Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Desktop Icons und Dateien werden nach Infizierung nicht mehr angezeigt :( (https://www.trojaner-board.de/111818-desktop-icons-dateien-infizierung-mehr-angezeigt.html)

lea20 19.03.2012 20:28
unhide hat mir mitgeteilt, dass ich mein antivirus programm kurz deaktivieren soll und den vorgang wiederholen soll, falls noch items unter dem start menü fehlen...soll ich das jetzt gleich oder lieber ganz zum schluss, nach all den anderen sachen machen?
hier schonmal das logfile, die anderen kommen gleich:
Code:
Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  hxxp://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 03/19/2012 08:20:48 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 196897 files processed.

Processing the Q:\ drive
Finished processing the Q:\ drive. 0 files processed.

Restoring the Start Menu.
 * 233 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
  * NoActiveDesktopChanges policy was found and deleted!
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  * Start_TrackDocs was set to 0! It was set back to 1!
  * Start_TrackProgs was set to 0! It was set back to 1!

Program finished at: 03/19/2012 08:25:18 PM
Execution time: 0 hours(s), 4 minute(s), and 29 seconds(s)

Psychotic 19.03.2012 20:30
In meiner Einleitung stand, dass du stoppen sollst, wenn etwas unklar ist! :stirn:

In dem Fall nicht schlimm - fehlen dir noch Einträge im Startmenü?

lea20 19.03.2012 20:35
ja die nachricht ist erst am schluss aufgepoppt, da konnte ich eh nichts mehr stoppen, keine sorge ich bin schon brav^^
ja mir fehlen noch einträge im startmenü, u.a. auch systemsteuerung usw.
die desktop icons sind aber schon wieder wie vorher =D dankeschön schonmal für die große hilfe :)

lea20 19.03.2012 20:37
aswMBR:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 20:30:55
-----------------------------
20:30:55.203    OS Version: Windows x64 6.1.7601 Service Pack 1
20:30:55.204    Number of processors: 4 586 0x2A07
20:30:55.204    ComputerName: LEA-PC  UserName: Lea
20:30:58.472    Initialize success
20:35:02.336    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:35:02.342    Disk 0 Vendor: TOSHIBA_ GL00 Size: 953869MB BusType: 3
20:35:02.361    Disk 0 MBR read successfully
20:35:02.364    Disk 0 MBR scan
20:35:02.366    Disk 0 Windows 7 default MBR code
20:35:02.381    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        20480 MB offset 2048
20:35:02.397    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 41945088
20:35:02.411    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      933278 MB offset 42149888
20:35:02.429    Disk 0 scanning C:\Windows\system32\drivers
20:35:08.642    Service scanning
20:35:47.193    Modules scanning
20:35:47.195    Disk 0 trace - called modules:
20:35:47.198   
20:35:47.198    Scan finished successfully
20:36:38.407    Disk 0 MBR has been saved successfully to "C:\Users\Lea\Desktop\MBR.dat"
20:36:38.411    The log file has been saved successfully to "C:\Users\Lea\Desktop\aswMBR.txt"

Psychotic 19.03.2012 20:38
Dann deaktiviere bitte Antivir, führe unhide erneut aus und reaktiviere Antivir direkt wieder.

Mach dann mit den anderen Schritten weiter und poste die logfiles, wenn du alle beisammen hast! ;)

lea20 19.03.2012 20:41
yes, sir! :D

lea20 19.03.2012 20:45
tdsskiller hat nichts gefunden....brauchst du dann trotzdem das logfile?

