUKE.DLL       : 13.6.0.602     67808 Bytes  07.03.2013 10:18:22
AVSCPLR.DLL    : 13.6.0.628     94432 Bytes  07.03.2013 10:18:42
AVREG.DLL      : 13.6.0.600    250592 Bytes  07.03.2013 10:18:42
avlode.dll     : 13.6.2.624    434912 Bytes  07.03.2013 10:18:43
avlode.rdf     : 13.0.0.38      15231 Bytes  07.03.2013 10:18:42
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 10:16:46
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 10:16:58
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 10:17:12
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 10:17:16
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 10:17:20
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 10:17:24
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 10:17:29
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 10:17:32
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 10:17:39
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 10:17:39
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 10:17:39
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 10:17:39
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 10:17:39
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 10:17:39
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 10:17:40
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 10:17:40
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 10:17:40
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 10:17:40
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 10:17:41
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 10:17:41
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 10:17:41
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 10:17:42
VBASE022.VDF   : 7.11.62.111   136192 Bytes  23.02.2013 10:17:42
VBASE023.VDF   : 7.11.62.157   143360 Bytes  25.02.2013 10:17:43
VBASE024.VDF   : 7.11.62.237   199168 Bytes  27.02.2013 10:17:43
VBASE025.VDF   : 7.11.63.71    209408 Bytes  01.03.2013 10:17:43
VBASE026.VDF   : 7.11.63.121   257536 Bytes  04.03.2013 10:17:43
VBASE027.VDF   : 7.11.63.211   212480 Bytes  06.03.2013 10:17:44
VBASE028.VDF   : 7.11.63.212     2048 Bytes  06.03.2013 10:17:44
VBASE029.VDF   : 7.11.63.213     2048 Bytes  06.03.2013 10:17:44
VBASE030.VDF   : 7.11.63.214     2048 Bytes  06.03.2013 10:17:44
VBASE031.VDF   : 7.11.63.244   101376 Bytes  07.03.2013 10:17:44
Engineversion  : 8.2.12.10 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  07.03.2013 10:17:49
AESCRIPT.DLL   : 8.1.4.94      467324 Bytes  07.03.2013 10:17:49
AESCN.DLL      : 8.1.10.0      131445 Bytes  07.03.2013 10:17:49
AESBX.DLL      : 8.2.5.12      606578 Bytes  07.03.2013 10:17:49
AERDL.DLL      : 8.2.0.88      643444 Bytes  07.03.2013 10:17:49
AEPACK.DLL     : 8.3.1.12      815480 Bytes  07.03.2013 10:17:48
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  07.03.2013 10:17:48
AEHEUR.DLL     : 8.1.4.222    5767545 Bytes  07.03.2013 10:17:48
AEHELP.DLL     : 8.1.25.2      258423 Bytes  07.03.2013 10:17:45
AEGEN.DLL      : 8.1.6.16      434549 Bytes  07.03.2013 10:17:45
AEEXP.DLL      : 8.4.0.6       192885 Bytes  07.03.2013 10:17:49
AEEMU.DLL      : 8.1.3.2       393587 Bytes  07.03.2013 10:17:45
AECORE.DLL     : 8.1.31.2      201080 Bytes  07.03.2013 10:17:45
AEBB.DLL       : 8.1.1.4        53619 Bytes  07.03.2013 10:17:44
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  07.03.2013 10:16:25
AVPREF.DLL     : 13.6.0.480     51056 Bytes  07.03.2013 10:18:07
AVREP.DLL      : 13.6.0.480    178544 Bytes  07.03.2013 10:18:42
AVARKT.DLL     : 13.6.0.624    260832 Bytes  07.03.2013 10:18:03
AVEVTLOG.DLL   : 13.6.0.600    167648 Bytes  07.03.2013 10:18:05
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  07.03.2013 10:18:32
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  07.03.2013 10:18:09
NETNT.DLL      : 13.6.0.480     16240 Bytes  07.03.2013 10:18:26
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  07.03.2013 10:16:25
RCTEXT.DLL     : 13.6.0.480     68976 Bytes  07.03.2013 10:16:25

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 7. März 2013  11:41

Der Suchlauf über die Masterbootsektoren wird begonnen:

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '164' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMutilps32.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDFSSvc.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdSvc.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '170' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWSCSvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'MMDx64Fx.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDTray.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'UI0Detect.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingBar.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'DeviceDetector.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingApp.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingSurrogate.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingSurrogate.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingSurrogate.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingSurrogate.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_6_602_171_ActiveX.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'mspaint.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3143' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Packard Bell>
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Donnerstag, 7. März 2013  13:08
Benötigte Zeit:  1:27:20 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  41603 Verzeichnisse wurden überprüft
 826778 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 826778 Dateien ohne Befall
  10260 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
         





GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-07 14:04:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\MHentrop\AppData\Local\Temp\ffriqkoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                           0000000074d71465 2 bytes [D7, 74]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000074d714bb 2 bytes [D7, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074d71465 2 bytes [D7, 74]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074d714bb 2 bytes [D7, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Launch Manager\LManager.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000074d71465 2 bytes [D7, 74]
.text   C:\Program Files (x86)\Launch Manager\LManager.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000074d714bb 2 bytes [D7, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000074d71465 2 bytes [D7, 74]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000074d714bb 2 bytes [D7, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000074d71465 2 bytes [D7, 74]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                           0000000074d714bb 2 bytes [D7, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000074d71465 2 bytes [D7, 74]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   0000000074d714bb 2 bytes [D7, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                   00000000775ef991 8 bytes {MOV EDX, 0x1903e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15                  00000000775ef99b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                                00000000775efa0d 8 bytes {MOV EDX, 0x1901a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                               00000000775efa17 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                              00000000775efb25 8 bytes {MOV EDX, 0x190168; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                             00000000775efb2f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                        00000000775efbd5 8 bytes {MOV EDX, 0x190428; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15                       00000000775efbdf 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                            00000000775efc05 8 bytes {MOV EDX, 0x190368; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                           00000000775efc0f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                     00000000775efc1d 8 bytes {MOV EDX, 0x190128; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15                    00000000775efc27 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                       00000000775efc35 8 bytes {MOV EDX, 0x1904e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15                      00000000775efc3f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                     00000000775efc65 8 bytes {MOV EDX, 0x190528; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15                    00000000775efc6f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                      00000000775efce5 8 bytes {MOV EDX, 0x1904a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15                     00000000775efcef 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                     00000000775efcfd 8 bytes {MOV EDX, 0x190468; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15                    00000000775efd07 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                               00000000775efd49 8 bytes {MOV EDX, 0x190068; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                              00000000775efd53 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5                            00000000775efdad 8 bytes {MOV EDX, 0x1902e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15                           00000000775efdb7 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                    00000000775efe41 8 bytes {MOV EDX, 0x1900a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15                   00000000775efe4b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5                          00000000775eff89 8 bytes {MOV EDX, 0x1902a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15                         00000000775eff93 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                             00000000775f0099 8 bytes {MOV EDX, 0x190028; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                            00000000775f00a3 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5                           00000000775f0781 8 bytes {MOV EDX, 0x190268; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15                          00000000775f078b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                              00000000775f0ffd 8 bytes {MOV EDX, 0x1901e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                             00000000775f1007 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                             00000000775f105d 8 bytes {MOV EDX, 0x190228; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15                            00000000775f1067 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                       00000000775f10a5 8 bytes {MOV EDX, 0x1903a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15                      00000000775f10af 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                             00000000775f111d 8 bytes {MOV EDX, 0x190328; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                            00000000775f1127 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                00000000775f1321 8 bytes {MOV EDX, 0x1900e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15               00000000775f132b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\kernel32.dll!CreateProcessW                            0000000076c1103d 5 bytes JMP 0000000100010030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\kernel32.dll!CreateProcessA                            0000000076c11072 5 bytes JMP 0000000100010070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW                            0000000074f5119f 5 bytes JMP 0000000100020030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                              0000000074f511cf 5 bytes JMP 0000000100020070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                                0000000075e04de0 5 bytes JMP 00000001002203b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SelectObject                                 0000000075e04f70 5 bytes JMP 00000001002205f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SetBkMode                                    0000000075e051a2 5 bytes JMP 00000001002208f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SetTextColor                                 0000000075e0522d 5 bytes JMP 0000000100220a30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!DeleteObject                                 0000000075e05689 5 bytes JMP 00000001002201b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!DeleteDC                                     0000000075e058b3 5 bytes JMP 0000000100220170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                             0000000075e06bad 5 bytes JMP 0000000100220370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SaveDC                                       0000000075e06e05 5 bytes JMP 0000000100220570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!RestoreDC                                    0000000075e06ead 5 bytes JMP 0000000100220530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode                            0000000075e07180 5 bytes JMP 00000001002206b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!StretchDIBits                                0000000075e07435 5 bytes JMP 0000000100220770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!CreateDCA                                    0000000075e07bcc 5 bytes JMP 00000001002200b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!IntersectClipRect                            0000000075e07dc4 5 bytes JMP 00000001002203f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetTextAlign                                 0000000075e07fd5 5 bytes JMP 0000000100220d70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                              0000000075e082b2 5 bytes JMP 0000000100220e30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SetTextAlign                                 0000000075e08401 5 bytes JMP 00000001002209f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                             0000000075e0879f 5 bytes JMP 00000001002202f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                                0000000075e08916 5 bytes JMP 00000001002205b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                                  0000000075e08b7a 5 bytes JMP 0000000100220970
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!MoveToEx                                     0000000075e08ee6 5 bytes JMP 0000000100220470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetFontData                                  0000000075e09875 5 bytes JMP 0000000100220c70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                                 0000000075e09936 5 bytes JMP 0000000100220d30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!Rectangle                                    0000000075e0a53a 5 bytes JMP 00000001002209b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetClipBox                                   0000000075e0af9f 5 bytes JMP 0000000100220330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!LineTo                                       0000000075e0b9e5 5 bytes JMP 0000000100220430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SetICMMode                                   0000000075e0bd55 5 bytes JMP 0000000100220db0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!CreateICW                                    0000000075e0c040 5 bytes JMP 0000000100220130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W                        0000000075e0c107 5 bytes JMP 0000000100220670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SetWorldTransform                            0000000075e0c269 5 bytes JMP 00000001002206f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                              0000000075e0d1f1 5 bytes JMP 0000000100220df0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A                        0000000075e0d349 5 bytes JMP 0000000100220630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                                  0000000075e0dce4 5 bytes JMP 0000000100220930
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!CreateDCW                                    0000000075e0e743 5 bytes JMP 00000001002200f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!ExtEscape                                    0000000075e103b7 5 bytes JMP 00000001002202b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!Escape                                       0000000075e11bda 5 bytes JMP 0000000100220270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                                 0000000075e11e89 5 bytes JMP 0000000100220cf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                              0000000075e14843 5 bytes JMP 0000000100220b30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                                0000000075e15690 5 bytes JMP 0000000100220b70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!EndPage                                      0000000075e16bde 5 bytes JMP 0000000100220230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!ResetDCW                                     0000000075e1e2db 5 bytes JMP 0000000100220ab0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                             0000000075e2940d 5 bytes JMP 0000000100220cb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW                  0000000075e2c621 5 bytes JMP 0000000100220bb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                             0000000075e2d2b2 5 bytes JMP 0000000100220bf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW                          0000000075e2d919 5 bytes JMP 0000000100220c30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!AbortDoc                                     0000000075e33adc 5 bytes JMP 0000000100220030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!EndDoc                                       0000000075e33f29 5 bytes JMP 00000001002201f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!StartPage                                    0000000075e3401a 5 bytes JMP 0000000100220730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!StartDocW                                    0000000075e34c51 5 bytes JMP 00000001002207f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!BeginPath                                    0000000075e353fd 5 bytes JMP 0000000100220830
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!SelectClipPath                               0000000075e35454 5 bytes JMP 0000000100220af0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!CloseFigure                                  0000000075e354af 5 bytes JMP 0000000100220070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!EndPath                                      0000000075e35506 5 bytes JMP 0000000100220a70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!StrokePath                                   0000000075e3573f 5 bytes JMP 00000001002207b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!FillPath                                     0000000075e357d2 5 bytes JMP 0000000100220870
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!PolylineTo                                   0000000075e35c44 5 bytes JMP 00000001002204f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                                 0000000075e35cd5 5 bytes JMP 00000001002204b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\GDI32.dll!PolyDraw                                     0000000075e35d87 5 bytes JMP 00000001002208b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!MapWindowPoints                             0000000074fa8c40 5 bytes JMP 0000000100230570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW                    0000000074fa9ebd 5 bytes JMP 00000001002302b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA                    0000000074fb0afa 5 bytes JMP 00000001002302f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetClientRect                               0000000074fb0c62 7 bytes JMP 00000001002305b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetParent                                   0000000074fb0f68 7 bytes JMP 00000001002306f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!IsWindowVisible                             0000000074fb112d 7 bytes JMP 00000001002306b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!PostMessageW                                0000000074fb12a5 5 bytes JMP 00000001002305f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!ScreenToClient                              0000000074fb227d 7 bytes JMP 0000000100230670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!MonitorFromWindow                           0000000074fb3150 7 bytes JMP 0000000100230630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!SetCursor                                   0000000074fb41f6 5 bytes JMP 0000000100230530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA                     0000000074fb68ef 5 bytes JMP 0000000100230270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW                     0000000074fb77fa 5 bytes JMP 0000000100230230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetTopWindow                                0000000074fb7887 7 bytes JMP 0000000100230730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable                  0000000074fb8676 5 bytes JMP 00000001002300f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber                  0000000074fb8696 5 bytes JMP 0000000100230330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!CloseClipboard                              0000000074fb8e8d 5 bytes JMP 00000001002300b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!OpenClipboard                               0000000074fb8ecb 5 bytes JMP 0000000100230070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain                        0000000074fbc17b 5 bytes JMP 0000000100230430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats                        0000000074fbc449 5 bytes JMP 00000001002301b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow                      0000000074fbc468 5 bytes JMP 00000001002303f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!CountClipboardFormats                       0000000074fbc486 5 bytes JMP 00000001002301f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                          0000000074fbc4b6 5 bytes JMP 00000001002304b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout                      0000000074fbd6c0 5 bytes JMP 00000001002304f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetClipboardOwner                           0000000074fbe360 5 bytes JMP 0000000100230370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!SetClipboardData                            0000000074fe8e57 5 bytes JMP 0000000100230170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!SetCursorPos                                0000000074fe9cfd 5 bytes JMP 0000000100230770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetClipboardData                            0000000074fe9f1d 5 bytes JMP 0000000100230030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!EmptyClipboard                              0000000075007cb9 5 bytes JMP 0000000100230130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetClipboardViewer                          0000000075008111 5 bytes JMP 0000000100230470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat                  000000007500832f 5 bytes JMP 00000001002303b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer                          0000000074cc9606 5 bytes JMP 00000001002800f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle                      0000000074cd0581 5 bytes JMP 0000000100280130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext                      0000000074cd0bb9 5 bytes JMP 0000000100280270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken                          0000000074cd0c2e 5 bytes JMP 00000001002801b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA                    0000000074cd0f2e 5 bytes JMP 0000000100280070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA                0000000074cd1096 5 bytes JMP 00000001002800b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                             0000000074cd124e 5 bytes JMP 00000001002801f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                             0000000074cd129d 5 bytes JMP 0000000100280230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA                  0000000074cd1527 5 bytes JMP 0000000100280030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA                 0000000074cd1590 5 bytes JMP 0000000100280170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\ole32.dll!OleSetClipboard                              00000000753d0045 5 bytes JMP 0000000100290030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard                        00000000753d36b2 5 bytes JMP 0000000100290070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\ole32.dll!OleGetClipboard                              00000000753ffdcd 5 bytes JMP 00000001002900b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000074d71465 2 bytes [D7, 74]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   0000000074d714bb 2 bytes [D7, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000074d71465 2 bytes [D7, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000074d714bb 2 bytes [D7, 74]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4544:4752]                                                                                         000007fefbbf2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4544:4764]                                                                                         000007fef15ad618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4544:3524]                                                                                         000007fef8d75124

