Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph

Patient X · 23.06.2012, 14:34

Hallo!
Ich habe leider keine große Ahnung von Computern und versuche deshalb jetzt hier etwas Hilfe zu bekommen.
Die meisten Programme auf dem Pc sind von Bekannten und Kollegen empfohlen worden.

Nun zum Problem:

Meine Tochter hat während meiner Abwesenheit den Computer benutzt und seit dem sagt Kaspersky das eine Malware auf dem Laptop ist.

Folgendes zeigt Kaspersky an:

Backdoor.Win32.ZAccess.mbg
Trojan.Win32.Small.bmph
Trojan.Win32.Zapchast.acdo
HEUR:Exploit.Script.Generic

Ich bin durch Google auf dieses Forum aufmerksam geworden.
Ich habe nun wie hier zu lesen:
http://www.trojaner-board.de/117206-...entfernen.html

schon nach dortiger Anleitung den Defogger laufen lassen und danach wie beschrieben das OTL Programm gestartet.

Davon sind diese Logfiles:

Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 23.06.2012 14:46:39 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = C:\Users\DD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 51,38% Memory free
6,13 Gb Paging File | 4,45 Gb Available in Paging File | 72,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 5,77 Gb Free Space | 1,27% Space Free | Partition Type: NTFS
 
Computer Name: ODIN | User Name: DD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#APPID_is1" = Projekt Japanisch 1.0.0.0
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0B96C1A6-73A1-8648-BB59-9AA8E0EC3BBD}" = ATI Catalyst Install Manager
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EA5CCBB-EAE1-863F-42C7-2200ECB5C215}" = ccc-utility
"{196CF234-5A24-2F2F-82D9-03E8794A8DB2}" = CCC Help Danish
"{19F71F50-EE15-4213-A1ED-EA74FFA60C51}" = CacheStats
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Windows Mobile-Gerätecenter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{221E3442-5E36-4444-45C3-69022B3A818B}" = Catalyst Control Center Graphics Full Existing
"{22392D35-2541-5D02-7159-A1C6F93D08DB}" = CCC Help Chinese Standard
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26966185-1610-386E-A249-2D05A5C6861C}" = Catalyst Control Center Graphics Previews Vista
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CCEEB92-631F-FC35-0757-122A8EA82573}" = CCC Help Portuguese
"{3BBBF916-D04B-7388-46FB-21EA257B6756}" = CCC Help Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{3FE2C6E2-8A57-D9EF-5005-FDFF43A4BA99}" = CCC Help English
"{4297D072-09F0-F2E7-4B0F-009098303CB9}" = CCC Help Czech
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{48D60246-3600-CF3A-9B9C-BD8C0145BABA}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56B777D9-9D85-4A81-BF59-1EED7401ADC4}" = Google Cloud Connect for Microsoft Office
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EAEE5D7-F4D6-0D20-3EAE-D971E35A1F48}" = CCC Help Russian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{662AF9F7-2728-B97D-D806-CB529B5B6572}" = CCC Help Greek
"{673ACCCA-79B5-EFD0-C08F-C6160188F837}" = CCC Help Japanese
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6DA250F4-CC00-CD57-3081-97C5AEEB6517}" = CCC Help Polish
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{70D0D8A6-4A55-5D59-D9F0-0BD2E63BE4CB}" = Skins
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7687F1D7-BA02-E78A-38B8-CC2E80441F02}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C20E89E-4C3D-468E-97A0-9ECF6B1C93DD}" = Catalyst Control Center - Branding
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E69211F-9327-68CC-B854-CCE0A73951FD}" = CCC Help Thai
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{80E59E27-B816-A3F1-69FB-DAF5623A5320}" = Catalyst Control Center InstallProxy
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{896B238F-7CFE-4952-82EB-96E63E8E67B6}" = COMPUTERBILD-Abzockschutz
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D580EFB-6B85-2680-77F9-F6B05335995D}" = CCC Help German
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A32563F0-671A-B71C-6D5D-F1BCC5D9820A}" = PX Profile Update
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF74E427-69CD-71EF-34A1-AAD7BBF98571}" = Catalyst Control Center Core Implementation
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B423FEBB-A980-3F0C-019D-39570AB69F52}" = CCC Help Chinese Traditional
"{B7B8F5CF-A83E-0485-A5D6-A04F437BE9E3}" = CCC Help French
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile-Gerätecenter: Treiberupdate
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF1A3128-AE8D-6CDD-97E2-EB21AE072578}" = Catalyst Control Center Localization All
"{CFAE5CA5-3757-B38A-3CEF-26C275098EF3}" = CCC Help Turkish
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D1F45DA3-0747-FE7F-BD90-AA030DE37B47}" = CCC Help Korean
"{D8547BA0-E3B7-DEE8-FE37-660F8C69EF83}" = CCC Help Dutch
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DB64492B-AE9C-1C8F-5158-0B204B42410A}" = ccc-core-static
"{DBAD3D0A-7A98-95F5-ACFB-C6B5CCB47A95}" = CCC Help Finnish
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE41E729-2E45-D6C5-F06F-F686D6C9E472}" = CCC Help Swedish
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF61C694-F6D1-37C6-35B7-1320F836FE57}" = Catalyst Control Center Graphics Light
"{E0D839A8-C888-C560-9332-43D73D7BDE21}" = Catalyst Control Center Graphics Full New
"{E128FE24-9C62-6642-1D18-BEAC991C5E62}" = CCC Help Norwegian
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Ashampoo WinOptimizer 7_is1" = Ashampoo WinOptimizer 7.01
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GoldWave v5.22" = GoldWave v5.22
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InfoCentre" = InfoCentre
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.7.2
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.6
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"Ravensburger tiptoi" = Ravensburger tiptoi
"Security Task Manager" = Security Task Manager 1.8d
"SetupMyPC" = SetupMyPC
"starwars_screensaver_pc" = starwars_screensaver_pc
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TreeSize Free_is1" = TreeSize Free V2.6
"Updator" = Updator
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"a0262b137d239919" = Urwigo
"Geocaching Live" = Geocaching Live
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2012 00:38:51 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 00:38:51 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 00:38:51 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 00:38:52 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 08:35:31 | Computer Name = ODIN | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.06.2012 08:38:16 | Computer Name = ODIN | Source = VSS | ID = 8194
Description = 
 
Error - 23.06.2012 08:38:43 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 08:38:44 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 08:38:50 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.06.2012 08:41:16 | Computer Name = ODIN | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 06.06.2010 15:56:54 | Computer Name = ODIN | Source = McrMgr | ID = 107
Description = 
 
Error - 06.06.2010 15:57:09 | Computer Name = ODIN | Source = McrMgr | ID = 107
Description = 
 
Error - 06.06.2010 15:57:14 | Computer Name = ODIN | Source = McrMgr | ID = 107
Description = 
 
Error - 06.06.2010 16:06:10 | Computer Name = ODIN | Source = McrMgr | ID = 107
Description = 
 
[ OSession Events ]
Error - 07.10.2010 08:06:10 | Computer Name = ODIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20177
 seconds with 6300 seconds of active time.  This session ended with a crash.
 
Error - 25.04.2012 06:27:37 | Computer Name = ODIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3224
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.06.2012 08:35:32 | Computer Name = ODIN | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 23.06.2012 08:36:00 | Computer Name = ODIN | Source = WMPNetworkSvc | ID = 866293
Description = 
 
Error - 23.06.2012 08:36:42 | Computer Name = ODIN | Source = DCOM | ID = 10000
Description = 
 
Error - 23.06.2012 08:37:44 | Computer Name = ODIN | Source = DCOM | ID = 10000
Description = 
 
Error - 23.06.2012 08:40:26 | Computer Name = ODIN | Source = Service Control Manager | ID = 7022
Description = 
 
[ TuneUp Events ]
Error - 13.05.2011 10:39:44 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:39:44', '\device\cdrom0\lucas
 learning folder\star wars yoda's challenge\setup.exe','4332',0)
 
Error - 13.05.2011 10:39:49 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:39:49', '\device\cdrom0\lucas
 learning folder\star wars yoda's challenge\_isdel.exe','4600',0)
 
Error - 13.05.2011 10:43:14 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:43:14', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.exe','1544',0)
 
Error - 13.05.2011 10:43:29 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:43:29', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.icd','5672',0)
 
Error - 13.05.2011 10:43:44 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:43:44', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.exe','5244',0)
 
Error - 13.05.2011 10:43:54 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:43:54', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.icd','4544',0)
 
Error - 13.05.2011 10:44:14 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:44:14', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.exe','956',0)
 
Error - 13.05.2011 10:45:09 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:45:09', '\device\cdrom0\lucas
 learning folder\star wars yoda's challenge\directx\dxsetup.exe','5896',0)
 
Error - 13.05.2011 10:45:34 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:45:34', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.exe','5108',0)
 
Error - 13.05.2011 10:45:44 | Computer Name = ODIN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-13 16:45:44', '\device\harddiskvolume2\program
 files\lucas learning\star wars yoda's abenteuer\yoda's challenge.icd','3308',0)
 
 
< End of report >

Und OTL.Txt

Code:

ATTFilter

OTL logfile created on: 23.06.2012 14:46:39 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = C:\Users\DD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 51,38% Memory free
6,13 Gb Paging File | 4,45 Gb Available in Paging File | 72,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 5,77 Gb Free Space | 1,27% Space Free | Partition Type: NTFS
 
Computer Name: ODIN | User Name: DD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\DD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Users\DD\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
PRC - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3331.38874__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3331.38853__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3331.38895__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3331.38815__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3331.38835__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3331.38819__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3331.38930__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3331.38883__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll ()
MOD - C:\Program Files\FILEminimizer Pictures\FILEMShell.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe (mst software GmbH, Germany)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (ePowerSvc) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6CFA647A-7824-4CF5-999D-5D188E2D7961}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{EC2F0341-0A64-4045-B18C-93CD9FEFAC77}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.110409
FF - prefs.js..extensions.enabledItems: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:1.6
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.9
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82
FF - prefs.js..extensions.enabledItems: {265b0520-499e-11d9-9669-0800200c9a66}:2.0.6
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\DD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.02.23 19:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.06.21 14:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.22 07:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.22 07:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.22 07:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 01:23:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:44:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 01:23:29 | 000,000,000 | ---D | M]
 