Psychotic 19.03.2012 20:54
Sonst hätte ich sie nicht angefordert! -.-

lea20 19.03.2012 20:58
Code:
20:39:30.0038 5584        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
20:39:32.0039 5584        ============================================================
20:39:32.0039 5584        Current date / time: 2012/03/19 20:39:32.0039
20:39:32.0039 5584        SystemInfo:
20:39:32.0039 5584       
20:39:32.0039 5584        OS Version: 6.1.7601 ServicePack: 1.0
20:39:32.0039 5584        Product type: Workstation
20:39:32.0039 5584        ComputerName: LEA-PC
20:39:32.0039 5584        UserName: Lea
20:39:32.0039 5584        Windows directory: C:\Windows
20:39:32.0039 5584        System windows directory: C:\Windows
20:39:32.0039 5584        Running under WOW64
20:39:32.0040 5584        Processor architecture: Intel x64
20:39:32.0040 5584        Number of processors: 4
20:39:32.0040 5584        Page size: 0x1000
20:39:32.0040 5584        Boot type: Normal boot
20:39:32.0040 5584        ============================================================
20:39:32.0426 5584        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:39:32.0429 5584        Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:39:32.0431 5584        \Device\Harddisk0\DR0:
20:39:32.0431 5584        MBR used
20:39:32.0431 5584        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
20:39:32.0431 5584        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x71ECF5B0
20:39:32.0431 5584        \Device\Harddisk1\DR1:
20:39:32.0432 5584        MBR used
20:39:32.0432 5584        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x890, BlocksNum 0xEEF770
20:39:32.0450 5584        Initialize success
20:39:32.0450 5584        ============================================================
20:39:35.0194 6040        ============================================================
20:39:35.0194 6040        Scan started
20:39:35.0194 6040        Mode: Manual;
20:39:35.0194 6040        ============================================================
20:39:35.0689 6040        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:39:35.0692 6040        1394ohci - ok
20:39:35.0812 6040        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:39:35.0819 6040        ACPI - ok
20:39:35.0914 6040        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:39:35.0915 6040        AcpiPmi - ok
20:39:36.0162 6040        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:39:36.0171 6040        adp94xx - ok
20:39:36.0291 6040        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:39:36.0296 6040        adpahci - ok
20:39:36.0415 6040        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:39:36.0417 6040        adpu320 - ok
20:39:36.0553 6040        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:39:36.0565 6040        AFD - ok
20:39:36.0670 6040        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:39:36.0672 6040        agp440 - ok
20:39:36.0781 6040        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:39:36.0782 6040        aliide - ok
20:39:36.0881 6040        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:39:36.0882 6040        amdide - ok
20:39:36.0982 6040        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:39:36.0983 6040        AmdK8 - ok
20:39:37.0084 6040        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:39:37.0086 6040        AmdPPM - ok
20:39:37.0231 6040        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:39:37.0233 6040        amdsata - ok
20:39:37.0338 6040        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:39:37.0342 6040        amdsbs - ok
20:39:37.0452 6040        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:39:37.0454 6040        amdxata - ok
20:39:37.0637 6040        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:39:37.0641 6040        AppID - ok
20:39:37.0783 6040        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:39:37.0785 6040        arc - ok
20:39:37.0885 6040        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:39:37.0888 6040        arcsas - ok
20:39:37.0985 6040        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:39:37.0989 6040        AsyncMac - ok
20:39:38.0099 6040        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:39:38.0100 6040        atapi - ok
20:39:38.0277 6040        athr            (c8679a07267f030704168e45e27c3d43) C:\Windows\system32\DRIVERS\athrx.sys
20:39:38.0309 6040        athr - ok
20:39:38.0435 6040        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:39:38.0437 6040        avgntflt - ok
20:39:38.0549 6040        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
20:39:38.0552 6040        avipbb - ok
20:39:38.0671 6040        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:39:38.0672 6040        avkmgr - ok
20:39:38.0802 6040        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:39:38.0812 6040        b06bdrv - ok
20:39:38.0920 6040        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:39:38.0926 6040        b57nd60a - ok
20:39:39.0043 6040        b57xdbd        (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\DRIVERS\b57xdbd.sys
20:39:39.0045 6040        b57xdbd - ok
20:39:39.0177 6040        b57xdmp        (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\DRIVERS\b57xdmp.sys
20:39:39.0177 6040        b57xdmp - ok
20:39:39.0310 6040        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:39:39.0311 6040        Beep - ok
20:39:39.0439 6040        BHDrvx64        (440eee1cf57ed22e8838df6e60c8c45d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys
20:39:39.0445 6040        BHDrvx64 - ok
20:39:39.0536 6040        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:39:39.0536 6040        blbdrive - ok
20:39:39.0629 6040        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:39:39.0632 6040        bowser - ok
20:39:39.0741 6040        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:39:39.0743 6040        BrFiltLo - ok
20:39:39.0830 6040        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:39:39.0832 6040        BrFiltUp - ok
20:39:39.0942 6040        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:39:39.0949 6040        Brserid - ok
20:39:40.0051 6040        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:39:40.0053 6040        BrSerWdm - ok
20:39:40.0151 6040        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:39:40.0152 6040        BrUsbMdm - ok
20:39:40.0285 6040        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:39:40.0286 6040        BrUsbSer - ok
20:39:40.0406 6040        bScsiMSa        (520408cfdb56de8cdb44b2f11b9c5b5c) C:\Windows\system32\DRIVERS\bScsiMSa.sys
20:39:40.0407 6040        bScsiMSa - ok
20:39:40.0519 6040        bScsiSDa        (9f880f03f4a72215c8b77fd51322c297) C:\Windows\system32\DRIVERS\bScsiSDa.sys
20:39:40.0520 6040        bScsiSDa - ok
20:39:40.0676 6040        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:39:40.0678 6040        BTHMODEM - ok
20:39:40.0784 6040        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:39:40.0787 6040        cdfs - ok
20:39:40.0883 6040        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:39:40.0886 6040        cdrom - ok
20:39:40.0991 6040        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:39:40.0992 6040        circlass - ok
20:39:41.0082 6040        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:39:41.0090 6040        CLFS - ok
20:39:41.0231 6040        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:39:41.0232 6040        CmBatt - ok
20:39:41.0315 6040        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:39:41.0316 6040        cmdide - ok
20:39:41.0433 6040        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:39:41.0443 6040        CNG - ok
20:39:41.0555 6040        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:39:41.0556 6040        Compbatt - ok
20:39:41.0639 6040        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:39:41.0640 6040        CompositeBus - ok
20:39:41.0738 6040        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:39:41.0739 6040        crcdisk - ok
20:39:41.0878 6040        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:39:41.0881 6040        DfsC - ok
20:39:41.0992 6040        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:39:41.0994 6040        discache - ok
20:39:42.0102 6040        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:39:42.0104 6040        Disk - ok
20:39:42.0224 6040        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:39:42.0225 6040        drmkaud - ok
20:39:42.0365 6040        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:39:42.0381 6040        DXGKrnl - ok
20:39:42.0552 6040        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:39:42.0606 6040        ebdrv - ok
20:39:42.0719 6040        eeCtrl          (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:39:42.0727 6040        eeCtrl - ok
20:39:42.0869 6040        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:39:42.0882 6040        elxstor - ok
20:39:42.0986 6040        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:39:42.0988 6040        ErrDev - ok
20:39:43.0107 6040        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:39:43.0112 6040        exfat - ok
20:39:43.0198 6040        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:39:43.0202 6040        fastfat - ok
20:39:43.0303 6040        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:39:43.0305 6040        fdc - ok
20:39:43.0433 6040        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:39:43.0435 6040        FileInfo - ok
20:39:43.0516 6040        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:39:43.0518 6040        Filetrace - ok
20:39:43.0594 6040        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:39:43.0595 6040        flpydisk - ok
20:39:43.0707 6040        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:39:43.0713 6040        FltMgr - ok
20:39:43.0804 6040        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:39:43.0806 6040        FsDepends - ok
20:39:43.0906 6040        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:39:43.0907 6040        Fs_Rec - ok
20:39:44.0011 6040        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:39:44.0014 6040        fvevol - ok
20:39:44.0122 6040        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:39:44.0124 6040        gagp30kx - ok
20:39:44.0227 6040        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:39:44.0228 6040        hcw85cir - ok
20:39:44.0350 6040        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:39:44.0359 6040        HdAudAddService - ok
20:39:44.0465 6040        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:39:44.0468 6040        HDAudBus - ok
20:39:44.0548 6040        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:39:44.0549 6040        HidBatt - ok
20:39:44.0630 6040        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:39:44.0632 6040        HidBth - ok
20:39:44.0730 6040        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:39:44.0732 6040        HidIr - ok
20:39:44.0910 6040        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:39:44.0911 6040        HidUsb - ok
20:39:45.0023 6040        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:39:45.0025 6040        HpSAMD - ok
20:39:45.0150 6040        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:39:45.0169 6040        HTTP - ok
20:39:45.0270 6040        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:39:45.0271 6040        hwpolicy - ok
20:39:45.0357 6040        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:39:45.0359 6040        i8042prt - ok