---- Registry - GMER 2.1 ----

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore@Count                                         1461
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53707962-6F74-2D53-2644-206D7942484F}\iexplore@Count                                         1173
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53707962-6F74-2D53-2644-206D7942484F}\iexplore@Blocked                                       1173
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}\iexplore@Count                                         2922
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\iexplore@Count                                         1461
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}\iexplore@Count                                         1461

---- EOF - GMER 2.1 ----
         
--- --- ---
__________________

Alt 07.03.2013, 14:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 14:16   #5
Chesser
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Ich habe die mbar.exe auseführt. Es erscheint im Anschluss folgende Meldung. Ich denke, dass Löschen richtig ist habe aber hier gestopppt:

Zudem noch zwei Punkte, die ich eingangs vergessen habe zu erwähnen. Beim Anmelden des COmputernutzers, sagt er ganz immer wieder mal "falsches Passwort". Erst hatte ich vermutet, dass es aufgrund zu schneller Eingabe geschieht oder eine Taste nachklemmt (Großschreibung). Dies würde ich aber auch aufgrund der jetzigen Achtsamkeit dabei und auch aufgrund der relativen Häufigkeit der Meldung ausschließen. Also auch hier vermute ich, dass da was faul ist.
Ich habe auch das Gefühl, dass zur Zeit mehr blödsinnige Werbung erscheint. Unter anderem eben im Thema innerhalb meines Einangsposting in diesem Forum. Ich kann leider keinen Screenshot davon machen, da beim erneuten Aufruf diese Meldung nicht mehr erschien.

So, dass war es jetzt aber auch.

Angehängte Grafiken
Dateityp: png bug2.png (29,6 KB, 150x aufgerufen)

Alt 08.03.2013, 15:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Bei dieser Meldung von MBAR bitte auf nein klicken und dann normal weitermachen
__________________
--> Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet

Alt 08.03.2013, 15:50   #7
Chesser
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Der mbar.exe-Scan sagte mir, er hätte nicht verdächtiges gefunden. Ein Log-Datei gibt es (daher ?) nicht.

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-08 14:44:07
-----------------------------
14:44:07.317    OS Version: Windows x64 6.1.7601 Service Pack 1
14:44:07.317    Number of processors: 4 586 0x2A07
14:44:07.317    ComputerName: ***-PC2  UserName: ***
14:44:08.190    Initialize success
14:46:15.207    AVAST engine defs: 13030800
14:48:28.026    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:48:28.026    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
14:48:28.057    Disk 0 MBR read successfully
14:48:28.057    Disk 0 MBR scan
14:48:28.088    Disk 0 Windows 7 default MBR code
14:48:28.088    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        20480 MB offset 2048
14:48:28.120    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 41945088
14:48:28.135    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       284663 MB offset 42149888
14:48:28.182    Disk 0 scanning C:\Windows\system32\drivers
14:48:37.168    Service scanning
14:49:01.706    Modules scanning
14:49:01.706    Disk 0 trace - called modules:
14:49:01.722    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
14:49:01.753    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007595060]
14:49:01.753    3 CLASSPNP.SYS[fffff88001c8d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004dcc050]
14:49:02.923    AVAST engine scan C:\Windows
14:49:05.092    AVAST engine scan C:\Windows\system32
14:52:39.638    AVAST engine scan C:\Windows\system32\drivers
14:52:51.026    AVAST engine scan C:\Users\***
15:26:22.510    AVAST engine scan C:\ProgramData
15:39:06.095    Scan finished successfully
15:40:48.613    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
15:40:48.617    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
TDSS-KIller zeugt ir keine Funde an. Ich habe auf meinem Rechner selbst dazu keinen Bericht gefunden. Allerdings zeigt hier oben rechts nach dem Scan, das Reportfeld folgenden Bericht an:


Code:
ATTFilter
15:53:15.0030 5060  wlidsvc - ok
15:53:15.0059 5060  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:53:15.0087 5060  WmiAcpi - ok
15:53:15.0125 5060  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:53:15.0180 5060  wmiApSrv - ok
15:53:15.0209 5060  WMPNetworkSvc - ok
15:53:15.0238 5060  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:53:15.0268 5060  WPCSvc - ok
15:53:15.0289 5060  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:53:15.0335 5060  WPDBusEnum - ok
15:53:15.0363 5060  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:53:15.0403 5060  ws2ifsl - ok
15:53:15.0422 5060  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:53:15.0450 5060  wscsvc - ok
15:53:15.0454 5060  WSearch - ok
15:53:15.0518 5060  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:53:15.0606 5060  wuauserv - ok
15:53:15.0640 5060  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:53:15.0675 5060  WudfPf - ok
15:53:15.0717 5060  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:53:15.0741 5060  WUDFRd - ok
15:53:15.0769 5060  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:53:15.0792 5060  wudfsvc - ok
15:53:15.0825 5060  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:53:15.0863 5060  WwanSvc - ok
15:53:15.0868 5060  ================ Scan global ===============================
15:53:15.0890 5060  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:53:15.0933 5060  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:53:15.0957 5060  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:53:15.0995 5060  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:53:16.0030 5060  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:53:16.0042 5060  [Global] - ok
15:53:16.0043 5060  ================ Scan MBR ==================================
15:53:16.0060 5060  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:53:16.0664 5060  \Device\Harddisk0\DR0 - ok
15:53:16.0665 5060  ================ Scan VBR ==================================
15:53:16.0670 5060  [ D1D093F71E723EF242E6E60C7F8263DA ] \Device\Harddisk0\DR0\Partition1
15:53:16.0673 5060  \Device\Harddisk0\DR0\Partition1 - ok
15:53:16.0713 5060  [ DE36F66079F3E27BB1CD4E5D30B901A1 ] \Device\Harddisk0\DR0\Partition2
15:53:16.0716 5060  \Device\Harddisk0\DR0\Partition2 - ok
15:53:16.0717 5060  ============================================================
15:53:16.0717 5060  Scan finished
15:53:16.0717 5060  ============================================================
15:53:16.0744 5020  Detected object count: 0
15:53:16.0744 5020  Actual detected object count: 0
         

Geändert von Chesser (08.03.2013 um 16:02 Uhr)

Alt 08.03.2013, 16:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Zitat:
Ein Log-Datei gibt es (daher ?) nicht.
Doch, lies dir mal die Anleitung durch
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 17:03   #9
Chesser
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Seltsam, ja in dem Ordner war ich auch und hatte nichts gefunden nach dem ersten Scan.