[2010.05.16 22:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Extensions
[2010.05.16 22:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.06.23 07:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions
[2012.06.19 07:19:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.08.25 12:23:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.04.01 15:28:39 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2011.04.01 15:50:20 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2011.04.01 16:02:55 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2012.03.02 19:57:31 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2012.04.08 00:16:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.05.17 23:22:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.04.01 16:31:16 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011.03.24 16:01:35 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2012.03.30 06:51:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.13 10:26:02 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.06.23 07:13:37 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.05.20 11:27:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.29 17:23:01 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf}
[2010.11.26 15:10:48 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.25 09:28:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.05.17 23:22:35 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\ich@maltegoetz.de
[2011.04.19 21:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\nostmp
[2011.04.01 16:05:12 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\tineye@ideeinc.com
[2011.11.03 15:35:05 | 000,000,933 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\11-suche.xml
[2010.07.03 10:39:55 | 000,009,837 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\ddl-search-v2.xml
[2011.11.03 15:35:05 | 000,002,419 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\englische-ergebnisse.xml
[2010.10.20 20:27:50 | 000,010,567 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\gmx-suche.xml
[2011.03.02 09:48:59 | 000,002,342 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icq-search.xml
[2011.03.10 20:27:35 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-1.xml
[2011.03.24 13:44:18 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-2.xml
[2011.03.05 13:33:44 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin.xml
[2011.11.03 15:35:05 | 000,002,457 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\lastminute.xml
[2012.05.01 10:47:55 | 000,005,489 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\webde-suche.xml
[2012.06.09 03:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.21 14:43:35 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.02.23 19:51:54 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012.01.02 22:48:13 | 000,130,514 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{249DF6A2-E336-47D1-B6C3-EC711AD140CA}.XPI
[2012.01.05 19:17:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.22 00:05:06 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.06.01 19:03:09 | 000,395,898 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2012.05.19 00:56:15 | 005,438,448 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI
[2011.06.23 05:39:57 | 000,046,484 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\LANGPACK-DE@CHATZILLA.MOZILLA.ORG.XPI
[2012.05.01 10:47:43 | 000,574,144 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2010.08.04 13:40:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.06.17 11:44:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.03.26 10:09:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.02 09:17:02 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\DD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: Adblock Plus (Beta) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Ragdoll Avalanche 2 = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijphmcdlkiiagnjoheephkicadkcoan\1.0_0\
CHR - Extension: SiteAdvisor = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Webcam Toy = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: Zombie Drop = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmhllfgcoopjdmcmdeobhgimokcabmc\1.0_0\
CHR - Extension: Texas Holdem Poker = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojbaogcpfpkhbmjmefladpimcmfggkjl\1.0.0.2_0\
CHR - Extension: Love Calculator = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolmcecgdmgibngcbeedeljjadklplag\1.3_0\
 
O1 HOSTS File: ([2011.07.31 15:18:35 | 000,423,246 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14592 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120430014745.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [bdinstaller] C:\Program Files\Common Files\Bitdefender\setupinformation\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [k0kcwz1xjp] C:\Users\DD\k0kcwz1xjp.exe File not found
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C6E75D3-C364-4A41-A1F0-0591696E0B3C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\DD\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\DD\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.23 14:42:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\DD\Desktop\OTL.exe
[2012.06.23 07:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012.06.23 07:13:54 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Roaming\QuickScan
[2012.06.22 17:00:13 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.22 07:47:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.21 20:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.06.21 20:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.06.21 20:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.06.21 20:14:40 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.06.21 14:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.21 07:15:39 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Local\Macromedia
[2012.06.21 07:15:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 07:15:27 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 07:14:48 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 07:14:48 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 07:14:47 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 07:14:35 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 07:14:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.19 20:55:49 | 000,000,000 | ---D | C] -- C:\Users\DD\Desktop\URLAUB 2012
[2012.06.12 22:02:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.12 22:02:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.12 22:02:54 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.12 22:02:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.12 22:02:51 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.12 22:02:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.12 22:02:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.12 22:02:50 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.12 22:02:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.12 22:02:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.12 22:02:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.12 22:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.06.12 22:02:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.12 22:02:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.12 22:02:47 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.12 22:02:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.06.12 22:02:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.12 22:02:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.12 22:01:52 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.23 15:01:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.23 15:00:06 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.06.23 14:44:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.06.23 14:42:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\DD\Desktop\OTL.exe
[2012.06.23 14:34:28 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.23 14:34:03 | 000,004,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.23 14:34:03 | 000,004,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.23 14:33:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.23 14:32:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.23 14:31:05 | 000,000,020 | ---- | M] () -- C:\Users\DD\defogger_reenable
[2012.06.23 14:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.23 13:30:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.06.23 07:11:15 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.22 19:44:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.06.22 19:30:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.06.22 17:50:46 | 000,001,174 | ---- | M] () -- C:\Users\DD\Desktop\1334230738_BDRemovalTool_sirefef_x86 - Verknüpfung.lnk
[2012.06.22 07:47:30 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.21 20:29:52 | 000,017,408 | ---- | M] () -- C:\Users\DD\AppData\Local\WebpageIcons.db
[2012.06.21 20:19:13 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.21 20:19:13 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012.06.21 20:14:40 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.06.21 19:33:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.21 19:33:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.21 07:05:31 | 000,656,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.21 07:05:31 | 000,128,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.21 07:05:30 | 000,691,636 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.21 07:05:30 | 000,152,156 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.19 16:29:40 | 000,000,680 | ---- | M] () -- C:\Users\DD\AppData\Local\d3d9caps.dat
[2012.06.18 20:53:20 | 000,134,144 | ---- | M] () -- C:\Users\DD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.13 05:48:03 | 000,393,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.09 03:20:53 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.23 14:30:10 | 000,000,020 | ---- | C] () -- C:\Users\DD\defogger_reenable
[2012.06.22 17:50:43 | 000,001,174 | ---- | C] () -- C:\Users\DD\Desktop\1334230738_BDRemovalTool_sirefef_x86 - Verknüpfung.lnk
[2012.06.21 20:29:44 | 000,017,408 | ---- | C] () -- C:\Users\DD\AppData\Local\WebpageIcons.db
[2012.06.21 20:19:13 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.21 20:19:13 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.04.04 04:49:18 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.01.10 22:14:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
[2012.01.10 22:14:13 | 000,002,048 | -HS- | C] () -- C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
[2011.10.13 00:01:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.09.21 06:59:27 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.07.31 12:43:46 | 000,065,536 | ---- | C] () -- C:\Windows\revolutions_uninstall.exe
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.12.30 16:37:25 | 000,000,090 | ---- | C] () -- C:\Users\DD\AppData\Local\fusioncache.dat
[2010.12.28 13:58:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.05 22:16:02 | 000,000,249 | ---- | C] () -- C:\Windows\bctester_de.INI
[2010.10.10 20:15:43 | 000,000,465 | ---- | C] () -- C:\Windows\iScreensaver.ini
[2010.10.10 20:15:00 | 000,029,184 | -H-- | C] () -- C:\Windows\MBSRectPlugin1635.dll
[2010.09.04 18:06:46 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.09.04 18:06:46 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.09.03 21:36:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.09.03 21:36:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.04.27 20:28:25 | 000,000,680 | ---- | C] () -- C:\Users\DD\AppData\Local\d3d9caps.dat
[2010.04.22 12:53:25 | 000,134,144 | ---- | C] () -- C:\Users\DD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >

Ist das bis jetzt soweit richtig gewesen?

cosinus · 26.06.2012, 14:44

Zitat:

Folgendes zeigt Kaspersky an:

Backdoor.Win32.ZAccess.mbg
Trojan.Win32.Small.bmph
Trojan.Win32.Zapchast.acdo
HEUR:Exploit.Script.Generic

Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Patient X · 28.06.2012, 07:34

Vielen Dank für deine Antwort!

Verzeih mir bitte mein Unwissen, aber wo kann man bei Kaspersky sich ein Log ausgeben lassen.

Ich habe bis jetzt immer auf dem Bildschirm eine Warnmeldung bekommen.
Dort steht dann immer der Name des Trojanischen Programms und darunter dann der Datei-Pfad.
Dies habe Ich dann abgeschrieben und hier dann im Text wiedergegeben.

Ich habe jetzt etwas gefunden was eventuell als Log definiert werden könnte.

Code:

ATTFilter

Typ: trojanisches Programm (4)	
Trojan.Win32.Small.bmph	Wird nach dem Neustart des Computers verarbeitet	28.06.2012 08:17:30	C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\	80000000.@	
Trojan.Win32.Zapchast.acdo	Wird nach dem Neustart des Computers verarbeitet	28.06.2012 08:17:19	C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\	800000cb.@	
Backdoor.Win32.ZAccess.mbg	Wird nach dem Neustart des Computers verarbeitet	28.06.2012 08:17:05	C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\	00000001.@	
Trojan.Win32.Jorik.Totem.lt	Gelöscht	27.06.2012 14:01:46	C:\Users\DD\AppData\Local\Temp\	13995723.exe	
Typ: Virus (1)	
Virus.Win32.ZAccess.m	Wird nach dem Neustart des Computers verarbeitet	28.06.2012 08:20:01	C:\Windows\System32\	services.exe

Hilft das?

Zwischenzeitlich habe Ich auch nach der Checkliste das GMER Programm laufen lassen.
Da kam dann am Ende die Meldung das ein Rootkit gefunden wurde.
Das Log davon ist hier:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-28 08:27:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60F
Running: csyqu7rd.exe; Driver: C:\Users\DD\AppData\Local\Temp\fxldapog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwAdjustPrivilegesToken [0x9147D28A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwAlpcConnectPort [0x91497342]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwAlpcCreatePort [0x91497678]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwAlpcSendWaitReceivePort [0x914979EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwClose [0x9147DD04]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwConnectPort [0x9149702A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateEvent [0x9147E276]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateMutant [0x9147E164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreatePort [0x914974E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateSection [0x9147D046]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateSemaphore [0x9147E38E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateThread [0x9147D8BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateWaitablePort [0x914975B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwDebugActiveProcess [0x9147E74E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwDeviceIoControlFile [0x9147DD46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwDuplicateObject [0x9147F750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwLoadDriver [0x9147E840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwMapViewOfSection [0x9147EDAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwNotifyChangeKey [0x91495840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenEvent [0x9147E308]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenMutant [0x9147E1F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenProcess [0x9147D4C4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenSection [0x9147EB90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenSemaphore [0x9147E420]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwOpenThread [0x9147D3B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwQueryDirectoryObject [0x9147E55C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwQueryObject [0x91495A38]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwQuerySection [0x9147F0D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwQueueApcThread [0x9147E9E0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwReplyPort [0x914977DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwReplyWaitReceivePort [0x9149772A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwRequestWaitReplyPort [0x91497848]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwResumeThread [0x9147F5F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSecureConnectPort [0x914971B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSetContextThread [0x9147DBA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSetInformationToken [0x9147E5FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSetSystemInformation [0x9147F222]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSuspendProcess [0x9147F316]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSuspendThread [0x9147F450]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwSystemDebugControl [0x9147E670]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwTerminateProcess [0x9147D664]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwTerminateThread [0x9147D5BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwUnmapViewOfSection [0x9147EF8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwWriteVirtualMemory [0x9147D750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateThreadEx [0x9147DA2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                          ZwCreateUserProcess [0x9147E4A6]