20:39:45.0478 6040        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
20:39:45.0486 6040        iaStor - ok
20:39:45.0621 6040        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:39:45.0630 6040        iaStorV - ok
20:39:45.0749 6040        IDSVia64        (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.031\IDSvia64.sys
20:39:45.0757 6040        IDSVia64 - ok
20:39:46.0132 6040        igfx            (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:39:46.0367 6040        igfx - ok
20:39:46.0510 6040        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:39:46.0512 6040        iirsp - ok
20:39:46.0701 6040        IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
20:39:46.0728 6040        IntcAzAudAddService - ok
20:39:46.0846 6040        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:39:46.0853 6040        IntcDAud - ok
20:39:46.0921 6040        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:39:46.0922 6040        intelide - ok
20:39:47.0015 6040        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:39:47.0017 6040        intelppm - ok
20:39:47.0157 6040        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:47.0159 6040        IpFilterDriver - ok
20:39:47.0258 6040        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:39:47.0260 6040        IPMIDRV - ok
20:39:47.0361 6040        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:39:47.0365 6040        IPNAT - ok
20:39:47.0461 6040        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:39:47.0463 6040        IRENUM - ok
20:39:47.0539 6040        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:39:47.0540 6040        isapnp - ok
20:39:47.0639 6040        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:39:47.0646 6040        iScsiPrt - ok
20:39:47.0764 6040        k57nd60a        (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:39:47.0771 6040        k57nd60a - ok
20:39:47.0873 6040        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:39:47.0875 6040        kbdclass - ok
20:39:47.0974 6040        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:39:47.0978 6040        kbdhid - ok
20:39:48.0065 6040        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:39:48.0068 6040        KSecDD - ok
20:39:48.0162 6040        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:39:48.0166 6040        KSecPkg - ok
20:39:48.0298 6040        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:39:48.0300 6040        ksthunk - ok
20:39:48.0458 6040        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:39:48.0460 6040        lltdio - ok
20:39:48.0606 6040        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:39:48.0608 6040        LSI_FC - ok
20:39:48.0718 6040        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:39:48.0722 6040        LSI_SAS - ok
20:39:48.0819 6040        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:39:48.0821 6040        LSI_SAS2 - ok
20:39:48.0922 6040        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:39:48.0925 6040        LSI_SCSI - ok
20:39:49.0021 6040        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:39:49.0024 6040        luafv - ok
20:39:49.0174 6040        mcdbus          (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
20:39:49.0179 6040        mcdbus - ok
20:39:49.0290 6040        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:39:49.0292 6040        megasas - ok
20:39:49.0378 6040        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:39:49.0383 6040        MegaSR - ok
20:39:49.0495 6040        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:39:49.0496 6040        MEIx64 - ok
20:39:49.0609 6040        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:39:49.0610 6040        Modem - ok
20:39:49.0706 6040        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:39:49.0707 6040        monitor - ok
20:39:49.0800 6040        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:39:49.0801 6040        mouclass - ok
20:39:49.0913 6040        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:39:49.0915 6040        mouhid - ok
20:39:50.0001 6040        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:39:50.0003 6040        mountmgr - ok
20:39:50.0095 6040        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:39:50.0099 6040        mpio - ok
20:39:50.0192 6040        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:39:50.0194 6040        mpsdrv - ok
20:39:50.0296 6040        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:39:50.0299 6040        MRxDAV - ok
20:39:50.0390 6040        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:50.0393 6040        mrxsmb - ok
20:39:50.0484 6040        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:50.0490 6040        mrxsmb10 - ok
20:39:50.0574 6040        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:50.0576 6040        mrxsmb20 - ok
20:39:50.0660 6040        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:39:50.0661 6040        msahci - ok
20:39:50.0741 6040        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:39:50.0744 6040        msdsm - ok
20:39:50.0889 6040        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:39:50.0891 6040        Msfs - ok
20:39:51.0000 6040        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:39:51.0003 6040        mshidkmdf - ok
20:39:51.0111 6040        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:39:51.0112 6040        msisadrv - ok
20:39:51.0237 6040        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:51.0238 6040        MSKSSRV - ok
20:39:51.0345 6040        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:51.0346 6040        MSPCLOCK - ok
20:39:51.0437 6040        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:39:51.0438 6040        MSPQM - ok
20:39:51.0522 6040        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:39:51.0529 6040        MsRPC - ok
20:39:51.0619 6040        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:39:51.0620 6040        mssmbios - ok
20:39:51.0734 6040        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:39:51.0735 6040        MSTEE - ok
20:39:51.0823 6040        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:39:51.0824 6040        MTConfig - ok
20:39:51.0913 6040        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:39:51.0914 6040        Mup - ok
20:39:52.0029 6040        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:52.0033 6040        NativeWifiP - ok
20:39:52.0121 6040        NAVENG          (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\ENG64.SYS
20:39:52.0124 6040        NAVENG - ok
20:39:52.0185 6040        NAVEX15        (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\EX64.SYS
20:39:52.0210 6040        NAVEX15 - ok
20:39:52.0334 6040        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
20:39:52.0345 6040        NDIS - ok
20:39:52.0443 6040        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:39:52.0445 6040        NdisCap - ok
20:39:52.0587 6040        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:52.0588 6040        NdisTapi - ok
20:39:52.0698 6040        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:52.0699 6040        Ndisuio - ok
20:39:52.0788 6040        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:52.0791 6040        NdisWan - ok
20:39:52.0886 6040        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:39:52.0888 6040        NDProxy - ok
20:39:52.0986 6040        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:39:52.0989 6040        NetBIOS - ok
20:39:53.0087 6040        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:39:53.0092 6040        NetBT - ok
20:39:53.0264 6040        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:39:53.0266 6040        nfrd960 - ok
20:39:53.0394 6040        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:39:53.0396 6040        Npfs - ok
20:39:53.0512 6040        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:39:53.0513 6040        nsiproxy - ok
20:39:53.0671 6040        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:39:53.0695 6040        Ntfs - ok
20:39:53.0805 6040        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
20:39:53.0805 6040        NTIDrvr - ok
20:39:53.0884 6040        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:39:53.0884 6040        Null - ok
20:39:53.0995 6040        nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:39:53.0996 6040        nusb3hub - ok
20:39:54.0088 6040        nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:39:54.0089 6040        nusb3xhc - ok
20:39:54.0465 6040        nvlddmkm        (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:39:54.0526 6040        nvlddmkm - ok
20:39:54.0613 6040        nvpciflt        (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
20:39:54.0614 6040        nvpciflt - ok
20:39:54.0741 6040        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:39:54.0744 6040        nvraid - ok
20:39:54.0846 6040        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:39:54.0849 6040        nvstor - ok
20:39:54.0952 6040        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:39:54.0954 6040        nv_agp - ok
20:39:55.0046 6040        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:39:55.0048 6040        ohci1394 - ok
20:39:55.0163 6040        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:39:55.0165 6040        Parport - ok
20:39:55.0259 6040        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:39:55.0261 6040        partmgr - ok
20:39:55.0360 6040        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:39:55.0364 6040        pci - ok
20:39:55.0454 6040        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:39:55.0455 6040        pciide - ok
20:39:55.0551 6040        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:39:55.0554 6040        pcmcia - ok
20:39:55.0646 6040        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:39:55.0648 6040        pcw - ok
20:39:55.0748 6040        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:39:55.0762 6040        PEAUTH - ok
20:39:55.0883 6040        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:55.0885 6040        PptpMiniport - ok
20:39:55.0974 6040        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:39:55.0975 6040        Processor - ok
20:39:56.0092 6040        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:39:56.0095 6040        Psched - ok
20:39:56.0172 6040        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:39:56.0173 6040        PxHlpa64 - ok
20:39:56.0300 6040        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:39:56.0326 6040        ql2300 - ok
20:39:56.0406 6040        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:39:56.0407 6040        ql40xx - ok
20:39:56.0486 6040        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:39:56.0488 6040        QWAVEdrv - ok
20:39:56.0575 6040        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:56.0576 6040        RasAcd - ok
20:39:56.0752 6040        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:39:56.0754 6040        RasAgileVpn - ok
20:39:56.0876 6040        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:56.0879 6040        Rasl2tp - ok
20:39:56.0975 6040        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:56.0977 6040        RasPppoe - ok
20:39:57.0093 6040        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:57.0096 6040        RasSstp - ok
20:39:57.0203 6040        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:57.0208 6040        rdbss - ok