Habe noch einmal gescannt und siehe da.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.08.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC2 [administrator]

08.03.2013 16:46:49
mbar-log-2013-03-08 (16-46-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29825
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 08.03.2013, 17:18   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Das Log vom TDSS-Killer ist leider unvollständig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 17:42   #11
Chesser
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Hm, neuer Versuch. Ich habe noch einmal gescannt und den Report eingefügt.

Code:
ATTFilter
17:38:48.0930 4760  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:38:49.0164 4760  ============================================================
17:38:49.0164 4760  Current date / time: 2013/03/08 17:38:49.0164
17:38:49.0164 4760  SystemInfo:
17:38:49.0164 4760  
17:38:49.0164 4760  OS Version: 6.1.7601 ServicePack: 1.0
17:38:49.0164 4760  Product type: Workstation
17:38:49.0164 4760  ComputerName: ***-PC2
17:38:49.0164 4760  UserName: ***
17:38:49.0164 4760  Windows directory: C:\Windows
17:38:49.0164 4760  System windows directory: C:\Windows
17:38:49.0164 4760  Running under WOW64
17:38:49.0164 4760  Processor architecture: Intel x64
17:38:49.0164 4760  Number of processors: 4
17:38:49.0164 4760  Page size: 0x1000
17:38:49.0164 4760  Boot type: Normal boot
17:38:49.0164 4760  ============================================================
17:38:49.0804 4760  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:49.0804 4760  ============================================================
17:38:49.0804 4760  \Device\Harddisk0\DR0:
17:38:49.0804 4760  MBR partitions:
17:38:49.0804 4760  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
17:38:49.0804 4760  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x22BFB800
17:38:49.0804 4760  ============================================================
17:38:49.0835 4760  C: <-> \Device\Harddisk0\DR0\Partition2
17:38:49.0835 4760  ============================================================
17:38:49.0835 4760  Initialize success
17:38:49.0835 4760  ============================================================
17:39:10.0037 2884  ============================================================
17:39:10.0037 2884  Scan started
17:39:10.0037 2884  Mode: Manual; SigCheck; TDLFS; 
17:39:10.0037 2884  ============================================================
17:39:10.0193 2884  ================ Scan system memory ========================
17:39:10.0193 2884  System memory - ok
17:39:10.0193 2884  ================ Scan services =============================
17:39:10.0412 2884  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:39:10.0583 2884  1394ohci - ok
17:39:10.0615 2884  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:39:10.0646 2884  ACPI - ok
17:39:10.0646 2884  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:39:10.0693 2884  AcpiPmi - ok
17:39:10.0817 2884  [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
17:39:10.0864 2884  AdobeActiveFileMonitor9.0 - ok
17:39:10.0973 2884  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:39:11.0005 2884  AdobeARMservice - ok
17:39:11.0176 2884  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:39:11.0207 2884  AdobeFlashPlayerUpdateSvc - ok
17:39:11.0285 2884  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:39:11.0410 2884  adp94xx - ok
17:39:11.0441 2884  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:39:11.0457 2884  adpahci - ok
17:39:11.0457 2884  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:39:11.0473 2884  adpu320 - ok
17:39:11.0504 2884  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:39:11.0551 2884  AeLookupSvc - ok
17:39:11.0613 2884  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:39:11.0675 2884  AFD - ok
17:39:11.0722 2884  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:39:11.0738 2884  agp440 - ok
17:39:11.0769 2884  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:39:11.0800 2884  ALG - ok
17:39:11.0831 2884  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:39:11.0863 2884  aliide - ok
17:39:11.0863 2884  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:39:11.0878 2884  amdide - ok
17:39:11.0878 2884  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:39:11.0909 2884  AmdK8 - ok
17:39:11.0909 2884  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:39:11.0941 2884  AmdPPM - ok
17:39:11.0941 2884  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:39:11.0956 2884  amdsata - ok
17:39:11.0972 2884  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:39:11.0987 2884  amdsbs - ok
17:39:12.0003 2884  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:39:12.0003 2884  amdxata - ok
17:39:12.0206 2884  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:39:12.0253 2884  AntiVirSchedulerService - ok
17:39:12.0299 2884  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:39:12.0346 2884  AntiVirService - ok
17:39:12.0377 2884  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:39:12.0455 2884  AppID - ok
17:39:12.0471 2884  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:39:12.0533 2884  AppIDSvc - ok
17:39:12.0549 2884  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:39:12.0596 2884  Appinfo - ok
17:39:12.0643 2884  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:39:12.0674 2884  arc - ok
17:39:12.0674 2884  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:39:12.0689 2884  arcsas - ok
17:39:12.0705 2884  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:39:12.0767 2884  AsyncMac - ok
17:39:12.0799 2884  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:39:12.0814 2884  atapi - ok
17:39:12.0908 2884  [ C8679A07267F030704168E45E27C3D43 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:39:13.0048 2884  athr - ok
17:39:13.0095 2884  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:39:13.0173 2884  AudioEndpointBuilder - ok
17:39:13.0204 2884  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:39:13.0235 2884  AudioSrv - ok
17:39:13.0282 2884  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:39:13.0329 2884  avgntflt - ok
17:39:13.0376 2884  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:39:13.0391 2884  avipbb - ok
17:39:13.0423 2884  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:39:13.0438 2884  avkmgr - ok
17:39:13.0485 2884  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:39:13.0532 2884  AxInstSV - ok
17:39:13.0579 2884  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:39:13.0641 2884  b06bdrv - ok
17:39:13.0688 2884  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:39:13.0750 2884  b57nd60a - ok
17:39:13.0797 2884  [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
17:39:13.0813 2884  b57xdbd - ok
17:39:13.0828 2884  [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
17:39:13.0844 2884  b57xdmp - ok
17:39:13.0984 2884  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
17:39:14.0031 2884  BBSvc - ok
17:39:14.0093 2884  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
17:39:14.0125 2884  BBUpdate - ok
17:39:14.0171 2884  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:39:14.0218 2884  BDESVC - ok
17:39:14.0265 2884  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:39:14.0343 2884  Beep - ok
17:39:14.0390 2884  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:39:14.0452 2884  BFE - ok
17:39:14.0499 2884  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:39:14.0546 2884  BITS - ok
17:39:14.0593 2884  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:39:14.0655 2884  blbdrive - ok
17:39:14.0686 2884  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:39:14.0733 2884  bowser - ok
17:39:14.0749 2884  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:39:14.0780 2884  BrFiltLo - ok
17:39:14.0780 2884  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:39:14.0795 2884  BrFiltUp - ok
17:39:14.0842 2884  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:39:14.0858 2884  Browser - ok
17:39:14.0858 2884  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:39:14.0905 2884  Brserid - ok
17:39:14.0905 2884  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:39:14.0936 2884  BrSerWdm - ok
17:39:14.0936 2884  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:39:14.0951 2884  BrUsbMdm - ok
17:39:14.0967 2884  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:39:14.0983 2884  BrUsbSer - ok
17:39:15.0045 2884  [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
17:39:15.0045 2884  bScsiMSa - ok
17:39:15.0076 2884  [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
17:39:15.0092 2884  bScsiSDa - ok
17:39:15.0123 2884  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:39:15.0139 2884  BTHMODEM - ok
17:39:15.0185 2884  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:39:15.0248 2884  bthserv - ok
17:39:15.0279 2884  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:39:15.0326 2884  cdfs - ok
17:39:15.0373 2884  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:39:15.0435 2884  cdrom - ok
17:39:15.0451 2884  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:39:15.0544 2884  CertPropSvc - ok
17:39:15.0560 2884  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:39:15.0591 2884  circlass - ok
17:39:15.0622 2884  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:39:15.0638 2884  CLFS - ok
17:39:15.0700 2884  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:39:15.0747 2884  clr_optimization_v2.0.50727_32 - ok
17:39:15.0778 2884  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:39:15.0794 2884  clr_optimization_v2.0.50727_64 - ok
17:39:15.0841 2884  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:39:15.0872 2884  clr_optimization_v4.0.30319_32 - ok
17:39:15.0903 2884  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:39:15.0934 2884  clr_optimization_v4.0.30319_64 - ok
17:39:15.0965 2884  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:39:16.0012 2884  CmBatt - ok
17:39:16.0028 2884  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:39:16.0043 2884  cmdide - ok
17:39:16.0090 2884  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:39:16.0168 2884  CNG - ok
17:39:16.0184 2884  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:39:16.0199 2884  Compbatt - ok
17:39:16.0215 2884  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:39:16.0262 2884  CompositeBus - ok
17:39:16.0277 2884  COMSysApp - ok
17:39:16.0293 2884  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:39:16.0309 2884  crcdisk - ok
17:39:16.0371 2884  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:39:16.0418 2884  CryptSvc - ok
17:39:16.0527 2884  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:39:16.0574 2884  cvhsvc - ok
17:39:16.0605 2884  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:39:16.0652 2884  DcomLaunch - ok
17:39:16.0683 2884  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:39:16.0761 2884  defragsvc - ok
17:39:16.0792 2884  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:39:16.0839 2884  DfsC - ok
17:39:16.0886 2884  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:39:16.0933 2884  Dhcp - ok
17:39:16.0964 2884  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:39:17.0011 2884  discache - ok
17:39:17.0057 2884  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:39:17.0073 2884  Disk - ok
17:39:17.0073 2884  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:39:17.0104 2884  Dnscache - ok
17:39:17.0135 2884  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:39:17.0182 2884  dot3svc - ok
17:39:17.0182 2884  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:39:17.0229 2884  DPS - ok
17:39:17.0260 2884  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:39:17.0291 2884  drmkaud - ok
17:39:17.0354 2884  [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:39:17.0385 2884  DsiWMIService - ok
17:39:17.0416 2884  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:39:17.0447 2884  DXGKrnl - ok
17:39:17.0463 2884  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:39:17.0510 2884  EapHost - ok
17:39:17.0588 2884  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:39:17.0744 2884  ebdrv - ok
17:39:17.0775 2884  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:39:17.0837 2884  EFS - ok
17:39:17.0900 2884  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:39:17.0962 2884  ehRecvr - ok
17:39:17.0993 2884  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:39:18.0025 2884  ehSched - ok
17:39:18.0071 2884  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:39:18.0134 2884  elxstor - ok
17:39:18.0227 2884  [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
17:39:18.0305 2884  ePowerSvc - ok
17:39:18.0305 2884  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:39:18.0337 2884  ErrDev - ok
17:39:18.0368 2884  [ DBAA0C650C9549DC5C599D1E81DEDAAD ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
17:39:18.0383 2884  ETD - ok
17:39:18.0430 2884  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:39:18.0493 2884  EventSystem - ok
17:39:18.0524 2884  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:39:18.0555 2884  exfat - ok
17:39:18.0602 2884  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:39:18.0649 2884  fastfat - ok
17:39:18.0680 2884  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:39:18.0711 2884  Fax - ok
17:39:18.0742 2884  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:39:18.0773 2884  fdc - ok
17:39:18.0789 2884  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:39:18.0820 2884  fdPHost - ok
17:39:18.0836 2884  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:39:18.0867 2884  FDResPub - ok
17:39:18.0898 2884  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:39:18.0929 2884  FileInfo - ok
17:39:18.0945 2884  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:39:18.0992 2884  Filetrace - ok
17:39:19.0007 2884  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:39:19.0023 2884  flpydisk - ok
17:39:19.0054 2884  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:39:19.0070 2884  FltMgr - ok
17:39:19.0101 2884  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:39:19.0210 2884  FontCache - ok
17:39:19.0273 2884  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:39:19.0304 2884  FontCache3.0.0.0 - ok
17:39:19.0304 2884  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:39:19.0319 2884  FsDepends - ok
17:39:19.0366 2884  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:39:19.0366 2884  Fs_Rec - ok
17:39:19.0413 2884  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:39:19.0444 2884  fvevol - ok
17:39:19.0475 2884  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:39:19.0491 2884  gagp30kx - ok
17:39:19.0553 2884  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:39:19.0600 2884  GamesAppService - ok
17:39:19.0647 2884  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:39:19.0709 2884  gpsvc - ok
17:39:19.0772 2884  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService     C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
17:39:19.0803 2884  GREGService - ok
17:39:19.0834 2884  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:39:19.0865 2884  hcw85cir - ok
17:39:19.0881 2884  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:39:19.0943 2884  HdAudAddService - ok
17:39:19.0990 2884  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:39:20.0021 2884  HDAudBus - ok
17:39:20.0021 2884  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:39:20.0053 2884  HidBatt - ok
17:39:20.0068 2884  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:39:20.0099 2884  HidBth - ok
17:39:20.0115 2884  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:39:20.0131 2884  HidIr - ok
17:39:20.0146 2884  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:39:20.0209 2884  hidserv - ok
17:39:20.0224 2884  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:39:20.0240 2884  HidUsb - ok
17:39:20.0271 2884  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:39:20.0365 2884  hkmsvc - ok
17:39:20.0411 2884  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:39:20.0489 2884  HomeGroupListener - ok