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                    ZwMapViewOfSection [0x807345A8]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                    ZwYieldExecution [0x80734594]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                    NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwYieldExecution                                                                                 8302D992 5 Bytes  JMP 80734598 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text           ntkrnlpa.exe!KeSetEvent + 119                                                                                 830AE7DC 4 Bytes  [8A, D2, 47, 91] {MOV DL, DL; INC EDI; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                 830AE800 8 Bytes  [42, 73, 49, 91, 78, 76, 49, ...] {INC EDX; JAE 0x4c; XCHG ECX, EAX; JS 0x7c; DEC ECX; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 181                                                                                 830AE844 4 Bytes  [EE, 79, 49, 91] {OUT DX, AL ; JNS 0x4c; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 1A9                                                                                 830AE86C 4 Bytes  [04, DD, 47, 91] {ADD AL, 0xdd; INC EDI; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                                 830AE884 4 Bytes  [2A, 70, 49, 91] {SUB DH, [EAX+0x49]; XCHG ECX, EAX}
.text           ...                                                                                                           
PAGE            ntkrnlpa.exe!NtMapViewOfSection                                                                               8321289A 7 Bytes  JMP 807345AC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text           C:\Windows\system32\DRIVERS\atipmdag.sys                                                                      section is writeable [0x90206000, 0x25826A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[716] ntdll.dll!NtCreateFile                                                   77824244 5 Bytes  JMP 002A0FEF 
.text           C:\Windows\system32\svchost.exe[716] ntdll.dll!NtCreateProcess                                                77824304 5 Bytes  JMP 002A0FCA 
.text           C:\Windows\system32\svchost.exe[716] ntdll.dll!NtProtectVirtualMemory                                         77824BA4 5 Bytes  JMP 002A000A 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!GetStartupInfoW                                             778F1929 5 Bytes  JMP 00760F5B 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!GetStartupInfoA                                             778F19C9 5 Bytes  JMP 007600AB 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateProcessW                                              778F1BF3 5 Bytes  JMP 007600D7 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateProcessA                                              778F1C28 5 Bytes  JMP 007600C6 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!VirtualProtect                                              778F1DC3 5 Bytes  JMP 0076007F 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateNamedPipeA                                            778F2EF5 5 Bytes  JMP 00760011 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateNamedPipeW                                            778F5C0C 5 Bytes  JMP 00760022 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!CreatePipe                                                  77918F06 5 Bytes  JMP 00760F80 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryExW                                              7791927C 5 Bytes  JMP 00760062 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryW                                                77919400 5 Bytes  JMP 00760FB6 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryExA                                              77919554 5 Bytes  JMP 00760FA5 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!LoadLibraryA                                                7791957C 5 Bytes  JMP 0076003D 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!VirtualProtectEx                                            7791DC52 5 Bytes  JMP 00760090 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!GetProcAddress                                              7793925B 5 Bytes  JMP 00760F25 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateFileW                                                 7793B0EB 5 Bytes  JMP 00760000 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!CreateFileA                                                 7793D07F 5 Bytes  JMP 00760FE5 
.text           C:\Windows\system32\svchost.exe[716] kernel32.dll!WinExec                                                     779860CF 5 Bytes  JMP 00760F4A 
.text           C:\Windows\system32\svchost.exe[716] msvcrt.dll!_wsystem                                                      77497F3F 5 Bytes  JMP 00750F92 
.text           C:\Windows\system32\svchost.exe[716] msvcrt.dll!system                                                        7749805B 5 Bytes  JMP 00750FA3 
.text           C:\Windows\system32\svchost.exe[716] msvcrt.dll!_creat                                                        7749BBF1 5 Bytes  JMP 0075001D 
.text           C:\Windows\system32\svchost.exe[716] msvcrt.dll!_open                                                         7749D116 5 Bytes  JMP 00750000 
.text           C:\Windows\system32\svchost.exe[716] msvcrt.dll!_wcreat                                                       7749D336 5 Bytes  JMP 00750FBE 
.text           C:\Windows\system32\svchost.exe[716] msvcrt.dll!_wopen                                                        7749D511 5 Bytes  JMP 00750FE3 
.text           C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyExA                                             76D439AB 5 Bytes  JMP 0074002F 
.text           C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyA                                               76D43BA9 5 Bytes  JMP 00740FA8 
.text           C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyA                                                 76D489C7 5 Bytes  JMP 00740000 
.text           C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyW                                               76D5391E 5 Bytes  JMP 00740F8D 
.text           C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegCreateKeyExW                                             76D541F1 5 Bytes  JMP 00740F72 
.text           C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyExA                                               76D57C42 5 Bytes  JMP 00740FD4 
.text           C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyW                                                 76D5E2B5 5 Bytes  JMP 00740FEF 
.text           C:\Windows\system32\svchost.exe[716] ADVAPI32.dll!RegOpenKeyExW                                               76D67BA1 5 Bytes  JMP 00740FC3 
.text           C:\Windows\system32\svchost.exe[716] WS2_32.dll!socket                                                        75F236D1 5 Bytes  JMP 00730000 
.text           C:\Windows\System32\svchost.exe[852] ntdll.dll!NtCreateFile                                                   77824244 5 Bytes  JMP 00CF0000 
.text           C:\Windows\System32\svchost.exe[852] ntdll.dll!NtCreateProcess                                                77824304 5 Bytes  JMP 00CF0FCA 
.text           C:\Windows\System32\svchost.exe[852] ntdll.dll!NtProtectVirtualMemory                                         77824BA4 5 Bytes  JMP 00CF0FE5 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!GetStartupInfoW                                             778F1929 5 Bytes  JMP 00DF0F35 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!GetStartupInfoA                                             778F19C9 5 Bytes  JMP 00DF0F46 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateProcessW                                              778F1BF3 5 Bytes  JMP 00DF0F02 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateProcessA                                              778F1C28 5 Bytes  JMP 00DF0F13 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!VirtualProtect                                              778F1DC3 5 Bytes  JMP 00DF0F83 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateNamedPipeA                                            778F2EF5 5 Bytes  JMP 00DF0014 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateNamedPipeW                                            778F5C0C 5 Bytes  JMP 00DF0FC3 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!CreatePipe                                                  77918F06 5 Bytes  JMP 00DF0F57 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!LoadLibraryExW                                              7791927C 5 Bytes  JMP 00DF0F9E 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!LoadLibraryW                                                77919400 5 Bytes  JMP 00DF004A 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!LoadLibraryExA                                              77919554 5 Bytes  JMP 00DF005B 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!LoadLibraryA                                                7791957C 5 Bytes  JMP 00DF002F 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!VirtualProtectEx                                            7791DC52 5 Bytes  JMP 00DF0F68 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!GetProcAddress                                              7793925B 5 Bytes  JMP 00DF00AA 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateFileW                                                 7793B0EB 5 Bytes  JMP 00DF0FDE 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!CreateFileA                                                 7793D07F 5 Bytes  JMP 00DF0FEF 
.text           C:\Windows\System32\svchost.exe[852] kernel32.dll!WinExec                                                     779860CF 5 Bytes  JMP 00DF0F24 
.text           C:\Windows\System32\svchost.exe[852] msvcrt.dll!_wsystem                                                      77497F3F 5 Bytes  JMP 00DA001B 
.text           C:\Windows\System32\svchost.exe[852] msvcrt.dll!system                                                        7749805B 5 Bytes  JMP 00DA0F9A 
.text           C:\Windows\System32\svchost.exe[852] msvcrt.dll!_creat                                                        7749BBF1 5 Bytes  JMP 00DA0000 
.text           C:\Windows\System32\svchost.exe[852] msvcrt.dll!_open                                                         7749D116 5 Bytes  JMP 00DA0FE3 
.text           C:\Windows\System32\svchost.exe[852] msvcrt.dll!_wcreat                                                       7749D336 5 Bytes  JMP 00DA0FAB 
.text           C:\Windows\System32\svchost.exe[852] msvcrt.dll!_wopen                                                        7749D511 5 Bytes  JMP 00DA0FC6 
.text           C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA                                             76D439AB 5 Bytes  JMP 00D90F9E 
.text           C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA                                               76D43BA9 5 Bytes  JMP 00D9002F 
.text           C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA                                                 76D489C7 5 Bytes  JMP 00D90000 
.text           C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW                                               76D5391E 5 Bytes  JMP 00D90040 
.text           C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW                                             76D541F1 5 Bytes  JMP 00D90F8D 
.text           C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA                                               76D57C42 5 Bytes  JMP 00D90FD4 
.text           C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW                                                 76D5E2B5 5 Bytes  JMP 00D90FEF 
.text           C:\Windows\System32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW                                               76D67BA1 5 Bytes  JMP 00D90FC3 
.text           C:\Windows\system32\services.exe[860] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00670FEF 
.text           C:\Windows\system32\services.exe[860] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00670014 
.text           C:\Windows\system32\services.exe[860] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00670FDE 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 009D0F3A 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 009D0F4B 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 009D0F0B 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 009D00AC 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 009D005B 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 009D0FC3 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 009D0FA8 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 009D0F66 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 009D004A 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 009D001E 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 009D0039 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 009D0F97 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 009D0076 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 009D0EF0 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 009D0FD4 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 009D0FEF 
.text           C:\Windows\system32\services.exe[860] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 009D009B 
.text           C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00690025 
.text           C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 0069000A 
.text           C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00690FEF 
.text           C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00690F83 
.text           C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00690040 
.text           C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00690FC3 
.text           C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00690FD4 
.text           C:\Windows\system32\services.exe[860] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00690F9E 
.text           C:\Windows\system32\services.exe[860] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 009C0047 
.text           C:\Windows\system32\services.exe[860] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 009C002C 
.text           C:\Windows\system32\services.exe[860] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 009C0011 
.text           C:\Windows\system32\services.exe[860] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 009C0000 
.text           C:\Windows\system32\services.exe[860] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 009C0FBC 
.text           C:\Windows\system32\services.exe[860] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 009C0FE3 
.text           C:\Windows\system32\services.exe[860] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00680000 
?               C:\Windows\system32\services.exe[860] C:\Windows\system32\smss.exe                                            image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
.text           C:\Windows\system32\lsass.exe[872] ntdll.dll!NtCreateFile                                                     77824244 5 Bytes  JMP 00220000 
.text           C:\Windows\system32\lsass.exe[872] ntdll.dll!NtCreateProcess                                                  77824304 5 Bytes  JMP 0022002C 
.text           C:\Windows\system32\lsass.exe[872] ntdll.dll!NtProtectVirtualMemory                                           77824BA4 5 Bytes  JMP 0022001B 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!GetStartupInfoW                                               778F1929 5 Bytes  JMP 009900AB 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!GetStartupInfoA                                               778F19C9 5 Bytes  JMP 00990F65 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateProcessW                                                778F1BF3 5 Bytes  JMP 009900EB 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateProcessA                                                778F1C28 5 Bytes  JMP 00990F4A 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!VirtualProtect                                                778F1DC3 5 Bytes  JMP 0099007F 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateNamedPipeA                                              778F2EF5 5 Bytes  JMP 0099001B 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateNamedPipeW                                              778F5C0C 5 Bytes  JMP 0099002C 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!CreatePipe                                                    77918F06 5 Bytes  JMP 0099009A 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!LoadLibraryExW                                                7791927C 5 Bytes  JMP 00990F9B 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!LoadLibraryW                                                  77919400 5 Bytes  JMP 00990058 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!LoadLibraryExA                                                77919554 5 Bytes  JMP 00990FB6 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!LoadLibraryA                                                  7791957C 5 Bytes  JMP 0099003D 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!VirtualProtectEx                                              7791DC52 5 Bytes  JMP 00990F8A 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!GetProcAddress                                                7793925B 5 Bytes  JMP 009900FC 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateFileW                                                   7793B0EB 5 Bytes  JMP 00990FE5 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!CreateFileA                                                   7793D07F 5 Bytes  JMP 00990000 
.text           C:\Windows\system32\lsass.exe[872] kernel32.dll!WinExec                                                       779860CF 5 Bytes  JMP 009900D0 
.text           C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegCreateKeyExA                                               76D439AB 5 Bytes  JMP 003F0FB9 
.text           C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegCreateKeyA                                                 76D43BA9 5 Bytes  JMP 003F0FE5 
.text           C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegOpenKeyA                                                   76D489C7 5 Bytes  JMP 003F000A 
.text           C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegCreateKeyW                                                 76D5391E 5 Bytes  JMP 003F0FD4 
.text           C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegCreateKeyExW                                               76D541F1 5 Bytes  JMP 003F0076 
.text           C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegOpenKeyExA                                                 76D57C42 5 Bytes  JMP 003F0036 
.text           C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegOpenKeyW                                                   76D5E2B5 5 Bytes  JMP 003F001B 
.text           C:\Windows\system32\lsass.exe[872] ADVAPI32.dll!RegOpenKeyExW                                                 76D67BA1 5 Bytes  JMP 003F0051 
.text           C:\Windows\system32\lsass.exe[872] msvcrt.dll!_wsystem                                                        77497F3F 5 Bytes  JMP 00400070 
.text           C:\Windows\system32\lsass.exe[872] msvcrt.dll!system                                                          7749805B 1 Byte  [E9]
.text           C:\Windows\system32\lsass.exe[872] msvcrt.dll!system                                                          7749805B 5 Bytes  JMP 0040005F 
.text           C:\Windows\system32\lsass.exe[872] msvcrt.dll!_creat                                                          7749BBF1 5 Bytes  JMP 00400029 
.text           C:\Windows\system32\lsass.exe[872] msvcrt.dll!_open                                                           7749D116 5 Bytes  JMP 00400FEF 
.text           C:\Windows\system32\lsass.exe[872] msvcrt.dll!_wcreat                                                         7749D336 5 Bytes  JMP 00400044 
.text           C:\Windows\system32\lsass.exe[872] msvcrt.dll!_wopen                                                          7749D511 5 Bytes  JMP 00400018 
.text           C:\Windows\system32\lsass.exe[872] WS2_32.dll!socket                                                          75F236D1 5 Bytes  JMP 003E0000 
.text           C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00700000 
.text           C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00700FDB 
.text           C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00700011 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00780F30 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00780F4B 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 007800A2 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 00780091 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00780051 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00780FD4 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 00780FB9 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 00780F66 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00780F77 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 00780036 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 00780F94 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00780025 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 0078006C 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 00780EE6 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00780000 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00780FEF 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00780F15 
.text           C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 00770042 
.text           C:\Windows\system32\svchost.exe[1064] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00770FB7 
.text           C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 00770027 
.text           C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 0077000C 
.text           C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00770FC8 
.text           C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 00770FEF 
.text           C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00720051 
.text           C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00720036 
.text           C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00720000 
.text           C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00720FA5 