20:39:57.0289 6040        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:39:57.0290 6040        rdpbus - ok
20:39:57.0384 6040        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:57.0385 6040        RDPCDD - ok
20:39:57.0501 6040        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:39:57.0503 6040        RDPENCDD - ok
20:39:57.0610 6040        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:39:57.0611 6040        RDPREFMP - ok
20:39:57.0717 6040        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:39:57.0718 6040        RDPWD - ok
20:39:57.0815 6040        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:39:57.0819 6040        rdyboost - ok
20:39:57.0963 6040        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:39:57.0966 6040        rspndr - ok
20:39:58.0057 6040        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:39:58.0060 6040        sbp2port - ok
20:39:58.0150 6040        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:39:58.0151 6040        scfilter - ok
20:39:58.0251 6040        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
20:39:58.0253 6040        sdbus - ok
20:39:58.0382 6040        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:39:58.0383 6040        secdrv - ok
20:39:58.0507 6040        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:39:58.0508 6040        Serenum - ok
20:39:58.0609 6040        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:39:58.0612 6040        Serial - ok
20:39:58.0709 6040        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:39:58.0711 6040        sermouse - ok
20:39:58.0809 6040        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:39:58.0810 6040        sffdisk - ok
20:39:58.0898 6040        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:39:58.0900 6040        sffp_mmc - ok
20:39:58.0988 6040        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:39:58.0989 6040        sffp_sd - ok
20:39:59.0077 6040        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:39:59.0078 6040        sfloppy - ok
20:39:59.0239 6040        Sftfs          (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:39:59.0251 6040        Sftfs - ok
20:39:59.0368 6040        Sftplay        (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:39:59.0373 6040        Sftplay - ok
20:39:59.0489 6040        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:39:59.0490 6040        Sftredir - ok
20:39:59.0588 6040        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:39:59.0590 6040        Sftvol - ok
20:39:59.0724 6040        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:39:59.0726 6040        SiSRaid2 - ok
20:39:59.0815 6040        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:39:59.0817 6040        SiSRaid4 - ok
20:39:59.0928 6040        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:39:59.0930 6040        Smb - ok
20:40:00.0043 6040        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:40:00.0045 6040        spldr - ok
20:40:00.0232 6040        SRTSP          (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS
20:40:00.0267 6040        SRTSP - ok
20:40:00.0399 6040        SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS
20:40:00.0401 6040        SRTSPX - ok
20:40:00.0494 6040        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:40:00.0498 6040        srv - ok
20:40:00.0591 6040        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:40:00.0599 6040        srv2 - ok
20:40:00.0693 6040        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:40:00.0697 6040        srvnet - ok
20:40:00.0813 6040        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:40:00.0815 6040        stexstor - ok
20:40:00.0927 6040        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:40:00.0928 6040        swenum - ok
20:40:01.0079 6040        SymDS          (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS
20:40:01.0089 6040        SymDS - ok
20:40:01.0250 6040        SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS
20:40:01.0286 6040        SymEFA - ok
20:40:01.0418 6040        SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:40:01.0421 6040        SymEvent - ok
20:40:01.0544 6040        SymIRON        (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS
20:40:01.0547 6040        SymIRON - ok
20:40:01.0683 6040        SymNetS        (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS
20:40:01.0691 6040        SymNetS - ok
20:40:01.0816 6040        SynTP          (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
20:40:01.0827 6040        SynTP - ok
20:40:01.0956 6040        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:40:01.0979 6040        Tcpip - ok
20:40:02.0125 6040        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:40:02.0153 6040        TCPIP6 - ok
20:40:02.0241 6040        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:40:02.0242 6040        tcpipreg - ok
20:40:02.0325 6040        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:40:02.0327 6040        TDPIPE - ok
20:40:02.0419 6040        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:40:02.0420 6040        TDTCP - ok
20:40:02.0525 6040        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:40:02.0528 6040        tdx - ok
20:40:02.0635 6040        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:40:02.0637 6040        TermDD - ok
20:40:02.0769 6040        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:02.0771 6040        tssecsrv - ok
20:40:02.0875 6040        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:40:02.0879 6040        TsUsbFlt - ok
20:40:02.0964 6040        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:40:02.0966 6040        TsUsbGD - ok
20:40:03.0078 6040        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:40:03.0080 6040        tunnel - ok
20:40:03.0196 6040        TurboB          (48743b69ea47c020a792d8649f753f44) C:\Windows\system32\DRIVERS\TurboB.sys
20:40:03.0197 6040        TurboB - ok
20:40:03.0314 6040        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:40:03.0315 6040        uagp35 - ok
20:40:03.0395 6040        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
20:40:03.0396 6040        UBHelper - ok
20:40:03.0490 6040        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:40:03.0495 6040        udfs - ok
20:40:03.0599 6040        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:40:03.0600 6040        uliagpkx - ok
20:40:03.0723 6040        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:40:03.0725 6040        umbus - ok
20:40:03.0822 6040        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:40:03.0823 6040        UmPass - ok
20:40:03.0986 6040        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:03.0989 6040        usbccgp - ok
20:40:04.0095 6040        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:40:04.0096 6040        usbcir - ok
20:40:04.0225 6040        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:40:04.0226 6040        usbehci - ok
20:40:04.0371 6040        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:40:04.0374 6040        usbhub - ok
20:40:04.0464 6040        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:40:04.0465 6040        usbohci - ok
20:40:04.0579 6040        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:40:04.0580 6040        usbprint - ok
20:40:04.0688 6040        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:40:04.0689 6040        usbscan - ok
20:40:04.0789 6040        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:04.0791 6040        USBSTOR - ok
20:40:04.0901 6040        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:40:04.0903 6040        usbuhci - ok
20:40:05.0008 6040        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:40:05.0011 6040        usbvideo - ok
20:40:05.0149 6040        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:40:05.0151 6040        vdrvroot - ok
20:40:05.0255 6040        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:05.0256 6040        vga - ok
20:40:05.0363 6040        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:40:05.0364 6040        VgaSave - ok
20:40:05.0516 6040        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:40:05.0520 6040        vhdmp - ok
20:40:05.0615 6040        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:40:05.0616 6040        viaide - ok
20:40:05.0712 6040        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:40:05.0717 6040        volmgr - ok
20:40:05.0817 6040        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:40:05.0824 6040        volmgrx - ok
20:40:05.0921 6040        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:40:05.0929 6040        volsnap - ok
20:40:06.0037 6040        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:40:06.0038 6040        vsmraid - ok
20:40:06.0150 6040        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:40:06.0150 6040        vwifibus - ok
20:40:06.0235 6040        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:40:06.0235 6040        vwififlt - ok
20:40:06.0347 6040        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:40:06.0348 6040        vwifimp - ok
20:40:06.0448 6040        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:40:06.0450 6040        WacomPen - ok
20:40:06.0565 6040        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:06.0567 6040        WANARP - ok
20:40:06.0586 6040        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:06.0587 6040        Wanarpv6 - ok
20:40:06.0740 6040        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:40:06.0741 6040        Wd - ok
20:40:06.0845 6040        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:40:06.0859 6040        Wdf01000 - ok
20:40:06.0991 6040        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:40:06.0992 6040        WfpLwf - ok
20:40:07.0104 6040        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:40:07.0105 6040        WIMMount - ok
20:40:07.0255 6040        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:40:07.0256 6040        WinUsb - ok
20:40:07.0371 6040        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:40:07.0372 6040        WmiAcpi - ok
20:40:07.0482 6040        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:40:07.0483 6040        ws2ifsl - ok
20:40:07.0585 6040        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:40:07.0588 6040        WudfPf - ok
20:40:07.0695 6040        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:07.0696 6040        WUDFRd - ok
20:40:07.0729 6040        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:40:07.0800 6040        \Device\Harddisk0\DR0 - ok
20:40:07.0812 6040        MBR (0x1B8)    (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
20:40:07.0819 6040        \Device\Harddisk1\DR1 - ok
20:40:07.0825 6040        Boot (0x1200)  (76b3961f7619be8b14acb33671ead341) \Device\Harddisk0\DR0\Partition0
20:40:07.0826 6040        \Device\Harddisk0\DR0\Partition0 - ok
20:40:07.0835 6040        Boot (0x1200)  (13193037e0b3e57a5352626bc16f5a95) \Device\Harddisk0\DR0\Partition1
20:40:07.0837 6040        \Device\Harddisk0\DR0\Partition1 - ok
20:40:07.0842 6040        Boot (0x1200)  (e1b3811b7e9c513d561ef88da8788be7) \Device\Harddisk1\DR1\Partition0
20:40:07.0843 6040        \Device\Harddisk1\DR1\Partition0 - ok
20:40:07.0846 6040        ============================================================
20:40:07.0846 6040        Scan finished
20:40:07.0846 6040        ============================================================
20:40:07.0855 4992        Detected object count: 0
20:40:07.0855 4992        Actual detected object count: 0
20:45:56.0111 2764        Deinitialize success