17:39:20.0505 2884  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:39:20.0536 2884  HomeGroupProvider - ok
17:39:20.0567 2884  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:39:20.0583 2884  HpSAMD - ok
17:39:20.0614 2884  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:39:20.0677 2884  HTTP - ok
17:39:20.0708 2884  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:39:20.0723 2884  hwpolicy - ok
17:39:20.0739 2884  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:39:20.0755 2884  i8042prt - ok
17:39:20.0786 2884  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
17:39:20.0801 2884  iaStor - ok
17:39:20.0864 2884  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:39:20.0879 2884  IAStorDataMgrSvc - ok
17:39:20.0911 2884  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:39:20.0942 2884  iaStorV - ok
17:39:21.0004 2884  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:39:21.0067 2884  idsvc - ok
17:39:21.0332 2884  [ 9937600A1584FF00565D5379EB4C9EDB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:39:21.0784 2884  igfx - ok
17:39:21.0831 2884  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:39:21.0847 2884  iirsp - ok
17:39:21.0878 2884  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:39:21.0956 2884  IKEEXT - ok
17:39:22.0049 2884  [ B60ACCD29F8FAFC4A6344CD2BD5CA3A5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:39:22.0112 2884  IntcAzAudAddService - ok
17:39:22.0159 2884  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:39:22.0174 2884  IntcDAud - ok
17:39:22.0205 2884  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:39:22.0221 2884  intelide - ok
17:39:22.0252 2884  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:39:22.0283 2884  intelppm - ok
17:39:22.0315 2884  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:39:22.0361 2884  IPBusEnum - ok
17:39:22.0393 2884  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:39:22.0424 2884  IpFilterDriver - ok
17:39:22.0455 2884  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:39:22.0533 2884  iphlpsvc - ok
17:39:22.0533 2884  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:39:22.0564 2884  IPMIDRV - ok
17:39:22.0564 2884  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:39:22.0611 2884  IPNAT - ok
17:39:22.0642 2884  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:39:22.0689 2884  IRENUM - ok
17:39:22.0705 2884  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:39:22.0736 2884  isapnp - ok
17:39:22.0751 2884  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:39:22.0783 2884  iScsiPrt - ok
17:39:22.0829 2884  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
17:39:22.0845 2884  k57nd60a - ok
17:39:22.0861 2884  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:39:22.0876 2884  kbdclass - ok
17:39:22.0892 2884  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:39:22.0907 2884  kbdhid - ok
17:39:22.0939 2884  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:39:22.0954 2884  KeyIso - ok
17:39:22.0970 2884  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:39:22.0985 2884  KSecDD - ok
17:39:23.0001 2884  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:39:23.0017 2884  KSecPkg - ok
17:39:23.0032 2884  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:39:23.0095 2884  ksthunk - ok
17:39:23.0126 2884  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:39:23.0188 2884  KtmRm - ok
17:39:23.0219 2884  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:39:23.0282 2884  LanmanServer - ok
17:39:23.0313 2884  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:39:23.0360 2884  LanmanWorkstation - ok
17:39:23.0407 2884  [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
17:39:23.0469 2884  Live Updater Service - ok
17:39:23.0485 2884  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:39:23.0547 2884  lltdio - ok
17:39:23.0594 2884  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:39:23.0656 2884  lltdsvc - ok
17:39:23.0672 2884  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:39:23.0719 2884  lmhosts - ok
17:39:23.0781 2884  [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:39:23.0828 2884  LMS - ok
17:39:23.0875 2884  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:39:23.0890 2884  LSI_FC - ok
17:39:23.0906 2884  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:39:23.0921 2884  LSI_SAS - ok
17:39:23.0921 2884  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:39:23.0937 2884  LSI_SAS2 - ok
17:39:23.0937 2884  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:39:23.0953 2884  LSI_SCSI - ok
17:39:23.0984 2884  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:39:24.0031 2884  luafv - ok
17:39:24.0077 2884  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:39:24.0077 2884  MBAMProtector - ok
17:39:24.0187 2884  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:39:24.0218 2884  MBAMScheduler - ok
17:39:24.0265 2884  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:39:24.0296 2884  MBAMService - ok
17:39:24.0327 2884  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:39:24.0374 2884  Mcx2Svc - ok
17:39:24.0389 2884  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:39:24.0389 2884  megasas - ok
17:39:24.0421 2884  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:39:24.0436 2884  MegaSR - ok
17:39:24.0467 2884  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:39:24.0499 2884  MEIx64 - ok
17:39:24.0545 2884  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:39:24.0623 2884  MMCSS - ok
17:39:24.0623 2884  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:39:24.0670 2884  Modem - ok
17:39:24.0701 2884  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:39:24.0733 2884  monitor - ok
17:39:24.0748 2884  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:39:24.0764 2884  mouclass - ok
17:39:24.0779 2884  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:39:24.0795 2884  mouhid - ok
17:39:24.0826 2884  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:39:24.0842 2884  mountmgr - ok
17:39:24.0904 2884  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:39:24.0935 2884  MozillaMaintenance - ok
17:39:24.0967 2884  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:39:25.0013 2884  mpio - ok
17:39:25.0029 2884  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:39:25.0076 2884  mpsdrv - ok
17:39:25.0107 2884  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:39:25.0216 2884  MpsSvc - ok
17:39:25.0216 2884  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:39:25.0247 2884  MRxDAV - ok
17:39:25.0263 2884  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:39:25.0294 2884  mrxsmb - ok
17:39:25.0310 2884  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:39:25.0325 2884  mrxsmb10 - ok
17:39:25.0341 2884  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:39:25.0357 2884  mrxsmb20 - ok
17:39:25.0372 2884  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:39:25.0372 2884  msahci - ok
17:39:25.0388 2884  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:39:25.0403 2884  msdsm - ok
17:39:25.0419 2884  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:39:25.0450 2884  MSDTC - ok
17:39:25.0466 2884  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:39:25.0513 2884  Msfs - ok
17:39:25.0528 2884  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:39:25.0575 2884  mshidkmdf - ok
17:39:25.0575 2884  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:39:25.0591 2884  msisadrv - ok
17:39:25.0637 2884  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:39:25.0684 2884  MSiSCSI - ok
17:39:25.0684 2884  msiserver - ok
17:39:25.0700 2884  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:39:25.0762 2884  MSKSSRV - ok
17:39:25.0793 2884  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:39:25.0840 2884  MSPCLOCK - ok
17:39:25.0856 2884  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:39:25.0903 2884  MSPQM - ok
17:39:25.0918 2884  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:39:25.0949 2884  MsRPC - ok
17:39:25.0965 2884  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:39:25.0965 2884  mssmbios - ok
17:39:25.0981 2884  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:39:26.0012 2884  MSTEE - ok
17:39:26.0027 2884  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:39:26.0027 2884  MTConfig - ok
17:39:26.0043 2884  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:39:26.0059 2884  Mup - ok
17:39:26.0090 2884  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:39:26.0152 2884  napagent - ok
17:39:26.0183 2884  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:39:26.0230 2884  NativeWifiP - ok
17:39:26.0308 2884  [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
17:39:26.0339 2884  NAUpdate - ok
17:39:26.0386 2884  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:39:26.0417 2884  NDIS - ok
17:39:26.0449 2884  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:39:26.0480 2884  NdisCap - ok
17:39:26.0527 2884  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:39:26.0589 2884  NdisTapi - ok
17:39:26.0620 2884  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:39:26.0667 2884  Ndisuio - ok
17:39:26.0683 2884  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:39:26.0729 2884  NdisWan - ok
17:39:26.0761 2884  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:39:26.0839 2884  NDProxy - ok
17:39:26.0854 2884  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:39:26.0901 2884  NetBIOS - ok
17:39:26.0932 2884  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:39:26.0979 2884  NetBT - ok
17:39:26.0995 2884  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:39:27.0010 2884  Netlogon - ok
17:39:27.0057 2884  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:39:27.0104 2884  Netman - ok
17:39:27.0104 2884  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:39:27.0151 2884  netprofm - ok
17:39:27.0166 2884  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:39:27.0182 2884  NetTcpPortSharing - ok
17:39:27.0229 2884  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:39:27.0244 2884  nfrd960 - ok
17:39:27.0291 2884  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:39:27.0307 2884  NlaSvc - ok
17:39:27.0322 2884  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:39:27.0353 2884  Npfs - ok
17:39:27.0385 2884  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:39:27.0416 2884  nsi - ok
17:39:27.0416 2884  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:39:27.0478 2884  nsiproxy - ok
17:39:27.0541 2884  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:39:27.0681 2884  Ntfs - ok
17:39:27.0712 2884  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:39:27.0743 2884  Null - ok
17:39:28.0055 2884  [ E97E8C80793EF12C994607CA5645799A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:39:28.0289 2884  nvlddmkm - ok
17:39:28.0321 2884  [ 50612BD6943B9CB20008E9E241DC8B7D ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
17:39:28.0336 2884  nvpciflt - ok
17:39:28.0367 2884  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:39:28.0383 2884  nvraid - ok
17:39:28.0383 2884  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:39:28.0399 2884  nvstor - ok
17:39:28.0461 2884  [ F355C26FDE46EDB911E3E3D749E985AE ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:39:28.0508 2884  nvsvc - ok
17:39:28.0601 2884  [ 03AA7307C0D92D38D7AF90E181736B8D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:39:28.0679 2884  nvUpdatusService - ok
17:39:28.0711 2884  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:39:28.0726 2884  nv_agp - ok
17:39:28.0726 2884  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:39:28.0757 2884  ohci1394 - ok
17:39:28.0773 2884  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:39:28.0789 2884  ose - ok
17:39:28.0976 2884  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:39:29.0241 2884  osppsvc - ok
17:39:29.0272 2884  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:39:29.0303 2884  p2pimsvc - ok
17:39:29.0335 2884  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:39:29.0350 2884  p2psvc - ok
17:39:29.0381 2884  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
17:39:29.0397 2884  Parport - ok
17:39:29.0428 2884  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:39:29.0444 2884  partmgr - ok
17:39:29.0459 2884  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:39:29.0491 2884  PcaSvc - ok
17:39:29.0522 2884  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:39:29.0537 2884  pci - ok
17:39:29.0537 2884  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:39:29.0553 2884  pciide - ok
17:39:29.0553 2884  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:39:29.0569 2884  pcmcia - ok
17:39:29.0584 2884  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:39:29.0600 2884  pcw - ok
17:39:29.0615 2884  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:39:29.0693 2884  PEAUTH - ok
17:39:29.0803 2884  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:39:29.0849 2884  PerfHost - ok
17:39:29.0912 2884  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:39:29.0974 2884  pla - ok
17:39:30.0037 2884  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:39:30.0115 2884  PlugPlay - ok
17:39:30.0130 2884  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:39:30.0161 2884  PNRPAutoReg - ok
17:39:30.0208 2884  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:39:30.0224 2884  PNRPsvc - ok
17:39:30.0271 2884  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:39:30.0395 2884  PolicyAgent - ok
17:39:30.0427 2884  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:39:30.0489 2884  Power - ok
17:39:30.0520 2884  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:39:30.0583 2884  PptpMiniport - ok
17:39:30.0598 2884  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:39:30.0614 2884  Processor - ok
17:39:30.0645 2884  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:39:30.0661 2884  ProfSvc - ok
17:39:30.0676 2884  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:39:30.0692 2884  ProtectedStorage - ok
17:39:30.0723 2884  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:39:30.0770 2884  Psched - ok
17:39:30.0832 2884  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
17:39:30.0863 2884  PxHlpa64 - ok
17:39:30.0926 2884  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:39:31.0004 2884  ql2300 - ok
17:39:31.0019 2884  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:39:31.0035 2884  ql40xx - ok
17:39:31.0051 2884  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:39:31.0082 2884  QWAVE - ok
17:39:31.0097 2884  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:39:31.0129 2884  QWAVEdrv - ok
17:39:31.0129 2884  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:39:31.0160 2884  RasAcd - ok
17:39:31.0207 2884  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:39:31.0269 2884  RasAgileVpn - ok
17:39:31.0300 2884  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:39:31.0347 2884  RasAuto - ok
17:39:31.0378 2884  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:39:31.0425 2884  Rasl2tp - ok
17:39:31.0441 2884  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:39:31.0503 2884  RasMan - ok
17:39:31.0519 2884  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:39:31.0565 2884  RasPppoe - ok
17:39:31.0597 2884  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:39:31.0643 2884  RasSstp - ok
17:39:31.0675 2884  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:39:31.0784 2884  rdbss - ok
17:39:31.0799 2884  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:39:31.0831 2884  rdpbus - ok
17:39:31.0862 2884  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:39:31.0893 2884  RDPCDD - ok
17:39:31.0909 2884  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:39:31.0940 2884  RDPENCDD - ok
17:39:31.0955 2884  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:39:31.0987 2884  RDPREFMP - ok
17:39:32.0018 2884  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:39:32.0033 2884  RDPWD - ok
17:39:32.0080 2884  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:39:32.0127 2884  rdyboost - ok
17:39:32.0143 2884  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:39:32.0189 2884  RemoteAccess - ok