.text           C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00720F94 
.text           C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00720FE5 
.text           C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 0072001B 
.text           C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00720FCA 
.text           C:\Windows\system32\svchost.exe[1064] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00710000 
.text           C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00610FEF 
.text           C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00610FC3 
.text           C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00610FDE 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 006500B5 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 0065009A 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 006500F5 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 00650F54 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 0065006E 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00650000 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 00650FAF 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 00650089 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00650053 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 0065001B 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 00650036 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00650F94 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 00650F6F 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 00650F43 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00650FCA 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00650FEF 
.text           C:\Windows\system32\svchost.exe[1124] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 006500DA 
.text           C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 00640F9E 
.text           C:\Windows\system32\svchost.exe[1124] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00640FAF 
.text           C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 00640018 
.text           C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00640FEF 
.text           C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00640029 
.text           C:\Windows\system32\svchost.exe[1124] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 00640FDE 
.text           C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00630051 
.text           C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00630FB9 
.text           C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00630000 
.text           C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00630040 
.text           C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00630062 
.text           C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00630FE5 
.text           C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 0063001B 
.text           C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00630FCA 
.text           C:\Windows\system32\svchost.exe[1124] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00620FEF 
.text           C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00190FEF 
.text           C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00190FCD 
.text           C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00190FDE 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00F20F52 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00F20F6D 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 00F200CE 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 00F20F41 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00F20076 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00F2002F 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 00F20FDE 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 00F20098 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00F20FA8 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 00F20FB9 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 00F20065 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00F20040 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 00F20087 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 00F200DF 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileW                                                7793B0EB 1 Byte  [E9]
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00F20FEF 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00F2000A 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00F200BD 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 00ED0FB7 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00ED0042 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 00ED000C 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00ED0FEF 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00ED0031 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 00ED0FDE 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00630FA1 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00630FB2 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00630FEF 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00630043 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00630F86 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00630FC3 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00630FDE 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 0063001E 
.text           C:\Windows\System32\svchost.exe[1232] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00170000 
.text           C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00360000 
.text           C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 0036001B 
.text           C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00360FE5 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 010200CB 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 010200BA 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 010200F0 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 01020F4F 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 0102008E 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 0102002C 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 01020FE5 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 010200A9 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 01020FC0 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 0102006C 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 0102007D 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 0102005B 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 01020F8F 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 01020F3E 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 0102001B 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 01020000 
.text           C:\Windows\System32\svchost.exe[1284] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 01020F6A 
.text           C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 00F90044 
.text           C:\Windows\System32\svchost.exe[1284] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00F90033 
.text           C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 00F90022 
.text           C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00F90000 
.text           C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00F90FCD 
.text           C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 00F90011 
.text           C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00F80087 
.text           C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00F8005B 
.text           C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00F80000 
.text           C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00F8006C 
.text           C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00F80FD4 
.text           C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00F80040 
.text           C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00F80025 
.text           C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00F80FEF 
.text           C:\Windows\System32\svchost.exe[1284] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00F60FEF 
.text           C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 008A0FEF 
.text           C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 008A0FDE 
.text           C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 008A0014 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00930F3A 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00930080 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 00930F0B 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 009300A2 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00930F70 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 0093000A 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 00930FB9 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 0093006F 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 0093004A 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 00930025 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 00930F8D 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00930F9E 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 00930F55 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 009300B3 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00930FCA 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00930FEF 
.text           C:\Windows\system32\svchost.exe[1328] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00930091 
.text           C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 00920064 
.text           C:\Windows\system32\svchost.exe[1328] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00920FD9 
.text           C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 0092002E 
.text           C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00920000 
.text           C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 0092003F 
.text           C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 0092001D 
.text           C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 008D0FAC 
.text           C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 008D0047 
.text           C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 008D0FEF 
.text           C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 008D0058 
.text           C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 008D0F91 
.text           C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 008D001B 
.text           C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 008D0000 
.text           C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 008D002C 
.text           C:\Windows\system32\svchost.exe[1328] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 008C000A 
.text           C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00150000 
.text           C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00150022 
.text           C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00150011 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 008200B5 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00820090 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 00820F2F 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 008200C6 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00820064 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00820FCA 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 0082001B 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 00820F6F 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00820047 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 00820036 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 00820F8A 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00820FAF 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 0082007F 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 008200E1 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00820FE5 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 0082000A 
.text           C:\Windows\system32\svchost.exe[1436] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00820F4A 
.text           C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 00810F5A 
.text           C:\Windows\system32\svchost.exe[1436] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00810F7F 
.text           C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 00810FAB 
.text           C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00810FEF 
.text           C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00810F9A 
.text           C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 00810FD2 
.text           C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 0023004E 
.text           C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 0023002C 
.text           C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00230000 
.text           C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 0023003D 
.text           C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 0023005F 
.text           C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00230FDB 
.text           C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00230011 
.text           C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00230FCA 
.text           C:\Windows\system32\svchost.exe[1436] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00160FEF 
.text           C:\Windows\system32\svchost.exe[1524] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00960FE5 
.text           C:\Windows\system32\svchost.exe[1524] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00960FCA 
.text           C:\Windows\system32\svchost.exe[1524] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00960000 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00D300A2 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00D30F52 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 00D30F0B 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 00D30F26 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00D30F6D 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00D30FCA 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 00D3001B 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 00D30087 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00D30051 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 00D30FA5 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 00D30F94 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00D3002C 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 00D3006C 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 00D300BD 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00D30FE5 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00D30000 
.text           C:\Windows\system32\svchost.exe[1524] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00D30F41 
.text           C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 00D20FC3 
.text           C:\Windows\system32\svchost.exe[1524] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00D20044 
.text           C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 00D20FD4 
.text           C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00D2000C 
.text           C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00D20029 
.text           C:\Windows\system32\svchost.exe[1524] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 00D20FEF 
.text           C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00D10F94 
.text           C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00D10036 
.text           C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00D10FEF 
.text           C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00D10FAF 
.text           C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00D10051 
.text           C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00D10014 
.text           C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00D10FD4 
.text           C:\Windows\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00D10025 
.text           C:\Windows\system32\svchost.exe[1524] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00D00FE5 
.text           C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00330FEF 
.text           C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 0033000A 
.text           C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00330FDE 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 008C0F3E 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 008C008E 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 008C00C1 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 008C00B0 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 008C0F77 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 008C001B 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 008C002C 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 008C0073 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 008C0F94 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 008C0FAF 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 008C0051 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 008C0FCA 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 008C0062 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 008C00D2 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 008C0FE5 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 008C0000 
.text           C:\Windows\system32\svchost.exe[1712] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 008C009F 
.text           C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 008B0058 
.text           C:\Windows\system32\svchost.exe[1712] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 008B0033 
.text           C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 008B0FD4 
.text           C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 008B0FEF 
.text           C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 008B0FC3 
.text           C:\Windows\system32\svchost.exe[1712] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 008B000C 
.text           C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00890040 
.text           C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00890FA8 
.text           C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00890FEF 
.text           C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 0089002F 
.text           C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 0089005B 
.text           C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00890FCA 
.text           C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 0089000A 
.text           C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00890FB9 
.text           C:\Windows\system32\svchost.exe[1712] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00880000 
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2176] kernel32.dll!LoadLibraryW                   77919400 5 Bytes  JMP 70DD9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2176] kernel32.dll!LoadLibraryA                   7791957C 5 Bytes  JMP 70DD99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ntdll.dll!NtCreateFile            77824244 5 Bytes  JMP 4BA30000 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ntdll.dll!NtCreateProcess         77824304 5 Bytes  JMP 4BA30FD4 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ntdll.dll!NtProtectVirtualMemory  77824BA4 5 Bytes  JMP 4BA30FE5 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!GetStartupInfoW      778F1929 5 Bytes  JMP 4BB40EEE 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!GetStartupInfoA      778F19C9 5 Bytes  JMP 4BB40EFF 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateProcessW       778F1BF3 5 Bytes  JMP 4BB40059 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateProcessA       778F1C28 5 Bytes  JMP 4BB40EC2 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!VirtualProtect       778F1DC3 5 Bytes  JMP 4BB40F46 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateNamedPipeA     778F2EF5 5 Bytes  JMP 4BB40FCA 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateNamedPipeW     778F5C0C 5 Bytes  JMP 4BB40FB9 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreatePipe           77918F06 5 Bytes  JMP 4BB40F1A 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!LoadLibraryExW       7791927C 5 Bytes  JMP 4BB40F57 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!LoadLibraryW         77919400 5 Bytes  JMP 4BB40F8D 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!LoadLibraryExA       77919554 5 Bytes  JMP 4BB40F68 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!LoadLibraryA         7791957C 5 Bytes  JMP 4BB40FA8 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!VirtualProtectEx     7791DC52 5 Bytes  JMP 4BB40F35 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!GetProcAddress       7793925B 5 Bytes  JMP 4BB4006A 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateFileW          7793B0EB 5 Bytes  JMP 4BB40FE5 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!CreateFileA          7793D07F 5 Bytes  JMP 4BB40000 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!WinExec              779860CF 1 Byte  [E9]
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] kernel32.dll!WinExec              779860CF 5 Bytes  JMP 4BB40ED3 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_wsystem               77497F3F 5 Bytes  JMP 4BB3006E 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!system                 7749805B 5 Bytes  JMP 4BB30053 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_creat                 7749BBF1 5 Bytes  JMP 4BB30038 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_open                  7749D116 5 Bytes  JMP 4BB3000C 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_wcreat                7749D336 5 Bytes  JMP 4BB30FE3 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] msvcrt.dll!_wopen                 7749D511 5 Bytes  JMP 4BB3001D 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegCreateKeyExA      76D439AB 5 Bytes  JMP 4BB20058 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegCreateKeyA        76D43BA9 5 Bytes  JMP 4BB2003D 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegOpenKeyA          76D489C7 5 Bytes  JMP 4BB20000 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegCreateKeyW        76D5391E 5 Bytes  JMP 4BB20FB6 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegCreateKeyExW      76D541F1 5 Bytes  JMP 4BB20069 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegOpenKeyExA        76D57C42 5 Bytes  JMP 4BB20FDB 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegOpenKeyW          76D5E2B5 5 Bytes  JMP 4BB20011 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] ADVAPI32.dll!RegOpenKeyExW        76D67BA1 5 Bytes  JMP 4BB20022 
.text           c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2236] WS2_32.dll!socket                 75F236D1 5 Bytes  JMP 4BAD0FEF 