lea20 19.03.2012 21:02
Code:
OTL logfile created on: 19.03.2012 20:56:19 - Run 3
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Lea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 76,80% Memory free
15,71 Gb Paging File | 13,80 Gb Available in Paging File | 87,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911,40 Gb Total Space | 775,45 Gb Free Space | 85,08% Space Free | Partition Type: NTFS
Drive D: | 6,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 7,45 Gb Total Space | 7,41 Gb Free Space | 99,38% Space Free | Partition Type: FAT32
 
Computer Name: LEA-PC | User Name: Lea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lea\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c6b914d595e5b00ae540004a71c6c3a2\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation)
SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TurboBoost) Intel(R) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\ironx64.sys (Symantec Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.031\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.28 11:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_6_3 [2012.03.19 20:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.24 14:46:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.09 20:11:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.07 21:12:12 | 000,000,000 | ---D | M]
 
[2011.07.18 20:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea\AppData\Roaming\mozilla\Extensions
[2012.01.05 15:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea\AppData\Roaming\mozilla\Firefox\Profiles\fhvw2doa.default\extensions
[2012.02.09 20:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.18 20:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.07.18 20:55:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\LEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FHVW2DOA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.09 20:11:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.20 14:21:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.09 20:11:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.09 20:11:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.09 20:11:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.20 14:27:30 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.09 20:11:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.09 20:11:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.09 20:11:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Ferret Gaming Mouse] C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65023810-DEDD-4065-A70E-1FE60B3C479D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.10 14:42:24 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.12.14 11:00:22 | 000,008,192 | ---- | M] (Microsoft) - F:\AutoOff.exe -- [ FAT32 ]
O32 - AutoRun File - [2010.12.14 10:33:52 | 000,000,078 | ---- | M] () - F:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{278630c5-b3ab-11e0-a849-b870f4861692}\Shell - "" = AutoRun
O33 - MountPoints2\{278630c5-b3ab-11e0-a849-b870f4861692}\Shell\AutoRun\command - "" = E:\install.exe -- [2011.06.10 22:14:22 | 000,378,880 | R--- | M] (Install.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 03:37:58 | 000,000,000 | ---D | C] -- C:\FRST
[2012.03.19 20:55:26 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL(1).exe
[2012.03.19 20:55:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{71BEB546-4130-4833-998F-0B7E5954DD1D}
[2012.03.19 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DCA09650-3C3A-4D0A-9B58-A84315387240}
[2012.03.19 20:38:46 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lea\Desktop\tdsskiller(1).exe
[2012.03.19 20:29:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lea\Desktop\aswMBR.exe
[2012.03.19 20:20:29 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Lea\Desktop\unhide.exe
[2012.03.19 18:42:43 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{06C0432F-F5F3-41C1-882E-F3466DAE00A8}
[2012.03.19 18:42:32 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AF6B6B93-E97E-45DD-8DFE-9DFDB5789F09}
[2012.03.19 18:32:24 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{477F7260-A106-4DC8-AC0B-7B209AE748B8}
[2012.03.19 18:32:12 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AABD9BEB-A1B0-4166-8866-DDF7AEB53343}
[2012.03.19 18:23:27 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4E88DAEB-55ED-4EE0-B0D4-907D64C80F59}
[2012.03.19 18:23:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{832F1311-F1BA-48E1-B30F-3CCD060007B1}
[2012.03.19 18:17:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5542C9FF-F611-4C63-8A38-3B6AB1A91BCD}
[2012.03.19 18:17:29 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2080EC75-976D-48B7-8B96-55A31B7EECA8}
[2012.03.19 18:08:29 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{78040E98-4C41-4368-8E55-758E50B3C00C}
[2012.03.19 18:08:17 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7848C0F4-BB40-46D8-B293-10A872AB2C9B}
[2012.03.19 17:50:42 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C7FD4375-AE6B-46E5-81E2-6039AA01B75F}
[2012.03.19 17:50:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{10D27E3F-ECE2-4BC0-9024-507DCB6C0875}
[2012.03.19 17:30:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6B56C7D1-30C9-4469-9C71-2B8C49DAF423}
[2012.03.19 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{A58AFB06-95A6-4E7F-A1FA-96D780B1FAEC}
[2012.03.19 17:23:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1859682A-51EE-46BD-AAB1-1653780D5652}
[2012.03.19 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7CDD7ED7-526E-4EF7-8C3D-9014089F383B}
[2012.03.19 16:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{330C3EF7-76FC-45A0-9C13-11439BF3174C}
[2012.03.19 16:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{816FAAE6-039B-466A-9FA5-1CD7411DB7B6}
[2012.03.19 14:34:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{014DD10C-0D9E-4371-936C-76401B9CAA1C}
[2012.03.19 14:33:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{17FE1AB5-210B-4D76-8C4C-7A076964B097}
[2012.03.19 14:24:12 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{86460572-8B3A-497B-B4C3-7F567E982276}
[2012.03.19 14:23:35 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E248EBED-739D-4875-A137-116A90876F75}
[2012.03.19 12:23:49 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{53AD8566-1AA5-4663-8908-8C472E817064}
[2012.03.19 12:23:35 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4F57E392-959E-4750-9A03-A9FE359A5E41}
[2012.03.19 02:41:20 | 000,000,000 | ---D | C] -- C:\Neuer Ordner (2)
[2012.03.19 02:41:19 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2012.03.19 02:10:43 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4EA300B2-9406-44D4-A7EF-0070F9C7C4CB}
[2012.03.19 02:10:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8FB78F87-749C-4F93-BAA5-B644E5741492}
[2012.03.19 02:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 02:01:59 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.19 02:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.19 01:52:02 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Roaming\Avira
[2012.03.19 01:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.19 01:49:38 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.03.19 01:49:38 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.03.19 01:49:38 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.03.19 01:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.19 01:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.03.19 01:32:46 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Roaming\Malwarebytes
[2012.03.19 01:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.19 01:25:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{BE4BC338-C026-4BB2-A05F-47DB016B7B93}
[2012.03.19 01:25:19 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8C6BB0A7-DEFC-44A1-828F-11CF99CFF65E}
[2012.03.19 01:19:38 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.18 22:33:06 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E1A2BED8-48BD-4744-88E2-A011CFE42E62}
[2012.03.18 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{21D99CC1-B24C-4CCD-B1F9-803CE776D123}
[2012.03.18 13:48:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F6E115A6-AA23-4E6A-8F4D-557A67532FCC}
[2012.03.18 13:48:13 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AE4F4D14-C097-4753-9F1B-EE98A64A499B}
[2012.03.17 19:33:01 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5BD111F5-4E3D-4AFD-8B17-44C7DF452298}
[2012.03.17 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{99EFBF6B-E7E2-497A-AE30-45E480921F69}
[2012.03.17 12:23:55 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9D414FD8-3E75-4514-901B-6C631BEBBFEF}
[2012.03.17 12:23:42 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E1EAE61E-8BDD-4FBE-A720-9FD892658E15}
[2012.03.16 21:20:34 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E987027C-55B3-4CC6-9AAF-EE1C0B9CBEA5}
[2012.03.16 21:20:18 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{643F111E-FDFB-4799-A5DD-9D12861A05E6}
[2012.03.16 21:07:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7C2847D6-016A-4024-8782-6735EAD6CDCC}
[2012.03.16 21:05:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E4B89732-6817-4EE1-A90C-3D99A8E02F93}
[2012.03.16 21:04:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F32DF5FC-2E23-4102-8D6D-2C0EF2375C11}
[2012.03.16 21:04:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E76C9EF2-8006-4082-8594-A2AE4750C999}
[2012.03.16 20:48:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0A39B67B-CD08-4D14-9A12-8A724AACC5A0}
[2012.03.16 20:47:49 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9FB13EF5-3030-4686-8BA2-2004E4A93D4B}
[2012.03.16 20:30:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{23620E95-063D-45C9-8451-D5211B8F9BC1}
[2012.03.16 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{427CC69C-44A9-4A5F-9140-B7C01BF0AAE0}
[2012.03.16 18:43:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CEF26974-0EFE-4493-ADD4-65FF927019A9}
[2012.03.16 18:43:20 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{551BAB31-8968-4E72-93C8-FF3468B725B5}
[2012.03.16 17:57:17 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9236C72E-6E97-4CFA-B717-DD7186F76362}
[2012.03.16 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F19F7252-9324-4586-93E6-077A48E1B73D}
[2012.03.16 00:46:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7F308FD9-6C8C-45B6-B6EE-F4A430781BA2}
[2012.03.16 00:46:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{15CD0FB4-240E-4141-AFD3-2D0C7DC6212B}
[2012.03.15 20:07:39 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{825C0FB3-C91E-4F61-A27B-2B615CD3E620}
[2012.03.15 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0B24B31C-C9FC-467F-B883-12E96A8EF29A}
[2012.03.15 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{FD916566-FD75-4DCD-AE63-65557A3511D2}
[2012.03.15 16:23:01 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2633AAE3-6C7E-435E-AD4D-67B2DD66C840}
[2012.03.15 15:44:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AFAC969B-9E4F-466D-8A0C-5C5D6DBD1F48}
[2012.03.15 15:44:43 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4B83E4F9-73AD-48F5-8700-9C1EB609A53F}
[2012.03.15 15:12:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F61E9C19-5E35-4DB9-8CD8-46A02659FB4D}
[2012.03.15 15:12:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8BEA7919-B677-4DD9-81F4-100DD80106FF}
[2012.03.14 19:59:32 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1D04FEE3-9660-4C4D-AB43-7FA74A4C8C7E}
[2012.03.14 19:59:19 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8E886416-CFC9-4B39-9188-86BF247715BC}
[2012.03.14 15:18:54 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0C3967A5-DA5F-42E2-92B7-A36EE7D0F7E3}
[2012.03.14 15:18:43 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{32758D63-5F82-40A1-8A99-0F1BF9B34B2B}
[2012.03.14 14:48:24 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 14:48:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 14:48:23 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 14:07:09 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CF099611-8B9E-4D67-8C22-785E74051C8D}