17:39:32.0221 2884  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:39:32.0267 2884  RemoteRegistry - ok
17:39:32.0283 2884  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:39:32.0345 2884  RpcEptMapper - ok
17:39:32.0361 2884  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:39:32.0392 2884  RpcLocator - ok
17:39:32.0423 2884  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:39:32.0455 2884  RpcSs - ok
17:39:32.0486 2884  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:39:32.0579 2884  rspndr - ok
17:39:32.0595 2884  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:39:32.0595 2884  SamSs - ok
17:39:32.0626 2884  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:39:32.0642 2884  sbp2port - ok
17:39:32.0642 2884  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:39:32.0689 2884  SCardSvr - ok
17:39:32.0704 2884  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:39:32.0751 2884  scfilter - ok
17:39:32.0782 2884  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:39:32.0860 2884  Schedule - ok
17:39:32.0876 2884  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:39:32.0907 2884  SCPolicySvc - ok
17:39:32.0923 2884  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
17:39:32.0969 2884  sdbus - ok
17:39:32.0985 2884  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:39:33.0001 2884  SDRSVC - ok
17:39:33.0125 2884  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
17:39:33.0188 2884  SDScannerService - ok
17:39:33.0266 2884  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:39:33.0328 2884  SDUpdateService - ok
17:39:33.0359 2884  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:39:33.0375 2884  SDWSCService - ok
17:39:33.0406 2884  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:39:33.0453 2884  secdrv - ok
17:39:33.0469 2884  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:39:33.0515 2884  seclogon - ok
17:39:33.0562 2884  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:39:33.0593 2884  SENS - ok
17:39:33.0640 2884  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:39:33.0671 2884  SensrSvc - ok
17:39:33.0718 2884  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:39:33.0749 2884  Serenum - ok
17:39:33.0749 2884  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
17:39:33.0796 2884  Serial - ok
17:39:33.0812 2884  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:39:33.0859 2884  sermouse - ok
17:39:33.0890 2884  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:39:33.0937 2884  SessionEnv - ok
17:39:33.0937 2884  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:39:33.0952 2884  sffdisk - ok
17:39:33.0968 2884  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:39:33.0983 2884  sffp_mmc - ok
17:39:33.0983 2884  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:39:34.0015 2884  sffp_sd - ok
17:39:34.0030 2884  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:39:34.0030 2884  sfloppy - ok
17:39:34.0108 2884  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
17:39:34.0155 2884  Sftfs - ok
17:39:34.0233 2884  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:39:34.0280 2884  sftlist - ok
17:39:34.0295 2884  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:39:34.0311 2884  Sftplay - ok
17:39:34.0311 2884  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:39:34.0327 2884  Sftredir - ok
17:39:34.0342 2884  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
17:39:34.0358 2884  Sftvol - ok
17:39:34.0358 2884  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:39:34.0373 2884  sftvsa - ok
17:39:34.0405 2884  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:39:34.0514 2884  SharedAccess - ok
17:39:34.0529 2884  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:39:34.0592 2884  ShellHWDetection - ok
17:39:34.0623 2884  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:39:34.0639 2884  SiSRaid2 - ok
17:39:34.0654 2884  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:39:34.0670 2884  SiSRaid4 - ok
17:39:34.0748 2884  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:39:34.0810 2884  SkypeUpdate - ok
17:39:34.0826 2884  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:39:34.0888 2884  Smb - ok
17:39:34.0951 2884  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:39:34.0997 2884  SNMPTRAP - ok
17:39:35.0029 2884  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:39:35.0044 2884  spldr - ok
17:39:35.0075 2884  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:39:35.0091 2884  Spooler - ok
17:39:35.0185 2884  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:39:35.0325 2884  sppsvc - ok
17:39:35.0341 2884  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:39:35.0372 2884  sppuinotify - ok
17:39:35.0403 2884  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:39:35.0434 2884  srv - ok
17:39:35.0450 2884  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:39:35.0481 2884  srv2 - ok
17:39:35.0497 2884  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:39:35.0512 2884  srvnet - ok
17:39:35.0559 2884  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:39:35.0653 2884  SSDPSRV - ok
17:39:35.0653 2884  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:39:35.0699 2884  SstpSvc - ok
17:39:35.0715 2884  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:39:35.0731 2884  stexstor - ok
17:39:35.0777 2884  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:39:35.0824 2884  stisvc - ok
17:39:35.0840 2884  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:39:35.0855 2884  swenum - ok
17:39:35.0887 2884  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:39:35.0949 2884  swprv - ok
17:39:35.0996 2884  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:39:36.0058 2884  SysMain - ok
17:39:36.0074 2884  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:39:36.0089 2884  TabletInputService - ok
17:39:36.0121 2884  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:39:36.0152 2884  TapiSrv - ok
17:39:36.0167 2884  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:39:36.0214 2884  TBS - ok
17:39:36.0277 2884  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:39:36.0339 2884  Tcpip - ok
17:39:36.0386 2884  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:39:36.0417 2884  TCPIP6 - ok
17:39:36.0448 2884  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:39:36.0464 2884  tcpipreg - ok
17:39:36.0495 2884  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:39:36.0526 2884  TDPIPE - ok
17:39:36.0557 2884  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:39:36.0589 2884  TDTCP - ok
17:39:36.0635 2884  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:39:36.0682 2884  tdx - ok
17:39:36.0698 2884  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:39:36.0713 2884  TermDD - ok
17:39:36.0745 2884  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:39:36.0823 2884  TermService - ok
17:39:36.0838 2884  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:39:36.0854 2884  Themes - ok
17:39:36.0869 2884  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:39:36.0901 2884  THREADORDER - ok
17:39:36.0916 2884  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:39:36.0947 2884  TrkWks - ok
17:39:36.0994 2884  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:39:37.0057 2884  TrustedInstaller - ok
17:39:37.0072 2884  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:39:37.0119 2884  tssecsrv - ok
17:39:37.0135 2884  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:39:37.0166 2884  TsUsbFlt - ok
17:39:37.0181 2884  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:39:37.0197 2884  TsUsbGD - ok
17:39:37.0228 2884  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:39:37.0275 2884  tunnel - ok
17:39:37.0275 2884  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:39:37.0291 2884  uagp35 - ok
17:39:37.0306 2884  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:39:37.0369 2884  udfs - ok
17:39:37.0400 2884  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:39:37.0447 2884  UI0Detect - ok
17:39:37.0447 2884  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:39:37.0462 2884  uliagpkx - ok
17:39:37.0493 2884  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:39:37.0525 2884  umbus - ok
17:39:37.0540 2884  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:39:37.0571 2884  UmPass - ok
17:39:37.0681 2884  [ A678E5DDD974903DD71F503BDCACA218 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:39:37.0790 2884  UNS - ok
17:39:37.0821 2884  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:39:37.0868 2884  upnphost - ok
17:39:37.0883 2884  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:39:37.0899 2884  usbccgp - ok
17:39:37.0930 2884  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:39:37.0946 2884  usbcir - ok
17:39:37.0961 2884  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:39:38.0008 2884  usbehci - ok
17:39:38.0039 2884  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
17:39:38.0102 2884  usbhub - ok
17:39:38.0102 2884  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:39:38.0133 2884  usbohci - ok
17:39:38.0164 2884  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:39:38.0195 2884  usbprint - ok
17:39:38.0211 2884  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:39:38.0258 2884  USBSTOR - ok
17:39:38.0258 2884  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:39:38.0289 2884  usbuhci - ok
17:39:38.0320 2884  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:39:38.0367 2884  usbvideo - ok
17:39:38.0383 2884  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:39:38.0429 2884  UxSms - ok
17:39:38.0476 2884  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:39:38.0476 2884  VaultSvc - ok
17:39:38.0507 2884  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:39:38.0507 2884  vdrvroot - ok
17:39:38.0539 2884  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:39:38.0632 2884  vds - ok
17:39:38.0679 2884  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:39:38.0710 2884  vga - ok
17:39:38.0726 2884  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:39:38.0804 2884  VgaSave - ok
17:39:38.0804 2884  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:39:38.0819 2884  vhdmp - ok
17:39:38.0819 2884  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:39:38.0835 2884  viaide - ok
17:39:38.0866 2884  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:39:38.0882 2884  volmgr - ok
17:39:38.0897 2884  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:39:38.0929 2884  volmgrx - ok
17:39:38.0944 2884  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:39:38.0960 2884  volsnap - ok
17:39:38.0991 2884  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:39:39.0007 2884  vsmraid - ok
17:39:39.0069 2884  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:39:39.0194 2884  VSS - ok
17:39:39.0209 2884  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:39:39.0256 2884  vwifibus - ok
17:39:39.0287 2884  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:39:39.0319 2884  vwififlt - ok
17:39:39.0350 2884  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:39:39.0381 2884  W32Time - ok
17:39:39.0397 2884  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:39:39.0428 2884  WacomPen - ok
17:39:39.0443 2884  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:39:39.0490 2884  WANARP - ok
17:39:39.0521 2884  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:39:39.0553 2884  Wanarpv6 - ok
17:39:39.0615 2884  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:39:39.0724 2884  WatAdminSvc - ok
17:39:39.0771 2884  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:39:39.0833 2884  wbengine - ok
17:39:39.0849 2884  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:39:39.0880 2884  WbioSrvc - ok
17:39:39.0896 2884  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:39:39.0927 2884  wcncsvc - ok
17:39:39.0943 2884  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:39:39.0989 2884  WcsPlugInService - ok
17:39:40.0021 2884  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:39:40.0036 2884  Wd - ok
17:39:40.0067 2884  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:39:40.0099 2884  Wdf01000 - ok
17:39:40.0130 2884  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:39:40.0145 2884  WdiServiceHost - ok
17:39:40.0145 2884  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:39:40.0161 2884  WdiSystemHost - ok
17:39:40.0177 2884  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:39:40.0223 2884  WebClient - ok
17:39:40.0239 2884  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:39:40.0301 2884  Wecsvc - ok
17:39:40.0317 2884  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:39:40.0348 2884  wercplsupport - ok
17:39:40.0379 2884  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:39:40.0457 2884  WerSvc - ok
17:39:40.0489 2884  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:39:40.0520 2884  WfpLwf - ok
17:39:40.0535 2884  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:39:40.0551 2884  WIMMount - ok
17:39:40.0582 2884  WinDefend - ok
17:39:40.0582 2884  WinHttpAutoProxySvc - ok
17:39:40.0645 2884  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:39:40.0723 2884  Winmgmt - ok
17:39:40.0801 2884  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:39:40.0894 2884  WinRM - ok
17:39:40.0957 2884  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:39:41.0019 2884  WinUsb - ok
17:39:41.0050 2884  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:39:41.0113 2884  Wlansvc - ok
17:39:41.0191 2884  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:39:41.0222 2884  wlcrasvc - ok
17:39:41.0315 2884  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:39:41.0425 2884  wlidsvc - ok
17:39:41.0456 2884  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:39:41.0487 2884  WmiAcpi - ok
17:39:41.0518 2884  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:39:41.0565 2884  wmiApSrv - ok
17:39:41.0596 2884  WMPNetworkSvc - ok
17:39:41.0627 2884  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:39:41.0659 2884  WPCSvc - ok
17:39:41.0674 2884  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:39:41.0705 2884  WPDBusEnum - ok
17:39:41.0721 2884  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:39:41.0752 2884  ws2ifsl - ok
17:39:41.0768 2884  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:39:41.0799 2884  wscsvc - ok
17:39:41.0799 2884  WSearch - ok
17:39:41.0893 2884  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:39:41.0986 2884  wuauserv - ok
17:39:42.0017 2884  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:39:42.0049 2884  WudfPf - ok
17:39:42.0111 2884  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:39:42.0173 2884  WUDFRd - ok
17:39:42.0205 2884  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:39:42.0236 2884  wudfsvc - ok
17:39:42.0283 2884  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:39:42.0329 2884  WwanSvc - ok
17:39:42.0345 2884  ================ Scan global ===============================
17:39:42.0392 2884  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:39:42.0501 2884  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:39:42.0641 2884  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:39:42.0688 2884  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:39:42.0735 2884  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:39:42.0751 2884  [Global] - ok
17:39:42.0751 2884  ================ Scan MBR ==================================
17:39:42.0782 2884  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:39:43.0609 2884  \Device\Harddisk0\DR0 - ok
17:39:43.0609 2884  ================ Scan VBR ==================================
17:39:43.0640 2884  [ D1D093F71E723EF242E6E60C7F8263DA ] \Device\Harddisk0\DR0\Partition1
17:39:43.0655 2884  \Device\Harddisk0\DR0\Partition1 - ok
17:39:43.0671 2884  [ DE36F66079F3E27BB1CD4E5D30B901A1 ] \Device\Harddisk0\DR0\Partition2
17:39:43.0671 2884  \Device\Harddisk0\DR0\Partition2 - ok
17:39:43.0671 2884  ============================================================
17:39:43.0671 2884  Scan finished
17:39:43.0671 2884  ============================================================
17:39:43.0687 4952  Detected object count: 0
17:39:43.0687 4952  Actual detected object count: 0
         