.text           C:\Windows\system32\svchost.exe[2436] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00C5000A 
.text           C:\Windows\system32\svchost.exe[2436] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00C50025 
.text           C:\Windows\system32\svchost.exe[2436] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00C50FEF 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00F50F79 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00F500BF 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 00F500F5 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 00F50F5E 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00F500A4 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00F50FE5 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 00F50FD4 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 00F50F94 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00F50087 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 00F5005B 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 00F50076 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00F50040 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 00F50FAF 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 00F50F43 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00F5001B 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00F50000 
.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00F500DA 
.text           C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 00F40F9C 
.text           C:\Windows\system32\svchost.exe[2436] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00F40FB7 
.text           C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 00F4000C 
.text           C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00F40FEF 
.text           C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00F40027 
.text           C:\Windows\system32\svchost.exe[2436] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 00F40FD2 
.text           C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00E00047 
.text           C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00E00FB9 
.text           C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00E00000 
.text           C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00E00036 
.text           C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00E00062 
.text           C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00E00FDB 
.text           C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00E00011 
.text           C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00E00FCA 
.text           C:\Windows\system32\svchost.exe[2436] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00CE000A 
.text           C:\Windows\system32\wuauclt.exe[3248] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00040FEF 
.text           C:\Windows\system32\wuauclt.exe[3248] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00040FDE 
.text           C:\Windows\system32\wuauclt.exe[3248] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00040014 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00010F30 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00010F41 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 00010F01 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 00010098 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00010058 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00010FCA 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 0001001B 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 00010F52 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00010F8A 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 0001002C 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 0001003D 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00010FA5 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 00010F63 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 000100B3 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00010000 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00010FEF 
.text           C:\Windows\system32\wuauclt.exe[3248] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00010087 
.text           C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 000B0055 
.text           C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 000B0FD4 
.text           C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 000B003A 
.text           C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 000B000C 
.text           C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 000B0FE5 
.text           C:\Windows\system32\wuauclt.exe[3248] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 000B001D 
.text           C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 000D0FD1 
.text           C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 000D0058 
.text           C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 000D0000 
.text           C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 000D0069 
.text           C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 000D0FB6 
.text           C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 000D002C 
.text           C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 000D0011 
.text           C:\Windows\system32\wuauclt.exe[3248] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 000D0047 
.text           C:\Windows\Explorer.EXE[3596] ntdll.dll!NtCreateFile                                                          77824244 5 Bytes  JMP 0004000A 
.text           C:\Windows\Explorer.EXE[3596] ntdll.dll!NtCreateProcess                                                       77824304 5 Bytes  JMP 00040FD4 
.text           C:\Windows\Explorer.EXE[3596] ntdll.dll!NtProtectVirtualMemory                                                77824BA4 5 Bytes  JMP 00040FE5 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!GetStartupInfoW                                                    778F1929 5 Bytes  JMP 00010093 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!GetStartupInfoA                                                    778F19C9 5 Bytes  JMP 00010F43 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateProcessW                                                     778F1BF3 5 Bytes  JMP 000100D0 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateProcessA                                                     778F1C28 5 Bytes  JMP 000100BF 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!VirtualProtect                                                     778F1DC3 5 Bytes  JMP 00010053 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateNamedPipeA                                                   778F2EF5 5 Bytes  JMP 00010FC3 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateNamedPipeW                                                   778F5C0C 5 Bytes  JMP 00010FA8 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!CreatePipe                                                         77918F06 5 Bytes  JMP 00010F54 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!LoadLibraryExW                                                     7791927C 5 Bytes  JMP 0001002C 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!LoadLibraryW                                                       77919400 5 Bytes  JMP 00010F83 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!LoadLibraryExA                                                     77919554 5 Bytes  JMP 0001001B 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!LoadLibraryA                                                       7791957C 5 Bytes  JMP 0001000A 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!VirtualProtectEx                                                   7791DC52 5 Bytes  JMP 00010064 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!GetProcAddress                                                     7793925B 5 Bytes  JMP 00010F1E 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateFileW                                                        7793B0EB 5 Bytes  JMP 00010FD4 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!CreateFileA                                                        7793D07F 5 Bytes  JMP 00010FE5 
.text           C:\Windows\Explorer.EXE[3596] kernel32.dll!WinExec                                                            779860CF 5 Bytes  JMP 000100A4 
.text           C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegCreateKeyExA                                                    76D439AB 5 Bytes  JMP 00060051 
.text           C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegCreateKeyA                                                      76D43BA9 5 Bytes  JMP 0006002F 
.text           C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegOpenKeyA                                                        76D489C7 5 Bytes  JMP 00060FEF 
.text           C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegCreateKeyW                                                      76D5391E 5 Bytes  JMP 00060040 
.text           C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegCreateKeyExW                                                    76D541F1 5 Bytes  JMP 0006006C 
.text           C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegOpenKeyExA                                                      76D57C42 5 Bytes  JMP 0006000A 
.text           C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegOpenKeyW                                                        76D5E2B5 5 Bytes  JMP 00060FDE 
.text           C:\Windows\Explorer.EXE[3596] ADVAPI32.dll!RegOpenKeyExW                                                      76D67BA1 5 Bytes  JMP 00060FC3 
.text           C:\Windows\Explorer.EXE[3596] msvcrt.dll!_wsystem                                                             77497F3F 5 Bytes  JMP 00070FCD 
.text           C:\Windows\Explorer.EXE[3596] msvcrt.dll!system                                                               7749805B 5 Bytes  JMP 00070FDE 
.text           C:\Windows\Explorer.EXE[3596] msvcrt.dll!_creat                                                               7749BBF1 5 Bytes  JMP 00070033 
.text           C:\Windows\Explorer.EXE[3596] msvcrt.dll!_open                                                                7749D116 5 Bytes  JMP 00070000 
.text           C:\Windows\Explorer.EXE[3596] msvcrt.dll!_wcreat                                                              7749D336 5 Bytes  JMP 0007004E 
.text           C:\Windows\Explorer.EXE[3596] msvcrt.dll!_wopen                                                               7749D511 5 Bytes  JMP 00070FEF 
.text           C:\Windows\Explorer.EXE[3596] WININET.dll!InternetOpenA                                                       7713D6A8 5 Bytes  JMP 003D000A 
.text           C:\Windows\Explorer.EXE[3596] WININET.dll!InternetOpenW                                                       7713DB21 5 Bytes  JMP 003D0FEF 
.text           C:\Windows\Explorer.EXE[3596] WININET.dll!InternetOpenUrlA                                                    7713F3BC 5 Bytes  JMP 003D0FD4 
.text           C:\Windows\Explorer.EXE[3596] WININET.dll!InternetOpenUrlW                                                    77186DFF 5 Bytes  JMP 003D0FC3 
.text           C:\Windows\Explorer.EXE[3596] WS2_32.dll!socket                                                               75F236D1 5 Bytes  JMP 018A0FE5 
.text           C:\Windows\system32\svchost.exe[4312] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00040FEF 
.text           C:\Windows\system32\svchost.exe[4312] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00040FDE 
.text           C:\Windows\system32\svchost.exe[4312] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 0004000A 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00010F57 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 0001009D 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 00010F06 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 00010F17 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00010F83 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00010025 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 00010040 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 0001008C 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00010F94 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 00010051 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 00010FA5 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00010FD4 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 00010F72 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 00010EE1 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateFileW                                                7793B0EB 1 Byte  [E9]
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00010FEF 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 0001000A 
.text           C:\Windows\system32\svchost.exe[4312] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00010F3C 
.text           C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 00060FC3 
.text           C:\Windows\system32\svchost.exe[4312] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00060044 
.text           C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 00060033 
.text           C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00060000 
.text           C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 00060FD4 
.text           C:\Windows\system32\svchost.exe[4312] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 00060FEF 
.text           C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00070F72 
.text           C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 0007000A 
.text           C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00070FE5 
.text           C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00070F8D 
.text           C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00070F57 
.text           C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00070FB9 
.text           C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00070FD4 
.text           C:\Windows\system32\svchost.exe[4312] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00070F9E 
.text           C:\Windows\system32\svchost.exe[4312] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00080000 
.text           C:\Windows\System32\svchost.exe[5224] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00040FE5 
.text           C:\Windows\System32\svchost.exe[5224] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00040FB9 
.text           C:\Windows\System32\svchost.exe[5224] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 00040FCA 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 000100D0 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 000100B5 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 00010F5E 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 000100F5 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00010078 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00010025 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 00010036 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 000100A4 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00010F9E 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 00010FB9 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 0001005B 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00010FD4 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 00010093 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 00010106 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 00010014 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00010FEF 
.text           C:\Windows\System32\svchost.exe[5224] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00010F6F 
.text           C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 000A0FD2 
.text           C:\Windows\System32\svchost.exe[5224] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 000A0FE3 
.text           C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 000A0038 
.text           C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 000A0000 
.text           C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 000A0049 
.text           C:\Windows\System32\svchost.exe[5224] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 000A001D 
.text           C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 000B0036 
.text           C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 000B0025 
.text           C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 000B0FE5 
.text           C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 000B0F94 
.text           C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 000B0051 
.text           C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 000B0FB9 
.text           C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 000B0FD4 
.text           C:\Windows\System32\svchost.exe[5224] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 000B0014 
.text           C:\Windows\system32\svchost.exe[5412] ntdll.dll!NtCreateFile                                                  77824244 5 Bytes  JMP 00040FEF 
.text           C:\Windows\system32\svchost.exe[5412] ntdll.dll!NtCreateProcess                                               77824304 5 Bytes  JMP 00040FD4 
.text           C:\Windows\system32\svchost.exe[5412] ntdll.dll!NtProtectVirtualMemory                                        77824BA4 5 Bytes  JMP 0004000A 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!GetStartupInfoW                                            778F1929 5 Bytes  JMP 00010F4D 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!GetStartupInfoA                                            778F19C9 5 Bytes  JMP 00010093 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateProcessW                                             778F1BF3 5 Bytes  JMP 000100C9 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateProcessA                                             778F1C28 5 Bytes  JMP 000100AE 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!VirtualProtect                                             778F1DC3 5 Bytes  JMP 00010071 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateNamedPipeA                                           778F2EF5 5 Bytes  JMP 00010FEF 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateNamedPipeW                                           778F5C0C 5 Bytes  JMP 00010040 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreatePipe                                                 77918F06 5 Bytes  JMP 00010082 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!LoadLibraryExW                                             7791927C 5 Bytes  JMP 00010F8D 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!LoadLibraryW                                               77919400 5 Bytes  JMP 00010FB9 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!LoadLibraryExA                                             77919554 5 Bytes  JMP 00010F9E 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!LoadLibraryA                                               7791957C 5 Bytes  JMP 00010FD4 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!VirtualProtectEx                                           7791DC52 5 Bytes  JMP 00010F7C 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!GetProcAddress                                             7793925B 5 Bytes  JMP 00010F0D 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateFileW                                                7793B0EB 5 Bytes  JMP 0001001B 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!CreateFileA                                                7793D07F 5 Bytes  JMP 00010000 
.text           C:\Windows\system32\svchost.exe[5412] kernel32.dll!WinExec                                                    779860CF 5 Bytes  JMP 00010F28 
.text           C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_wsystem                                                     77497F3F 5 Bytes  JMP 0006001D 
.text           C:\Windows\system32\svchost.exe[5412] msvcrt.dll!system                                                       7749805B 5 Bytes  JMP 00060F92 
.text           C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_creat                                                       7749BBF1 5 Bytes  JMP 00060FB7 
.text           C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_open                                                        7749D116 5 Bytes  JMP 00060FEF 
.text           C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_wcreat                                                      7749D336 5 Bytes  JMP 0006000C 
.text           C:\Windows\system32\svchost.exe[5412] msvcrt.dll!_wopen                                                       7749D511 5 Bytes  JMP 00060FD2 
.text           C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegCreateKeyExA                                            76D439AB 5 Bytes  JMP 00070043 
.text           C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegCreateKeyA                                              76D43BA9 5 Bytes  JMP 00070FB2 
.text           C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegOpenKeyA                                                76D489C7 5 Bytes  JMP 00070FEF 
.text           C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegCreateKeyW                                              76D5391E 5 Bytes  JMP 00070FA1 
.text           C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegCreateKeyExW                                            76D541F1 5 Bytes  JMP 00070054 
.text           C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegOpenKeyExA                                              76D57C42 5 Bytes  JMP 00070014 
.text           C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegOpenKeyW                                                76D5E2B5 5 Bytes  JMP 00070FD4 
.text           C:\Windows\system32\svchost.exe[5412] ADVAPI32.dll!RegOpenKeyExW                                              76D67BA1 5 Bytes  JMP 00070FC3 
.text           C:\Windows\system32\svchost.exe[5412] WS2_32.dll!socket                                                       75F236D1 5 Bytes  JMP 00080FE5 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                       Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                       Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                       mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                       kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                       mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                       kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                     kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
---- Processes - GMER 1.0.15 ----