[2012.03.14 14:02:46 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4717C2C8-1EB0-46FB-AFD8-B68784F49783}
[2012.03.13 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{265034A7-5661-49CC-9A39-6131186BA0FF}
[2012.03.13 22:30:55 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{170E0A4F-6481-44D0-8C37-A0B310B30BD8}
[2012.03.13 18:07:25 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.13 18:07:25 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.13 18:07:17 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.13 18:07:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.13 18:07:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.13 18:01:17 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{843FA585-DD5F-4BCD-A8DB-8A379F653665}
[2012.03.13 18:01:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{FAFD9960-AE44-4A15-95F9-8B8779080667}
[2012.03.13 13:51:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{24AD76DF-7266-4306-8DB1-F0B8CEF19D18}
[2012.03.13 13:51:35 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{40A48BDB-5954-42A3-977D-3AC2FC3D5907}
[2012.03.12 22:10:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{30266B32-4CA8-41F1-BF04-AB2CFAC8A3D4}
[2012.03.12 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{504B5AF5-D926-4963-A2CA-849CE8E3361A}
[2012.03.12 22:06:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{75A05EAE-2589-48E3-A5CD-7C8349A5E15B}
[2012.03.12 22:06:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CC4153B2-7DC9-48CF-86F6-86D4F3EE2A7D}
[2012.03.12 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AB73D5B5-2A8B-4C72-BC9E-76D3BBCC7017}
[2012.03.12 20:13:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6EAD1187-33A8-40C6-8784-452F8C69B915}
[2012.03.12 16:05:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0A005CA2-0A5E-46F8-B238-B449E8ED1548}
[2012.03.12 16:05:15 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{ADC702E6-D0C1-4BE2-8B64-FA6F1317CB0B}
[2012.03.12 13:24:36 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5A5EDCAE-A7B5-44C6-BA26-5D47CF0ECD33}
[2012.03.12 13:24:22 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{BEE9F3B5-30FF-4851-9ABD-116A3748821F}
[2012.03.12 00:03:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{843800FF-698E-45C6-A3F9-4040E10CDC98}
[2012.03.12 00:03:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{A3F7034D-07EC-4845-804C-F5ABCC9F5680}
[2012.03.11 23:47:47 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{12B98AA6-6671-4DA5-9F2B-08FE13A8AA18}
[2012.03.11 22:57:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3C889727-7724-4570-9EA6-559D1A4DF569}
[2012.03.11 22:57:32 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{B0E62CC2-DB3C-4750-84B1-A6D45A8BD009}
[2012.03.11 20:48:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F8169643-08C6-4952-B028-114E5F8F7FB7}
[2012.03.11 20:48:10 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6B13DBC0-83B6-4ECA-934A-D482026E55FF}
[2012.03.10 19:22:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.03.10 19:22:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.03.10 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7608E7E7-8E26-4903-B57D-FCF122703206}
[2012.03.10 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CB97B69C-6016-41D2-8BC3-9116A0B6F787}
[2012.03.10 15:11:42 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{93DBFF92-FF7C-4609-B705-3D7D40CEF327}
[2012.03.10 15:11:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{CFC16E4C-DA89-43AE-8BB8-4A1E9D4A4155}
[2012.03.09 22:50:59 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{39FC71BD-DF40-4E44-A57D-C52ADC245970}
[2012.03.09 22:50:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{FAA07C67-0905-4465-A505-597C1219792A}
[2012.03.09 22:11:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{996AB37C-6EC7-44CB-B3E5-32FAF309820A}
[2012.03.09 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8BF9EB1E-00A9-4E43-A689-6F59EBE1E53F}
[2012.03.08 19:03:36 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{51C28BAF-36E2-4CBE-B38C-10C104187175}
[2012.03.08 19:03:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E8A3364D-8F8B-4EDF-8FF0-9C7D7AF1724A}
[2012.03.08 14:11:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C9A46BD9-4DAE-4491-86A8-47849D07365C}
[2012.03.08 14:10:52 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F99C6E12-A8E2-40F1-B9AB-91C487D75C5D}
[2012.03.08 01:52:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{658FE045-B28A-4468-82C0-6A11DBC6A46B}
[2012.03.08 01:52:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{80293F6C-C9F9-444C-9B6A-A3DBFA0FFDC3}
[2012.03.07 20:58:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C04747E4-3F9E-47A1-867F-5530BC4BFC3B}
[2012.03.07 20:58:44 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9E7435C1-CC80-498E-97EA-138E6F6BECC5}
[2012.03.07 15:13:37 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8C0B67A6-8387-429C-9A75-8670546523EE}
[2012.03.07 15:13:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F633A35D-0FEF-44D2-B836-514FD04788D4}
[2012.03.07 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1BE3C620-0E43-48D7-BC9C-FD1237395CDD}
[2012.03.07 12:42:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{65531FE1-5D6A-4A68-96EC-B1892087B8AE}
[2012.03.06 23:17:30 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F8002216-DAB8-485B-ADAA-12084154A807}
[2012.03.06 23:17:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7DCFF7CC-08EA-4B2B-998F-02EA368F6AEA}
[2012.03.06 21:27:29 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F99A0A53-68F7-44AF-A723-C3C7BA2F3839}
[2012.03.06 21:27:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1F4D2DDC-C045-4E23-B593-2EFCD678F383}
[2012.03.06 17:58:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{FB40629C-67A1-4672-9114-1C01B3BF6FD7}
[2012.03.06 17:58:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{B15AD594-7C5D-473F-AAEC-4B8A5A0AFB41}
[2012.03.06 16:10:37 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{53E868E2-04A1-4FFE-8496-F90C74C6D4E3}
[2012.03.06 16:10:24 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5C3C5AA1-17B2-400C-A2BB-8520385D5E0E}
[2012.03.06 14:26:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{54F06A61-4024-4B76-8A1C-EAD5AFB6A5E5}
[2012.03.06 14:25:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{139871A6-0FD7-4B5C-8F8D-570042554C50}
[2012.03.05 23:55:22 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6712AC3B-78E7-4AF1-8B1A-C4E7CAF2D7C5}
[2012.03.05 23:55:08 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4D85FD5F-020A-4739-9FDC-88F097FF62A2}
[2012.03.05 18:29:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6EE6EC6F-98F3-421E-99A3-D67751F6078B}
[2012.03.05 18:29:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{56A6EB2E-5C74-4348-BD7F-2F16B385B115}
[2012.03.04 23:39:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2216CE00-34DC-4AD7-A555-53F2FB80B383}
[2012.03.04 23:39:31 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{09F38D8E-3C08-492D-86AA-D84BDFD704C4}
[2012.03.04 17:19:33 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F5157283-D0DB-456D-A64B-E77C1761AE5A}
[2012.03.04 17:19:20 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{21212B48-5891-4BA9-A4EE-67A74B045BE3}
[2012.03.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{74FA76E8-D859-4133-90C3-A99BACFB88A3}
[2012.03.03 19:08:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C4EB48EE-292B-4ADB-B9BA-CA78E94FFAFD}
[2012.03.03 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{77F33E26-4381-4876-8C8A-4C099C5ECA0A}
[2012.03.03 16:17:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AFD21380-5D38-49CC-96F9-B39E696F2A57}
[2012.03.03 14:09:10 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4F48DBA0-DBB0-423F-BE59-7A3C754CA99F}
[2012.03.03 14:08:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{17D40953-4808-4266-895A-630028F820A5}
[2012.03.02 17:17:38 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{EE4AB413-7DED-4F6D-8BAF-89BD47C533BC}
[2012.03.02 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6E867DD8-B570-4A0C-8D7D-741C0E60A940}
[2012.03.02 16:50:10 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{EE05E3A6-11CC-4529-9892-5B3873AFAFC1}
[2012.03.02 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3F6BDFBC-48BD-42D7-9AC5-F0178268BD2D}
[2012.03.02 15:02:20 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9EBF598E-7AB2-496B-83D7-F2BB39252273}
[2012.03.02 15:02:07 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DFD8BA30-314A-4577-8DA7-3917907C883F}
[2012.03.02 13:06:39 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{13C89C40-9DB6-4648-A45B-0E85D0BA6835}
[2012.03.02 13:06:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{66F907BA-F7CD-4EED-B207-FB184800342C}
[2012.03.02 00:02:25 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0E34A7C5-2272-4853-81F6-8D6A1ED76421}
[2012.03.02 00:02:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{81EB8D46-92EB-4C5D-BD8E-5699ACC3B469}
[2012.03.01 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{268BF1C8-A857-445E-9D70-77D84EB20A2A}
[2012.03.01 20:14:44 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E09CAC75-283B-414D-8C33-81C056E2A82F}
[2012.03.01 19:58:53 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{364A9C61-D6D1-4040-BD2C-2F1229235780}
[2012.03.01 19:58:39 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{94023D83-0C89-4E52-9093-9FC220DDF0FF}
[2012.03.01 15:35:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3C1CF477-CB9A-48B8-BF7F-0C68CF6C16A2}
[2012.03.01 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5B162CBA-1837-4DCF-B1EE-F33B2027D0DA}
[2012.03.01 13:29:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2E90B5A3-F3A2-4063-B80F-3E1B740B3D58}
[2012.03.01 13:29:28 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{071CD7FF-9C6D-4030-BF87-E550F5F453C3}
[2012.02.29 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5B6A15D2-6A38-4B41-8052-5094E6830905}
[2012.02.29 17:18:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{40BF68D9-5BCA-40F2-A7E3-6C3D3651EF96}
[2012.02.29 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{EE523F07-541A-40D5-9BD3-193A46BE9071}
[2012.02.29 17:17:14 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5CB3953B-B1F2-49DB-852D-A832831363D1}
[2012.02.29 15:22:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{BE4E4F2C-DAB2-4642-A700-6F44F75470A5}
[2012.02.29 15:22:44 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8BF2E8B1-621C-4099-B2F6-3CBED4A4AB18}
[2012.02.29 13:08:12 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8FD23658-82A4-48BA-9E60-8E2566AB5666}
[2012.02.29 13:08:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{850E8323-0A9E-4221-B23C-40AA5EA312AE}
[2012.02.28 21:26:09 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3CEF0A26-56BF-4B13-9137-A2335FEDB32E}
[2012.02.28 21:25:56 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{AB59F6B6-62A6-49B8-83BC-50B541BFC4EC}
[2012.02.28 15:30:21 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{D8350C1E-9EA8-437D-9E87-F2544C905CCD}
[2012.02.28 15:30:09 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5BFB4C24-D7BB-4E80-9F7C-32B7828D1432}
[2012.02.28 14:36:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E9348CD0-EF09-4C12-956F-54B07F8C8F9F}
[2012.02.28 14:35:53 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{B1A4B181-6927-42C9-B40B-05EF772F1A43}
[2012.02.27 22:57:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7873B8EA-47DF-4786-AFC1-20821C78D341}
[2012.02.27 22:57:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{D66A5760-36EE-43D3-96AC-CDE0CA0561BB}
[2012.02.27 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4174466A-F8D9-4D8D-AFE6-996D3F8DA493}
[2012.02.27 20:14:05 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DAA48DD8-370E-4D93-B391-03E638C7B17D}
[2012.02.27 15:43:57 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{2F4495BF-5D5C-4BB2-B6AA-FBCAC6503F60}
[2012.02.27 15:43:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{94F827B3-CA16-4D57-BEFD-4EC252571A14}