Jetzt vollständig?

Alt 08.03.2013, 19:05   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.03.2013, 17:57   #13
Chesser
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



Habe die Anweisungen befolgt:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-07.03 - *** 09.03.2013  17:09:42.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3948.2775 [GMT 1:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-09 bis 2013-03-09  ))))))))))))))))))))))))))))))
.
.
2013-03-09 16:20 . 2013-03-09 16:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-09 16:20 . 2013-03-09 16:20	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-08 12:51 . 2013-03-09 16:02	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-07 13:09 . 2013-03-07 13:10	--------	d-----w-	c:\program files (x86)\7-Zip
2013-03-07 10:24 . 2013-03-09 11:32	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-03-07 10:20 . 2013-03-07 10:20	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2013-03-07 10:20 . 2013-03-07 10:18	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-07 10:20 . 2013-03-07 10:18	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-07 10:20 . 2013-03-07 10:18	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-07 10:20 . 2013-03-07 10:20	--------	d-----w-	c:\program files (x86)\Avira
2013-02-25 00:14 . 2013-02-25 00:14	--------	d-----w-	c:\windows\SysWow64\Wat
2013-02-25 00:14 . 2013-02-25 00:14	--------	d-----w-	c:\windows\system32\Wat
2013-02-24 20:02 . 2013-02-24 20:02	--------	d-----w-	C:\Team17
2013-02-21 04:01 . 2013-02-21 04:01	8525904	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-02-21 03:51 . 2013-02-21 03:51	--------	d--h--w-	c:\windows\msdownld.tmp
2013-02-20 22:32 . 2013-02-27 02:31	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-02-20 22:31 . 2013-03-09 16:06	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-02-14 02:04 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:04 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:01 . 2013-01-09 01:48	17812992	----a-w-	c:\windows\system32\mshtml.dll
2013-02-14 02:01 . 2013-01-09 01:22	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-13 12:20 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 12:20 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 12:20 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 12:20 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 12:20 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 12:20 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 12:20 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 12:20 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 12:20 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 12:20 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 12:20 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:20 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-09 14:21 . 2013-02-09 15:35	--------	d-----w-	c:\users\***\Schach
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 00:42 . 2012-09-22 20:16	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 00:42 . 2011-10-11 12:20	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 02:13 . 2012-09-23 21:18	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-19 12:31 . 2013-01-19 12:31	0	----a-w-	c:\windows\SysWow64\sho275E.tmp
2013-01-04 04:43 . 2013-02-13 12:20	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 12:03	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:03	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:03	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:03	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-07 385248]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-16 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-07 27800]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-07 86752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-04-22 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 00:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-08-02 1831016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\onrcnnw5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-01-20 07:16; tXsGT9QxoKlmxUz0Kj@mDvNgXhNdd92G6vn.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\onrcnnw5.default\extensions\tXsGT9QxoKlmxUz0Kj@mDvNgXhNdd92G6vn.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-09  17:30:16
ComboFix-quarantined-files.txt  2013-03-09 16:30
.
Vor Suchlauf: 9 Verzeichnis(se), 197.103.235.072 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 197.448.167.424 Bytes frei
.
- - End Of File - - F0B4014E8489D4A6B6DA87688D69D195
         