Library         c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [3596]                                      0x45670000                                                                                                                          

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027241b5f7                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                           0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                        0x4A 0x3E 0x03 0xA6 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027241b5f7 (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)          
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                               0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                            0x4A 0x3E 0x03 0xA6 ...

---- EOF - GMER 1.0.15 ----

Wie schon geschrieben bin Ich noch nicht sehr vertraut mit diesen Dingen.
Ich habe diesen Laptop gebraucht von meinem Kollegen gekauft und versuche jetzt seit Weihnachten damit klar zu kommen.
Deshalb entschuldigt bitte falls Ich etwas falsch mache.

Die Programme sind teilweise schon alle drauf gewesen und löschen trau Ich mich mit meinem beschränkten Kenntnissen noch nicht.

cosinus · 28.06.2012, 13:25

Ja das hilft

Das ist ein z.Zt. verbreiteter Schädling

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Patient X · 29.06.2012, 09:35

Hallo Arne!

Ich habe leider Spätschicht diese Woche, weshalb sich meine Antworten etwas verzögern.

Ich habe heute Nacht Malwarebytes nach deinen Anweisungen laufen lassen.

Hier der Log davon:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.28.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
DD :: ODIN [Administrator]

Schutz: Aktiviert

28.06.2012 23:17:41
mbam-log-2012-06-28 (23-17-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 540062
Laufzeit: 3 Stunde(n), 9 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\DD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR9MTY30\Testbundle23w_1254[1].exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\n (Trojan.Dropper.PE4) -> Löschen bei Neustart.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\n (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Den Eset-Scanner lasse Ich über den heutigen Tag laufen und schreibe das Log dann heute Abend.

Eine für mich wichtige Frage:
Kann Ich jetzt zur Sicherheit eine externe Festplatte anschließen und wichtige Daten darauf kopieren ohne das diese infiziert wird?
Nicht das die Trojaner sich auch da einnisten und später kommen die wieder auf den Laptop.

cosinus · 29.06.2012, 12:06

Wenn du wirklich sicher ein Backup machen willst, dann über eine Live-Umgebung, siehe Link mit Xubuntu in meiner Signatur

Patient X · 29.06.2012, 22:32

Danke für den Tipp!

Hier der Log von Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2e4c0f8a20f3b74c9d797fc6b2ff3b2c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-29 01:44:16
# local_time=2012-06-29 03:44:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 656814 656814 0 0
# compatibility_mode=5892 16776574 66 100 48285049 178492136 0 0
# compatibility_mode=8192 67108863 100 0 153 153 0 0
# scanned=419432
# found=4
# cleaned=0
# scan_time=18049
C:\Backup\Backup1\DD\Eigene Dateien\Tools\FLV konverter\Setup56_FreeFlvConverter.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Backup\DD\Eigene Dateien\Tools\FLV konverter\Setup56_FreeFlvConverter.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\25a31f7e-37bc5a14	a variant of Java/Exploit.CVE-2012-0507.CD trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\DD\Documents\Tools\FLV konverter\Setup56_FreeFlvConverter.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I

Bereit für neue Anweisungen!

cosinus · 01.07.2012, 14:50

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Patient X · 01.07.2012, 18:27

Seit den letzten 2 Anwendungen läuft alles ohne Probleme.
Kaspersky meldet "keine Bedrohungen"

Ordner sind alle da und gefüllt, soweit Ich das beurteilen kann.

cosinus · 02.07.2012, 10:34

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Patient X · 02.07.2012, 16:59

Hier das neue Log:

Code:

ATTFilter

OTL logfile created on: 02.07.2012 15:12:26 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\DD\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,65% Memory free
6,14 Gb Paging File | 5,14 Gb Available in Paging File | 83,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 38,77 Gb Free Space | 8,56% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 2,70 Gb Free Space | 71,52% Space Free | Partition Type: FAT32
 