[2012.02.27 13:29:27 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{A663D04B-8F40-450E-9652-9E814C14F67D}
[2012.02.27 13:29:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{77C91A1B-BF19-44A8-8E1E-D4D76BA8731D}
[2012.02.26 16:59:00 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{801A500A-6BDB-460D-8FD5-8C3D3A2FF0AF}
[2012.02.26 16:58:48 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{41F95E9B-CEC8-49E8-B34D-F251E4F11732}
[2012.02.25 23:13:54 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4815F7DD-D308-45EB-84BF-C58E5FCBF26D}
[2012.02.25 23:13:41 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{D6F5BBD1-922B-4C84-8AAE-2FDC86124774}
[2012.02.25 17:10:17 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{B5E0545B-E679-496E-9B8C-2EDD557FB8B7}
[2012.02.25 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4A6F5646-9BE7-46B6-A5CD-A6265CCBF8D7}
[2012.02.25 14:09:36 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{169FAE4D-DE8C-4785-9F9D-0085FD526652}
[2012.02.25 14:09:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{98FFBBCB-1602-4002-AFC3-ADD144407699}
[2012.02.24 16:03:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{3ACCA056-6F82-4034-9F47-2BF915C87743}
[2012.02.24 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7205E594-6563-47B3-8928-23C4A254382F}
[2012.02.24 14:56:33 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E93766CB-1D59-488F-A9FC-22E10B8588AF}
[2012.02.24 14:45:35 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{490BCE40-833A-4668-8D3A-33F5232A21F3}
[2012.02.24 14:45:23 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{75AEF534-9024-4196-8E47-EB96C2B81D48}
[2012.02.24 00:16:44 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8081B0D9-C6BE-42BE-A1D3-D9A9AE8A507D}
[2012.02.24 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{78C2E430-A41E-421F-961B-49DDE8AA2324}
[2012.02.23 13:05:34 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{94EDE067-96D7-4D3D-944B-A4354C5A42DD}
[2012.02.23 13:05:22 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0DBE7988-3777-4F2C-A320-869D981B542C}
[2012.02.23 00:45:54 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{1C0D3B05-8AFC-4D5E-9DF6-A52A1D423FAC}
[2012.02.23 00:45:40 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9AB7030A-6FEB-4DA6-9F59-208F24C577F0}
[2012.02.22 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{85B1CDCE-6E01-403D-97A7-FDE4FFC33725}
[2012.02.22 20:13:02 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{741DA8EA-BA7B-45E6-8F02-0396FCEFE2CF}
[2012.02.22 17:43:30 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{77B01DDE-EF07-4FD5-9BAE-96441216F195}
[2012.02.22 17:43:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{226D7D9C-C7C3-41EE-9867-922B8ABCFCBE}
[2012.02.22 16:46:01 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{F1E9FDBC-940D-47B1-98E9-7A5BF7E96D63}
[2012.02.22 16:45:47 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{6EA230C0-0AEA-41B0-9403-71A2321F1268}
[2012.02.21 21:42:52 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{C15366B7-54A8-4401-9CCB-160633B3A6E8}
[2012.02.21 21:42:38 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{09A5852D-64A5-43E9-A250-C20EE88C41A0}
[2012.02.21 20:14:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E40D1795-9548-4342-81E0-0E09F752C45B}
[2012.02.21 20:14:45 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{8F603694-3185-40E2-A7B2-B19BACDBA2F5}
[2012.02.21 20:10:04 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{45A8B452-1029-4FE9-B628-E0988D9CC126}
[2012.02.21 20:09:49 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{4B71E742-F4B9-4FB9-8C4A-699737231F3E}
[2012.02.21 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{655F2CB1-1B89-481D-9716-D6FB63D627C2}
[2012.02.21 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{7B963675-1F34-4067-A7F7-3C08366CA57B}
[2012.02.21 13:47:38 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{9F2837C0-24F8-4ADA-9AA5-43B8C4E747CD}
[2012.02.21 13:47:25 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{745B1C02-775A-418E-854D-03B5B86F3C66}
[2012.02.20 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{5136A57A-DBDA-4248-B682-11275CFD58BC}
[2012.02.20 16:42:03 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{106BDB83-E526-42EF-ABD0-E8C6AF7B0ED9}
[2012.02.20 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{0A2A9689-B835-46CB-B27A-ECED0E6549C8}
[2012.02.20 13:58:36 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{E781CE25-A03D-4A9D-A09A-61F7972D4102}
[2012.02.20 02:47:52 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{735ABC2F-0E4F-4E7D-86ED-32F61C44CD70}
[2012.02.20 02:47:39 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{57549B07-F7AD-4A7B-89AC-559BA9BBFC18}
[2012.02.19 23:04:20 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{A036C1D2-728F-486F-91F3-A2A0383AA085}
[2012.02.19 23:04:09 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{301F0442-C208-49EC-8E54-3F35A6CCE3FB}
[2012.02.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DE74C7BF-4A09-4CFD-9F3D-4786CCA2D2C6}
[2012.02.19 15:31:58 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\{DF46B3DD-8235-4A59-B893-1A4A42431FEB}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 21:00:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Packard Bell Registration - Reminder Recall task.job
[2012.03.19 20:55:32 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL(1).exe
[2012.03.19 20:53:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 20:53:40 | 692,997,991 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.19 20:53:39 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.19 20:39:08 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lea\Desktop\tdsskiller(1).exe
[2012.03.19 20:36:38 | 000,000,512 | ---- | M] () -- C:\Users\Lea\Desktop\MBR.dat
[2012.03.19 20:30:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lea\Desktop\aswMBR.exe
[2012.03.19 20:20:38 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Lea\Desktop\unhide.exe
[2012.03.19 18:50:09 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 18:50:09 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 18:00:49 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.19 17:37:22 | 001,556,122 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.19 17:37:22 | 000,679,194 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.19 17:37:22 | 000,629,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.19 17:37:22 | 000,140,116 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.19 17:37:22 | 000,114,848 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.19 14:26:26 | 001,385,843 | ---- | M] () -- C:\Users\Lea\Desktop\FRST64.exe
[2012.03.19 12:24:03 | 000,013,854 | ---- | M] () -- C:\Users\Lea\Desktop\firefox.exe - Verknüpfung.lnk
[2012.03.19 02:02:01 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.19 01:49:45 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.19 01:21:21 | 000,000,456 | ---- | M] () -- C:\ProgramData\mv6gbLFrjRSkXy
[2012.03.19 01:19:39 | 000,000,665 | ---- | M] () -- C:\Users\Lea\Desktop\System Check.lnk
[2012.03.19 01:19:39 | 000,000,264 | ---- | M] () -- C:\ProgramData\~mv6gbLFrjRSkXy
[2012.03.19 01:19:39 | 000,000,176 | ---- | M] () -- C:\ProgramData\~mv6gbLFrjRSkXyr
[2012.03.19 01:05:54 | 000,021,239 | ---- | M] () -- C:\Users\Lea\Desktop\hkjh.jpg
[2012.03.18 18:54:19 | 000,023,013 | ---- | M] () -- C:\Users\Lea\Documents\Hausarbeit.odt
[2012.03.17 20:45:10 | 000,013,223 | ---- | M] () -- C:\Users\Lea\Documents\kuchen.odt
[2012.03.14 15:17:55 | 000,315,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.02 17:52:04 | 000,000,031 | ---- | M] () -- C:\Windows\progress
[2012.02.22 17:10:22 | 001,023,346 | ---- | M] () -- C:\Users\Lea\Documents\bafög3.pdf
[2012.02.22 17:03:46 | 001,117,471 | ---- | M] () -- C:\Users\Lea\Documents\bafög2.pdf
[2012.02.22 17:02:07 | 001,321,898 | ---- | M] () -- C:\Users\Lea\Documents\bafög.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.19 20:36:38 | 000,000,512 | ---- | C] () -- C:\Users\Lea\Desktop\MBR.dat
[2012.03.19 20:25:18 | 000,001,300 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.03.19 20:25:18 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.03.19 20:25:18 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.19 20:25:18 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.03.19 20:25:17 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.03.19 20:25:17 | 000,002,498 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.03.19 20:25:17 | 000,002,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome Center.lnk
[2012.03.19 20:25:17 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.19 20:25:17 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.03.19 20:25:17 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.03.19 20:25:17 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.03.19 20:25:17 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.03.19 20:25:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.19 20:25:17 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.03.19 20:25:17 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.03.19 20:25:17 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.03.19 20:25:17 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.19 20:25:17 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Deus EX Human Revolution.lnk
[2012.03.19 20:25:15 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.03.19 20:25:14 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.03.19 20:25:13 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.19 20:25:12 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012.03.19 20:25:12 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.03.19 20:25:12 | 000,001,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.03.19 20:25:12 | 000,001,940 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.03.19 20:25:12 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.19 20:25:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.19 20:25:09 | 000,002,279 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 9.lnk
[2012.03.19 20:25:09 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contact a friend for assistance.lnk
[2012.03.19 20:25:09 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk
[2012.03.19 20:25:09 | 000,001,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.03.19 20:25:09 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.03.19 18:00:49 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.19 14:26:08 | 001,385,843 | ---- | C] () -- C:\Users\Lea\Desktop\FRST64.exe
[2012.03.19 12:24:03 | 000,013,854 | ---- | C] () -- C:\Users\Lea\Desktop\firefox.exe - Verknüpfung.lnk
[2012.03.19 02:02:01 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.19 01:49:45 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.19 01:19:39 | 000,000,665 | ---- | C] () -- C:\Users\Lea\Desktop\System Check.lnk
[2012.03.19 01:19:39 | 000,000,264 | ---- | C] () -- C:\ProgramData\~mv6gbLFrjRSkXy
[2012.03.19 01:19:39 | 000,000,176 | ---- | C] () -- C:\ProgramData\~mv6gbLFrjRSkXyr
[2012.03.19 01:19:35 | 000,000,456 | ---- | C] () -- C:\ProgramData\mv6gbLFrjRSkXy
[2012.03.19 01:05:53 | 000,021,239 | ---- | C] () -- C:\Users\Lea\Desktop\hkjh.jpg
[2012.03.17 20:45:08 | 000,013,223 | ---- | C] () -- C:\Users\Lea\Documents\kuchen.odt
[2012.03.14 18:05:06 | 000,023,013 | ---- | C] () -- C:\Users\Lea\Documents\Hausarbeit.odt
[2012.03.02 17:51:53 | 000,000,031 | ---- | C] () -- C:\Windows\progress
[2012.02.22 17:10:22 | 001,023,346 | ---- | C] () -- C:\Users\Lea\Documents\bafög3.pdf
[2012.02.22 17:03:46 | 001,117,471 | ---- | C] () -- C:\Users\Lea\Documents\bafög2.pdf
[2012.02.22 17:02:07 | 001,321,898 | ---- | C] () -- C:\Users\Lea\Documents\bafög.pdf
[2011.08.10 18:27:15 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.08.05 12:33:23 | 001,583,740 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.18 20:55:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.15 10:15:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.15 10:14:58 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.04.15 10:14:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