--- --- ---

Alt 10.03.2013, 16:17   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2013, 12:46   #15
Chesser
 
Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Standard

Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet



JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by *** on 11.03.2013 at 12:36:12,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1862772216-1229458085-2800425912-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}



~~~ Files

Successfully deleted: [File] "C:\chatzum_nt.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Program Files (x86)\chatzum toolbar"



~~~ FireFox

Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\onrcnnw5.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\onrcnnw5.default\searchplugins\search-safer.xml
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\onrcnnw5.default\prefs.js

user_pref("TAAS.uri", "nrrv<))aoaotoas(eik)l(vnv9s;");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
user_pref("extensions.asktb.OOBEVersion", "2");
user_pref("extensions.asktb.apn_dbr", "ff_15.0.1");
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "^ABT");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2012.09.24+09.29.51-toolbar010iad-DE-QnJlbWVuLEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}");
user_pref("extensions.asktb.domain", "avira-int.ask.com");
user_pref("extensions.asktb.domainName", "avira-int.ask.com");
user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://utils.chatzum.com/?url=");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "4e8463bb-527e-4ec3-998b-03d8737692f0");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1361399097236");
user_pref("extensions.asktb.last-search-timestamp", "1356957023257");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.localePref", true);
user_pref("extensions.asktb.location", "Bremen,Germany");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.notification-shown", true);
user_pref("extensions.asktb.o", "APN10395");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "19");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "6B9FDF3D-CF33-4DB0-8BFA-7A4CDB96824C");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "24.09.2012 18:32:13");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.18.100015");
user_pref("extensions.asktb.version", "5.15.18.37268");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1360423120807");
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\onrcnnw5.default\minidumps [152 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.03.2013 at 12:43:50,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 11/03/2013 um 12:48:48 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC2
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\Desktop\Search The Web.url

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\onrcnnw5.default\prefs.js

Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("id_chatzum.firstlaunch", "0");
Gelöscht : user_pref("id_chatzum.guid", "%7B1AE7D2D0-AEDC-B6A9-2DEA-35D8F6AC2488%7D");
Gelöscht : user_pref("id_chatzum.hiddenvisual", 0);
Gelöscht : user_pref("id_chatzum.openSearchEngineName", "Search%20Safer");
Gelöscht : user_pref("id_chatzum.popupblockedcnt", "6");
Gelöscht : user_pref("id_chatzum.searchengine", "Google");
Gelöscht : user_pref("id_chatzum_installed_version", "1.0.17");
Gelöscht : user_pref("id_chatzum_tabpage", "hxxp%3A//searchsafer.com/");

*************************

AdwCleaner[S1].txt - [2318 octets] - [11/03/2013 12:48:48]