Computer Name: ODIN | User Name: DD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\DD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Users\DD\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
PRC - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3331.38874__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3331.38853__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3331.38895__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3331.38815__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3331.38835__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3331.38819__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3331.38930__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3331.38883__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe (mst software GmbH, Germany)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (ePowerSvc) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{6CFA647A-7824-4CF5-999D-5D188E2D7961}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{EC2F0341-0A64-4045-B18C-93CD9FEFAC77}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.110409
FF - prefs.js..extensions.enabledItems: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:1.6
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.9
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82
FF - prefs.js..extensions.enabledItems: {265b0520-499e-11d9-9669-0800200c9a66}:2.0.6
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\DD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.02.23 19:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.06.21 14:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.22 07:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.22 07:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.22 07:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 01:23:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:44:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 01:23:29 | 000,000,000 | ---D | M]
 
[2010.05.16 22:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Extensions
[2010.05.16 22:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.01 23:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions
[2012.06.19 07:19:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.08.25 12:23:55 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.04.01 15:28:39 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2011.04.01 15:50:20 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2011.04.01 16:02:55 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2012.03.02 19:57:31 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2012.04.08 00:16:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.05.17 23:22:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.04.01 16:31:16 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011.03.24 16:01:35 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2012.03.30 06:51:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.13 10:26:02 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.07.01 23:36:19 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.05.20 11:27:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.29 17:23:01 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf}
[2010.11.26 15:10:48 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.25 09:28:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.05.17 23:22:35 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\ich@maltegoetz.de
[2011.04.19 21:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\nostmp
[2011.04.01 16:05:12 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\DD\AppData\Roaming\mozilla\Firefox\Profiles\n63aa2n9.default\extensions\tineye@ideeinc.com
[2012.06.29 10:24:53 | 000,000,853 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\11-suche.xml
[2010.07.03 10:39:55 | 000,009,837 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\ddl-search-v2.xml
[2012.06.29 10:24:53 | 000,002,209 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 10:24:53 | 000,010,506 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\gmx-suche.xml
[2011.03.02 09:48:59 | 000,002,342 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icq-search.xml
[2011.03.10 20:27:35 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-1.xml
[2011.03.24 13:44:18 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-2.xml
[2011.03.05 13:33:44 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin.xml
[2012.06.29 10:24:53 | 000,002,368 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\lastminute.xml
[2012.06.29 10:24:52 | 000,005,489 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\webde-suche.xml
[2012.06.09 03:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.21 14:43:35 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.02.23 19:51:54 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012.01.02 22:48:13 | 000,130,514 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{249DF6A2-E336-47D1-B6C3-EC711AD140CA}.XPI
[2012.01.22 00:05:06 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.06.01 19:03:09 | 000,395,898 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2012.05.19 00:56:15 | 005,438,448 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI
[2011.06.23 05:39:57 | 000,046,484 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\LANGPACK-DE@CHATZILLA.MOZILLA.ORG.XPI
[2012.06.29 10:24:14 | 000,575,217 | ---- | M] () (No name found) -- C:\USERS\DD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N63AA2N9.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2010.08.04 13:40:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.06.17 11:44:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.03.26 10:09:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.02 09:17:02 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\DD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: Adblock Plus (Beta) = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Ragdoll Avalanche 2 = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijphmcdlkiiagnjoheephkicadkcoan\1.0_0\
CHR - Extension: SiteAdvisor = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Webcam Toy = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: Zombie Drop = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmhllfgcoopjdmcmdeobhgimokcabmc\1.0_0\
CHR - Extension: Texas Holdem Poker = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojbaogcpfpkhbmjmefladpimcmfggkjl\1.0.0.2_0\
CHR - Extension: Love Calculator = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolmcecgdmgibngcbeedeljjadklplag\1.3_0\
CHR - Extension: Anti-Banner = C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2011.07.31 15:18:35 | 000,423,246 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14592 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120430014745.dll (McAfee, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.28\AMVConverter\grab.html ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C6E75D3-C364-4A41-A1F0-0591696E0B3C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\DD\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\DD\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: B2C_AGENT - hkey= - key= - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
MsConfig - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.02 15:08:25 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\DD\Desktop\OTL.exe
[2012.07.02 00:23:31 | 000,000,000 | ---D | C] -- C:\Users\DD\Desktop\PC  retten
[2012.07.01 21:32:25 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.28
[2012.07.01 21:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Utilities 4.28
[2012.06.29 10:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.28 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Roaming\Malwarebytes
[2012.06.28 23:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.28 23:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.28 23:15:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.28 23:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.27 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012.06.27 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2012.06.27 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2012.06.27 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2012.06.23 07:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012.06.23 07:13:54 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Roaming\QuickScan
[2012.06.22 17:00:13 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.21 20:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.06.21 20:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.06.21 20:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.06.21 20:14:40 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.06.21 14:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.21 07:15:39 | 000,000,000 | ---D | C] -- C:\Users\DD\AppData\Local\Macromedia
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 15:14:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.02 15:08:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\DD\Desktop\OTL.exe
[2012.07.02 15:01:38 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.02 15:01:24 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.07.02 15:01:23 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.02 15:00:55 | 000,004,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 15:00:55 | 000,004,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 15:00:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.02 10:40:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.02 10:30:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.07.02 05:46:26 | 000,691,636 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.02 05:46:26 | 000,656,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.02 05:46:26 | 000,152,156 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.02 05:46:26 | 000,128,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.02 05:44:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.07.02 01:07:12 | 000,137,216 | ---- | M] () -- C:\Users\DD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.01 19:44:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.07.01 19:30:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.06.30 11:52:56 | 000,000,868 | ---- | M] () -- C:\Users\DD\Desktop\DVD Profiler.lnk
[2012.06.23 14:31:05 | 000,000,020 | ---- | M] () -- C:\Users\DD\defogger_reenable
[2012.06.23 07:11:15 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.22 07:47:30 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.06.21 20:29:52 | 000,017,408 | ---- | M] () -- C:\Users\DD\AppData\Local\WebpageIcons.db
[2012.06.21 20:19:13 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.21 20:19:13 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012.06.21 20:14:40 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.06.19 16:29:40 | 000,000,680 | ---- | M] () -- C:\Users\DD\AppData\Local\d3d9caps.dat
[2012.06.13 05:48:03 | 000,393,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.09 03:20:53 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.30 11:52:56 | 000,000,868 | ---- | C] () -- C:\Users\DD\Desktop\DVD Profiler.lnk
[2012.06.23 14:30:10 | 000,000,020 | ---- | C] () -- C:\Users\DD\defogger_reenable
[2012.06.21 20:29:44 | 000,017,408 | ---- | C] () -- C:\Users\DD\AppData\Local\WebpageIcons.db
[2012.06.21 20:19:13 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.21 20:19:13 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.04.04 04:49:18 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.01.10 22:14:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
[2012.01.10 22:14:13 | 000,002,048 | -HS- | C] () -- C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
[2011.10.13 00:01:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.09.21 06:59:27 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.07.31 12:43:46 | 000,065,536 | ---- | C] () -- C:\Windows\revolutions_uninstall.exe
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.12.30 16:37:25 | 000,000,090 | ---- | C] () -- C:\Users\DD\AppData\Local\fusioncache.dat
[2010.12.28 13:58:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.05 22:16:02 | 000,000,249 | ---- | C] () -- C:\Windows\bctester_de.INI
[2010.10.10 20:15:43 | 000,000,465 | ---- | C] () -- C:\Windows\iScreensaver.ini
[2010.10.10 20:15:00 | 000,029,184 | -H-- | C] () -- C:\Windows\MBSRectPlugin1635.dll
[2010.09.04 18:06:46 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.09.04 18:06:46 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.09.03 21:36:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.09.03 21:36:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.04.27 20:28:25 | 000,000,680 | ---- | C] () -- C:\Users\DD\AppData\Local\d3d9caps.dat
[2010.04.22 12:53:25 | 000,137,216 | ---- | C] () -- C:\Users\DD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.04.22 21:59:57 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Ashampoo
[2010.08.23 18:25:11 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\BonkEnc
[2010.08.04 10:46:06 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\CheckPoint
[2010.08.10 23:08:44 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2011.10.17 11:03:32 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Epson
[2010.05.26 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\EurekaLog
[2012.06.11 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\FILEminimizerPictures
[2010.11.27 12:41:58 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\GARMIN
[2011.03.03 00:56:48 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ICQ
[2011.12.09 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\IrfanView
[2010.10.10 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\iScreensaver
[2012.01.22 11:27:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\JAM Software
[2011.03.30 22:44:36 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\LG Electronics
[2010.11.21 15:32:22 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\LogicWeave Software
[2010.07.03 12:43:53 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Petroglyph
[2012.06.23 07:13:59 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\QuickScan
[2011.12.26 18:14:54 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\RavensburgerTipToi
[2012.01.14 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Rovio
[2010.06.22 09:36:58 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ScreeNet iSaver
[2011.02.24 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\The Creative Assembly
[2010.05.16 22:11:25 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\TomTom
[2010.04.22 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\TuneUp Software
[2010.12.30 16:40:49 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Turbine
[2010.09.03 21:45:14 | 000,000,000 | -H-D | M] -- C:\Users\DD\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2012.07.02 15:01:24 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.07.01 19:30:01 | 000,000,894 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000Core.job
[2012.07.02 10:30:00 | 000,000,916 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4170860937-2119410488-3439256695-1000UA.job
[2012.07.02 10:40:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.20 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Adobe
[2011.11.24 20:45:46 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Apple Computer
[2010.04.22 21:59:57 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Ashampoo
[2010.04.22 11:38:59 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ATI
[2010.08.23 18:25:11 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\BonkEnc
[2010.08.04 10:46:06 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\CheckPoint
[2010.08.10 23:08:44 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2010.07.05 12:31:35 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\CyberLink
[2010.08.18 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\DivX
[2012.05.24 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\dvdcss
[2011.10.17 11:03:32 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Epson
[2010.05.26 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\EurekaLog
[2012.06.11 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\FILEminimizerPictures
[2010.11.27 12:41:58 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\GARMIN
[2010.04.22 12:18:33 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Google
[2011.03.03 00:56:48 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ICQ
[2010.04.22 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Identities
[2011.10.12 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\InstallShield
[2011.12.09 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\IrfanView
[2010.10.10 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\iScreensaver
[2012.01.22 11:27:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\JAM Software
[2011.03.30 22:44:36 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\LG Electronics
[2010.11.21 15:32:22 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\LogicWeave Software
[2011.04.01 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Macromedia
[2012.06.28 23:15:47 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Media Center Programs
[2010.05.20 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Media Player Classic
[2012.01.01 16:28:35 | 000,000,000 | --SD | M] -- C:\Users\DD\AppData\Roaming\Microsoft
[2010.04.22 12:22:53 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Mozilla
[2010.07.11 14:39:16 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Nero
[2010.07.03 12:43:53 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Petroglyph
[2012.06.23 07:13:59 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\QuickScan
[2011.12.26 18:14:54 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\RavensburgerTipToi
[2010.08.12 22:09:01 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Real
[2012.01.14 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Rovio
[2010.06.22 09:36:58 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\ScreeNet iSaver
[2012.03.21 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Skype
[2011.02.24 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\The Creative Assembly
[2010.05.16 22:11:25 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\TomTom
[2010.04.22 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\TuneUp Software
[2010.12.30 16:40:49 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Turbine
[2012.07.02 15:23:25 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\vlc
[2010.04.23 09:28:04 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\WinRAR
[2010.07.03 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\DD\AppData\Roaming\Xfire
[2010.09.03 21:45:14 | 000,000,000 | -H-D | M] -- C:\Users\DD\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
 