< End of report >

lea20 19.03.2012 21:03
soo müsste das letzte sein:
Code:
OTL Extras logfile created on: 19.03.2012 20:56:19 - Run 3
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Lea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 76,80% Memory free
15,71 Gb Paging File | 13,80 Gb Available in Paging File | 87,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911,40 Gb Total Space | 775,45 Gb Free Space | 85,08% Space Free | Partition Type: NTFS
Drive D: | 6,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 7,45 Gb Total Space | 7,41 Gb Free Space | 99,38% Space Free | Partition Type: FAT32
 
Computer Name: LEA-PC | User Name: Lea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7A61142C-CA19-4F3C-BA66-FF8F131501FA}" = Paint.NET v3.5.9
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC57D4-594D-4F30-8D81-27FDB2243644}_is1" = Deus EX Human Revolution Version v1.1
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA2C0D53-CA57-42D9-9B27-C93EFCCA001A}_is1" = GSM version 1.3
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Braid_is1" = Braid (Version 1.015)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX-Setup
"Ferret Gaming Mouse" = Ferret Gaming Mouse driver
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PremElem90" = Adobe Premiere Elements 9
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 1.0.0
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-82ba40dc-d1d0-48f5-9eb7-86bcd1acb5ca" = Torchlight
"WTA-d7c857c7-4481-4739-ae9d-b7bc70ceb5b6" = Plants vs. Zombies - Game of the Year
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.02.2012 08:05:05 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.02.2012 19:16:20 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.02.2012 09:45:11 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.02.2012 11:02:43 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.02.2012 20:13:05 | Computer Name = Lea-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.02.2012 09:09:10 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.02.2012 12:09:51 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.02.2012 18:13:28 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.02.2012 11:58:28 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.02.2012 12:46:03 | Computer Name = Lea-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 19.03.2012 13:16:59 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 19.03.2012 13:22:30 | Computer Name = Lea-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?03.?2012 um 18:19:22 unerwartet heruntergefahren.
 
Error - 19.03.2012 13:24:31 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 19.03.2012 13:31:48 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 19.03.2012 13:31:55 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 19.03.2012 13:34:29 | Computer Name = Lea-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:  %%-2147467243
 
Error - 19.03.2012 13:43:44 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 19.03.2012 15:53:43 | Computer Name = Lea-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?03.?2012 um 20:52:36 unerwartet heruntergefahren.
 
Error - 19.03.2012 15:53:49 | Computer Name = Lea-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 19.03.2012 15:54:10 | Computer Name = Lea-PC | Source = ipnathlp | ID = 31004
Description =
 
 
< End of report >

Psychotic 20.03.2012 22:12
Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

lea20 21.03.2012 13:46
hat alles gut geklappt :) hoffentlich hab ich alles richtig gemacht, hier das file:
Code:
ComboFix 12-03-20.02 - Lea 21.03.2012  13:25:25.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8044.5975 [GMT 1:00]
ausgeführt von:: c:\users\Lea\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~mv6gbLFrjRSkXy
c:\programdata\~mv6gbLFrjRSkXyr
c:\programdata\mv6gbLFrjRSkXy
c:\users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Lea\Desktop\System Check.lnk
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-21 bis 2012-03-21  ))))))))))))))))))))))))))))))
.
.
2012-03-21 12:31 . 2012-03-21 12:31        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-20 20:07 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A12083-95BC-4536-8849-67A413ABC2DD}\mpengine.dll
2012-03-20 02:37 . 2012-03-20 02:40        --------        d-----w-        C:\FRST
2012-03-19 19:25 . 2011-11-10 23:23        19123536        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\TESV.exe
2012-03-19 19:25 . 2011-11-10 14:06        1880400        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\SkyrimLauncher.exe
2012-03-19 19:25 . 2011-11-10 23:23        214016        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\binkw32.dll
2012-03-19 19:25 . 2011-11-10 23:23        165304        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\atimgpud.dll
2012-03-19 01:41 . 2012-03-19 01:41        --------        d-----w-        C:\Neuer Ordner (2)
2012-03-19 01:41 . 2012-03-19 01:41        --------        d-----w-        C:\Neuer Ordner
2012-03-19 01:01 . 2012-03-19 01:02        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-19 01:01 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-19 00:52 . 2012-03-19 00:52        --------        d-----w-        c:\users\Lea\AppData\Roaming\Avira
2012-03-19 00:49 . 2012-01-31 07:56        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-03-19 00:49 . 2012-01-31 07:56        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-03-19 00:49 . 2011-09-16 15:08        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-03-19 00:49 . 2012-03-19 00:49        --------        d-----w-        c:\programdata\Avira
2012-03-19 00:49 . 2012-03-19 00:49        --------        d-----w-        c:\program files (x86)\Avira
2012-03-19 00:32 . 2012-03-19 00:32        --------        d-----w-        c:\users\Lea\AppData\Roaming\Malwarebytes
2012-03-19 00:32 . 2012-03-19 00:32        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-14 13:48 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 13:48 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:48 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:07 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 13:07 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 13:07 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-13 17:07 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-13 17:07 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:07 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:07 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:07 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-13 17:07 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:07 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-10 18:22 . 2012-03-10 18:22        --------        d-----w-        c:\windows\SysWow64\Wat
2012-03-10 18:22 . 2012-03-10 18:22        --------        d-----w-        c:\windows\system32\Wat
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-16 18:10        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 18:10        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 18:10        515584        ----a-w-        c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 18:10        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 18:10        498688        ----a-w-        c:\windows\system32\drivers\afd.sys
2011-12-26 16:17 . 2011-07-18 21:47        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22        176936        ----a-w-        c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-03-28 16:22        176936        ----a-w-        c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-08-20 639864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2011-02-15 295744]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Ferret Gaming Mouse"="c:\program files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe" [2010-06-14 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-7-21 576000]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-09-09 1152632]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.031\IDSvia64.sys [2011-08-22 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-02-22 873064]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2011-02-15 257344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-21 c:\windows\Tasks\Packard Bell Registration - Reminder Recall task.job
- c:\program files (x86)\Packard Bell\Registration\GREG.exe [2011-01-25 02:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-02-22 1796200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\fhvw2doa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{BA2C0D53-CA57-42D9-9B27-C93EFCCA001A}_is1 - c:\???????? ????? ? ?? 1.0004 ??????\gamedata\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-21  13:37:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-21 12:37
.
Vor Suchlauf: 16 Verzeichnis(se), 837.132.247.040 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 842.526.838.784 Bytes frei
.
- - End Of File - - 6D87008755540B2B8D86CDE0C40A6C4A

Psychotic 21.03.2012 23:44
Schritt 1: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
REGISTRY::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"=-
[-HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
FOLDER::
c:\program files (x86)\uTorrentBar_DE
c:\program files (x86)\ConduitEngine
DDS::
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
FIREFOX::
FF - ProfilePath - c:\users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\fhvw2doa.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2: MBAM vollständig



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

lea20 22.03.2012 00:06
wow danke das ist echt klasse, wie viel hilfe man hier bekommt :) werd ich morgen früh direkt in angriff nehmen...
antiviren software temporär abstellen..reicht es da den echtzeitscanner zu deaktivieren oder wie stellt man alles so sicher ab, dass es nicht mehr behindert? will lieber kein risiko eingehen und frag nochmal


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:48 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131