########## EOF - C:\AdwCleaner[S1].txt - [2378 octets] ##########
         
--- --- ---

--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 11.03.2013 12:59:22 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 59,66% Memory free
7,71 Gb Paging File | 6,00 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,99 Gb Total Space | 182,70 Gb Free Space | 65,72% Space Free | Partition Type: NTFS
Drive D: | 573,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1001\..\SearchScopes\{659D3C2D-34AC-4C5B-A28A-5F2EAFA7C704}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4e8463bb-527e-4ec3-998b-03d8737692f0&apn_sauid=6B9FDF3D-CF33-4DB0-8BFA-7A4CDB96824C
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1001\..\SearchScopes\{7C0F5C78-DA73-4501-A2AA-501F79A8144C}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1001\..\SearchScopes\{7F60373E-F857-46D7-ADE0-A1F52D3A9F9F}: "URL" = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1862772216-1229458085-2800425912-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: tXsGT9QxoKlmxUz0Kj%40mDvNgXhNdd92G6vn.com:11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:55:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.22 17:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.03.07 11:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\onrcnnw5.default\extensions
[2013.01.20 07:16:09 | 000,003,702 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\onrcnnw5.default\extensions\tXsGT9QxoKlmxUz0Kj@mDvNgXhNdd92G6vn.com.xpi
[2013.03.08 13:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 13:55:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.09 17:21:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1862772216-1229458085-2800425912-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKU\S-1-5-21-1862772216-1229458085-2800425912-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1862772216-1229458085-2800425912-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1862772216-1229458085-2800425912-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1862772216-1229458085-2800425912-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1862772216-1229458085-2800425912-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1862772216-1229458085-2800425912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A1C5A3C-E2C9-41E1-9976-62EA541AF85B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C01B7E-0761-43DC-8BF5-8B1F26E1BCD7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.01.10 16:48:42 | 000,172,032 | R--- | M] (Team17 Software Ltd) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000.11.09 19:05:38 | 000,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.11 12:36:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.11 12:35:29 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.10 12:28:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.09 17:07:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.09 17:07:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.09 17:07:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.09 17:05:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.09 17:05:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.08 15:47:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.03.08 13:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 14:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.07 14:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.03.07 11:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.07 11:20:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2013.03.07 11:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.07 11:20:18 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.07 11:20:18 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.07 11:20:18 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.07 11:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.05 11:24:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{54DE9F51-99BD-4A13-BB29-FB0E7868335A}
[2013.03.05 11:24:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{358FAC5D-EF00-4554-B4E7-03A6019921CC}
[2013.02.25 01:14:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013.02.25 01:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013.02.24 21:02:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.24 21:02:06 | 000,000,000 | ---D | C] -- C:\Team17
[2013.02.24 21:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17
[2013.02.20 23:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.20 23:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.02.14 03:02:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 03:02:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 03:02:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 03:02:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 03:02:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 03:02:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 03:02:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 03:02:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 03:02:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 03:02:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 03:02:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 03:02:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 03:02:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 03:02:11 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 03:02:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 13:20:26 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 13:20:26 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 13:20:25 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 13:20:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 13:20:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 13:20:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 13:20:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 13:20:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 13:20:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 13:20:19 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.09 15:21:43 | 000,000,000 | ---D | C] -- C:\Users\***\Schach
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.11 12:58:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 12:58:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 12:50:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.11 12:50:51 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.11 12:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.09 17:21:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.08 15:47:55 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.03.08 15:40:48 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.03.08 14:04:16 | 000,030,349 | ---- | M] () -- C:\Users\***\Desktop\bug2.png
[2013.03.07 13:29:17 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.03.07 11:27:33 | 000,033,574 | ---- | M] () -- C:\Users\***\Desktop\bug.png
[2013.03.07 11:24:00 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.07 11:20:23 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.07 11:18:42 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.07 11:18:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.07 11:18:41 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.05 21:09:05 | 000,000,083 | ---- | M] () -- C:\Windows\wwp.INI
[2013.03.05 14:32:00 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.05 14:32:00 | 000,654,622 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.05 14:32:00 | 000,616,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.05 14:32:00 | 000,130,204 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.05 14:32:00 | 000,106,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.27 01:42:20 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 01:42:20 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.24 21:02:05 | 000,000,583 | ---- | M] () -- C:\Users\Public\Desktop\Worms World Party.lnk
[2013.02.14 03:39:34 | 000,318,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.09 16:35:18 | 000,000,017 | ---- | M] () -- C:\Windows\.ini
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.09 17:07:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.09 17:07:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.09 17:07:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.09 17:07:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.09 17:07:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.08 15:40:48 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.03.08 14:04:16 | 000,030,349 | ---- | C] () -- C:\Users\***\Desktop\bug2.png
[2013.03.07 13:29:17 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.03.07 11:27:33 | 000,033,574 | ---- | C] () -- C:\Users\***\Desktop\bug.png
[2013.03.07 11:24:00 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.07 11:24:00 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.07 11:20:23 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.25 11:40:22 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2013.02.24 21:02:05 | 000,000,583 | ---- | C] () -- C:\Users\Public\Desktop\Worms World Party.lnk
[2013.02.09 16:35:18 | 000,000,017 | ---- | C] () -- C:\Windows\.ini
[2012.09.27 23:54:11 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.09.27 23:53:48 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.09.27 23:53:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2012.09.27 23:53:48 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.09.27 23:53:47 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2040.INI
[2012.09.27 23:52:51 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2040.dat
[2012.09.27 23:52:37 | 000,000,273 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.09.21 14:54:44 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.11 13:34:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.11 13:33:58 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.11 13:33:57 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.11 13:33:56 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.11 13:33:55 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.03.2013 12:59:22 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 59,66% Memory free
7,71 Gb Paging File | 6,00 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,99 Gb Total Space | 182,70 Gb Free Space | 65,72% Space Free | Partition Type: NTFS
Drive D: | 573,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1862772216-1229458085-2800425912-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1449EB-B174-49D0-974D-1F476AEEABC3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1CEC281A-99F1-4108-A16E-55B4E35B7492}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1CFE6347-77E6-4846-8BF4-025F9604FD10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2710B7A8-B7CE-4B00-9ED7-A4A241108536}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2C704A4C-17E1-4736-8D10-DB6394D5E994}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3186F186-C93E-407C-BCE7-C1FE7265DAB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31CD64DF-E936-4A8B-A119-0562A8284220}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3694CE85-F913-47D4-AF2C-8A05CC698B06}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3C520ABC-B5BE-44DE-97CE-DAF5C549B2F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D750B9D-A76C-438D-8BE6-7A0D59AC5133}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4E500E85-7F7F-4AE8-897F-D8638E96073E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{505E1FB8-1B95-4356-B890-F37E7CA66F93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{50FE77ED-084B-4500-A30C-354C61BDC474}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7E233308-8624-44E5-9F54-F46EA3CE0BF2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{97DDF501-4566-46F3-BDC2-246E80DF4672}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99F2E0A4-8F87-4EB0-BBB8-9A3DE2DF8A25}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3987629-6D87-4A1B-8534-5F8785E5D389}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B18DF574-62FE-4C46-A9A6-A2EEB0613126}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CA986AF7-030C-42BA-A679-DD788292D860}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D01B287F-34C9-45EF-A7DF-35F2F931F84C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E17D1284-FF42-4358-A21D-68FE6384CDE3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E9FDC98A-BD87-459B-83F1-57DD72F124B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB983D6C-F71A-4584-87CA-411BC6B74C93}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FBA6E47F-4CF8-4633-8B74-7B9DE9728B3E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FDA1DACF-929B-4E6C-8ACD-62CCDEA937E3}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B36788-FE15-47F0-A915-7350B5E17B9A}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii public test.exe | 
"{0761572A-D337-432B-8B29-241221161A2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{099A3C09-36C0-48C5-8A2C-B3824F892499}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{0B111F25-FAA4-4E01-9637-36139D1C5C12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B6AFF9F-F4B5-41BB-A21C-D257008C33D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FBFC3C8-E8C7-4AC8-B399-A0ECE08D82D1}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{13A613C4-D43E-453E-97D4-A76CE3B8A112}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{1D0BEA34-B50D-48BD-AF95-092187631C56}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{1D1E1AFA-6657-4388-B48A-6877CB862ADC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{242C51E7-10CF-4919-A08F-93D331D52978}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{26AECBA2-573D-419B-83DC-B89B215BE2F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2727D434-8546-4925-A3E7-EC047F6EC991}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{2E670897-8C5F-4154-97AE-BC9E652BB442}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{3F379F75-D24D-4BB7-8CA9-3FCD5505D6F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4417FFA3-C802-4EA9-9B8F-3CC3399356FD}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{4DC837B4-2E47-4D99-9CC0-895F7B363FF5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{53B2A7AC-0D90-4839-8DF0-BC1365F5C3A8}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{5A36AA7F-E364-4D6B-A455-7A85779F3131}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{5E645617-74B9-40BA-A55F-6F22609A55A3}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{5F0E3C57-55E3-4D97-BDD2-E6C55168ACC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{666378D0-6883-4F24-83EB-50E7AA3BC056}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{68E0DFAF-E16C-4E70-BC93-AD126854696C}" = protocol=6 | dir=out | app=system | 
"{6B88C306-1D77-424C-851D-5BBF8B10B2D4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6EA7EC57-1E2C-449B-A16B-648C57428E16}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{7924ABAD-C133-409D-A45B-EDF5C15B2960}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{80B58A96-59D6-4A88-8531-15757411F2BA}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii public test.exe | 
"{8210DAB9-1A65-4C97-A2C8-06757080937F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D67416C-4C47-40A4-8D6F-69ED22EFA19D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{8DC05D77-6510-4A82-B2F5-1FB82C2433AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{8F689D15-ACA4-489E-A280-84B6DA710D56}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{943A6FD6-0A12-4554-AFD6-DA338E248E02}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{95DA8A22-807F-422E-BDD6-6BDB2A43ABD9}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe | 
"{A0BE9C6B-1600-4CD1-8651-3AD290F89BAD}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A0D9C656-673F-4B54-A9E6-68848939C0A2}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{A424C86A-E761-48EC-B3E4-EA43B27EDDED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A563A68C-5341-42EC-A890-22F91D148D46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A578DBEF-2205-4D4A-B188-C80E280DFB03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A83F4130-0AAA-45D0-AF89-7CA6E5A80BBD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A92F400F-0F13-43B1-9142-017D4D97356A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{AE7E0050-1AC0-4848-8EF2-62965C22D7A9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{AF777BF4-4DE1-4741-91FC-2ADB9523676D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{BBAFD2B0-3572-46A4-9BE3-A59767326CF0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{C2849A90-DCC8-4C3F-B32B-3E5EE4FC40E2}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{C607865A-2A9D-4969-B159-564F85E08FFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8C7B621-AFDA-46AA-A3AF-09F9EB5BB42B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C913EE1E-3D5B-40A8-8EBA-8ABFE9B0276F}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{CAB28F5C-5983-4C49-AC40-48C1994D7EB3}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{CDF782F3-0D3F-4204-8C11-EF83B4BDB10B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{CE2DD803-58A8-4283-93EB-880243EC2343}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D0B3438F-B449-4B8E-8EC8-0A0783798399}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{DC73187D-7213-4731-AB9F-D7197F9D61C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DF10F85C-1BA1-4EE4-9831-65E67F6AC8BD}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii public test.exe | 
"{E84975AA-E68E-4962-AB66-CD337777719D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E8C002BC-B572-464F-B74C-F2D861FC2888}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{F346FD9B-6EB6-4F14-A460-9802EE268EF9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{F4E3D3E7-AB0A-40F7-AD46-87509CCCC4D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F75749D4-6039-4478-8F33-2A1FA85580EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FA82C199-7705-4455-AA4A-FCC64A2196D8}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii public test.exe | 
"TCP Query User{1434A233-783A-4A3E-A99F-FDA430E7B228}C:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{57952878-4FB1-4ED3-8334-3652B93C2C51}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{916F8011-E969-436D-B26E-1CB7D5D2F3A0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{9868C0E4-DBEE-4D44-8E07-ABBB11944EDB}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{A74F9282-E9C0-4A86-89AA-047ACAC6141E}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{AE94F641-683D-4536-A028-39F1A3B4E3BE}C:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{AECE95F2-49AC-40EB-A077-E4B9B3BD3309}C:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{C4B0DB3A-6907-45B6-96AC-34D29F945FCF}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{EE525A1B-C91A-420C-A872-B712B52F3F07}C:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{321E92DF-BCD4-4DA6-A937-771C5D329EC4}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{654C4EE2-F3D2-46DF-824C-C89C2ABCEC2F}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{85639D44-26AA-41B5-8D49-8C0C1F6DD985}C:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{929395F0-7035-4A44-9932-BF7E9B7A7CC8}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{978A0454-C76C-4B1F-824C-F57ECD328BD0}C:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{A37F7538-AA76-4897-8A6B-269E694E3085}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{B114C87C-1864-4ED2-8FC1-E4482AC141E6}C:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{C758C599-3E85-41E6-B793-1D259C42B640}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{F48AA220-B268-4965-BF6E-35AED29248DC}C:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base23260\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26C8EF65-314F-4353-8329-69093AD325C6}" = ChessBase 12 64-bit
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C343C2D-3053-4BE5-9C52-82611A58CE59}" = Brother HL-2040
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FE8FF1DC-90A3-A976-4ED7-43C280CEC0E0}" = Fooz Kids
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"FL Studio 10" = FL Studio 10
"FoozKids" = Fooz Kids
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PlayChess" = PlayChess 
"PremElem90" = Adobe Premiere Elements 9
"StarCraft II" = StarCraft II
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0371e2ac-d5e4-41fe-b9a0-8e65aca6b030" = Bejeweled 2 Deluxe
"WTA-06284467-b2e1-4ebf-b475-8a87587d341a" = Jewel Quest Solitaire
"WTA-0a69445e-6e55-4e17-824c-fa997d85760d" = John Deere Drive Green
"WTA-214eceb3-7459-474e-8694-d30e75be501b" = Agatha Christie - Death on the Nile
"WTA-23dc4f6b-0358-4754-9555-7d8bdb553a87" = Slingo Deluxe
"WTA-4837f0b9-ac65-4044-86c2-c7968aae8e1c" = Torchlight
"WTA-4ece847f-1436-4a93-a9e0-516ee58b1134" = Polar Bowler
"WTA-629cee93-dfcf-4a8a-b7ef-c0ae64ba7681" = Penguins!
"WTA-66e11033-443f-4753-bfad-08f2c6e2e482" = Crazy Chicken Kart 2
"WTA-79f3d04c-a549-4bdd-a321-6f74a3a971e5" = Chuzzle Deluxe
"WTA-7c680703-df2a-4bd5-962e-692629144c14" = Insaniquarium Deluxe
"WTA-8bc2d5cd-5eb5-4487-829d-b01cc430a9f5" = Virtual Villagers 4 - The Tree of Life
"WTA-9153db62-ee28-4331-8ffb-5cb6fd9c5f15" = Plants vs. Zombies - Game of the Year
"WTA-a383031b-9090-456c-ba40-9540d7bf23f1" = Jewel Match 3
"WTA-b2c2ea39-968e-4f6b-83a8-d61a7a6a42b7" = Final Drive: Nitro
"WTA-b312ce3d-9716-4e83-89aa-b57a25abe7c7" = FATE
"WTA-c7a49a3e-07d2-454a-81be-c0613db80703" = Zuma Deluxe
"WTA-da675c45-a600-4081-b4c1-7dea06ac01fb" = Mystery of Mortlake Mansion
"WTA-e4e74f86-3857-449c-a886-54803c309a47" = Wedding Dash
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2013 07:51:12 | Computer Name = ***-PC2 | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von Chesser (11.03.2013 um 12:56 Uhr)

Antwort

Themen zu Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet
adobe reader xi, anmeldeprobleme, battle.net, befall, betrifft, bingbar, einfach, einiger, folge, folgen, glaube, gruppe, install.exe, komisches, launch, links, malwarebytes, meldung, microsoft office starter 2010, msiexec.exe, neue, neuen, nvidia update, nvpciflt.sys, packard bell, popup, richtlinie, safer networking, seite, unregelmäßige, verhalten, virenbefall, website, wechsel, wechseln, wildtangent games, ändert, öffnen



Ähnliche Themen: Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet


  1. Windos 7 + Browser Virenbefall
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (18)
  2. Virenbefall verursacht freeze in Internet Browser oder Windows-Benutzer-Login
    Log-Analyse und Auswertung - 02.12.2013 (5)
  3. Probleme mit Browser
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (3)
  4. C:\ProgramDAta\lsass.exe - Ein Virus? Auch ansonsten Virenbefall vermutet
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (15)
  5. Firefox bereitet Probleme, Malware vermutet
    Log-Analyse und Auswertung - 09.07.2012 (9)
  6. Probleme mit Browser
    Alles rund um Windows - 20.04.2010 (27)
  7. Rechner friert ein und Browser stürzt ab. Verdacht auf Virenbefall.
    Plagegeister aller Art und deren Bekämpfung - 28.01.2010 (2)
  8. Virenbefall? Probleme mit Spyware gehabt, Vista total langsam
    Mülltonne - 06.01.2009 (0)
  9. noch probleme nach Virenbefall
    Log-Analyse und Auswertung - 06.03.2008 (17)
  10. Nach Virenbefall probleme mit IE6!
    Log-Analyse und Auswertung - 05.06.2007 (6)
  11. Probleme mit dem Browser
    Log-Analyse und Auswertung - 03.02.2007 (3)
  12. Browser Hijacker vermutet! Dauernd andere Browserinhalte
    Log-Analyse und Auswertung - 03.01.2007 (1)
  13. Browser probleme
    Log-Analyse und Auswertung - 13.10.2006 (7)
  14. Anmeldeprobleme
    Alles rund um Windows - 24.08.2006 (6)
  15. Anmeldeprobleme Mit Msn Messenger
    Alles rund um Windows - 11.08.2006 (5)
  16. Probleme mit Browser 2. Ich hab's
    Log-Analyse und Auswertung - 01.05.2006 (1)
  17. Probleme nach Trajaner u. Virenbefall
    Log-Analyse und Auswertung - 20.02.2006 (1)

Zum Thema Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet - Ich habe seit einiger Zeit ein komisches Verhalten meines Mozilla-Firefox-Browser ständig wird beim öffnen einer neuen Website am unteren Browserrand ein Popup eingeschoben, dem ich nicht ganz traue und das - Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet...
Archiv
Du betrachtest: Browser-Probleme, Anmeldeprobleme: Virenbefall vermutet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.