< %APPDATA%\*.exe /s >
[2011.04.08 07:38:40 | 000,032,768 | ---- | M] ((주)테크노니아) -- C:\Users\DD\AppData\Roaming\LG Electronics\LG PC Suite III\UpdateHelper.exe
[2010.11.21 15:31:52 | 000,002,550 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{19F71F50-EE15-4213-A1ED-EA74FFA60C51}\_52CFA3F3BFCA9A03BDDA97.exe
[2010.11.21 15:31:52 | 000,002,550 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{19F71F50-EE15-4213-A1ED-EA74FFA60C51}\_6FEFF9B68218417F98F549.exe
[2010.11.21 15:31:53 | 000,002,550 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{19F71F50-EE15-4213-A1ED-EA74FFA60C51}\_C788D9264F0B22B25F0E97.exe
[2012.07.01 21:34:59 | 000,001,078 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_25D7A4A9F2D862C2B977C4.exe
[2012.07.01 21:34:59 | 000,010,134 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_562F73C7672C28A61F1D00.exe
[2012.07.01 21:34:59 | 000,001,078 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_5A201C1BE64802367DC4E1.exe
[2012.07.01 21:34:59 | 000,000,766 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
[2012.07.01 21:34:59 | 000,016,262 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_94C5C199B759AAD5E732EF.exe
[2012.07.01 21:34:59 | 000,002,550 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_AC5A6C3DD52787B1AA40F8.exe
[2012.07.01 21:34:59 | 000,001,518 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F34E49E98C52AC1EB6059D.exe
[2009.06.04 13:51:24 | 001,413,256 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Windows\Templates\E\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\DD\AppData\Roaming\Microsoft\Windows\Templates\E\tools\LGSetCDROMAutoRun.exe
[2010.09.01 16:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
[2008.06.03 05:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.06.03 05:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.06.03 05:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.06.03 05:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2012.06.21 20:14:40 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.02.13 16:34:32 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >

cosinus · 03.07.2012, 11:12

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0410&m=easynote_lj65
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{6CFA647A-7824-4CF5-999D-5D188E2D7961}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.4
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=mcafee&p="
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
[2010.07.03 10:39:55 | 000,009,837 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\ddl-search-v2.xml
[2012.06.29 10:24:53 | 000,010,506 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\gmx-suche.xml
[2011.03.02 09:48:59 | 000,002,342 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icq-search.xml
[2011.03.10 20:27:35 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-1.xml
[2011.03.24 13:44:18 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-2.xml
[2011.03.05 13:33:44 | 000,000,950 | ---- | M] () -- C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin.xml
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell - "" = AutoRun
O33 - MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
:Files
C:\Program Files\ICQ6Toolbar
C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@
C:\Users\DD\AppData\Roaming\CheckPoint
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Patient X · 03.07.2012, 14:59

Erledigt!

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4170860937-2119410488-3439256695-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File move failed. c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6CFA647A-7824-4CF5-999D-5D188E2D7961}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CFA647A-7824-4CF5-999D-5D188E2D7961}\ not found.
Registry key HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Sichere Suche" removed from browser.search.defaultenginename
Prefs.js: toolbar@gmx.net:1.5.4 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\ddl-search-v2.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icq-search.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\n63aa2n9.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-4170860937-2119410488-3439256695-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c7ae5c0-44a0-11e0-9482-806e6f6e6963}\ not found.
File E:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa77a76-b768-11df-a38c-00235a89b8d3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa77a76-b768-11df-a38c-00235a89b8d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa77a76-b768-11df-a38c-00235a89b8d3}\ not found.
File E:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d8c732-f6d1-11df-8535-00235a89b8d3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d8c732-f6d1-11df-8535-00235a89b8d3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d8c732-f6d1-11df-8535-00235a89b8d3}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta not found.
========== FILES ==========
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Windows\Installer\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@ moved successfully.
C:\Users\DD\AppData\Local\{eb9819ac-a943-f0d9-e6db-ec8b5a2ef808}\@ moved successfully.
C:\Users\DD\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Users\DD\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Users\DD\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Users\DD\AppData\Roaming\CheckPoint folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\DD\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: DD
->Temp folder emptied: 82771170 bytes
->Temporary Internet Files folder emptied: 373515268 bytes
->FireFox cache emptied: 387212470 bytes
->Google Chrome cache emptied: 313845890 bytes
->Flash cache emptied: 18436 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1
->Temp folder emptied: 895256 bytes
->Temporary Internet Files folder emptied: 42148 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 28928 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 66636 bytes
RecycleBin emptied: 7642451939 bytes
 
Total Files Cleaned = 8.393,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: DD
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Mcx1
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07032012_153128

Files\Folders moved on Reboot...
File move failed. c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.02.17 11:20:28 | 000,281,600 | ---- | M] (McAfee, Inc.) c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll : MD5=7B17107D054A88C6D1ECC285B502D2D9

Registry entries deleted on Reboot...

Bei FireFox sind jetzt einige bestehende AddOns neu geladen oder installiert worden.
Die Skins und Designelemente sind auch weg.
Ist das normal?

cosinus · 03.07.2012, 15:55

Ja evtl. hab ich da einiges von dir gewolltes gefixt, aber das kannst du ja so wieder nachinstallieren

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Patient X · 03.07.2012, 16:27

Auch erledigt!

Code:

ATTFilter

17:16:36.0640 3100	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
17:16:36.0820 3100	============================================================
17:16:36.0820 3100	Current date / time: 2012/07/03 17:16:36.0820
17:16:36.0820 3100	SystemInfo:
17:16:36.0820 3100	
17:16:36.0820 3100	OS Version: 6.0.6002 ServicePack: 2.0
17:16:36.0820 3100	Product type: Workstation
17:16:36.0820 3100	ComputerName: ODIN
17:16:36.0820 3100	UserName: DD
17:16:36.0820 3100	Windows directory: C:\Windows
17:16:36.0820 3100	System windows directory: C:\Windows
17:16:36.0820 3100	Processor architecture: Intel x86
17:16:36.0820 3100	Number of processors: 2
17:16:36.0820 3100	Page size: 0x1000
17:16:36.0820 3100	Boot type: Normal boot
17:16:36.0820 3100	============================================================
17:16:46.0653 3100	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:16:46.0778 3100	============================================================
17:16:46.0778 3100	\Device\Harddisk0\DR0:
17:16:46.0824 3100	MBR partitions:
17:16:46.0824 3100	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A04000, BlocksNum 0x38981800
17:16:46.0824 3100	============================================================
17:16:47.0183 3100	C: <-> \Device\Harddisk0\DR0\Partition0
17:16:47.0183 3100	============================================================
17:16:47.0183 3100	Initialize success
17:16:47.0183 3100	============================================================
17:19:38.0430 3220	============================================================
17:19:38.0430 3220	Scan started
17:19:38.0430 3220	Mode: Manual; SigCheck; TDLFS; 
17:19:38.0430 3220	============================================================
17:19:39.0989 3220	ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
17:19:40.0223 3220	ABBYY.Licensing.FineReader.Sprint.9.0 - ok
17:19:40.0472 3220	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:19:40.0503 3220	ACPI - ok
17:19:40.0581 3220	AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
17:19:40.0613 3220	AdobeActiveFileMonitor6.0 - ok
17:19:40.0659 3220	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:19:40.0691 3220	AdobeARMservice - ok
17:19:40.0800 3220	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:19:40.0831 3220	AdobeFlashPlayerUpdateSvc - ok
17:19:40.0893 3220	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:19:40.0940 3220	adp94xx - ok
17:19:41.0003 3220	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:19:41.0034 3220	adpahci - ok
17:19:41.0081 3220	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:19:41.0096 3220	adpu160m - ok
17:19:41.0190 3220	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:19:41.0221 3220	adpu320 - ok
17:19:41.0283 3220	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:19:41.0408 3220	AeLookupSvc - ok
17:19:41.0471 3220	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:19:41.0533 3220	AFD - ok
17:19:41.0580 3220	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:19:41.0611 3220	agp440 - ok
17:19:41.0642 3220	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:19:41.0658 3220	aic78xx - ok
17:19:41.0689 3220	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:19:41.0814 3220	ALG - ok
17:19:41.0876 3220	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:19:41.0892 3220	aliide - ok
17:19:41.0954 3220	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:19:41.0970 3220	amdagp - ok
17:19:42.0017 3220	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:19:42.0048 3220	amdide - ok
17:19:42.0173 3220	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:19:42.0282 3220	AmdK7 - ok
17:19:42.0329 3220	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:19:42.0407 3220	AmdK8 - ok
17:19:43.0062 3220	amdkmdag        (7a46cf1f1075eb0340ea40f12d88a862) C:\Windows\system32\DRIVERS\atipmdag.sys
17:19:43.0701 3220	amdkmdag - ok
17:19:43.0951 3220	amdkmdap        (e786ac0fbab7acfa53a7f8ef64652dd5) C:\Windows\system32\DRIVERS\atikmpag.sys
17:19:43.0998 3220	amdkmdap - ok
17:19:44.0029 3220	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:19:44.0091 3220	Appinfo - ok
17:19:44.0138 3220	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:19:44.0154 3220	arc - ok
17:19:44.0185 3220	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:19:44.0216 3220	arcsas - ok
17:19:44.0325 3220	aspnet_state    (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:19:44.0357 3220	aspnet_state - ok
17:19:44.0388 3220	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:19:44.0450 3220	AsyncMac - ok
17:19:44.0481 3220	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:19:44.0497 3220	atapi - ok
17:19:44.0575 3220	Ati External Event Utility (02cbd9af51be20608c21547582723fc8) C:\Windows\system32\Ati2evxx.exe
17:19:44.0637 3220	Ati External Event Utility - ok
17:19:44.0747 3220	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:19:44.0793 3220	AudioEndpointBuilder - ok
17:19:44.0793 3220	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:19:44.0825 3220	Audiosrv - ok
17:19:44.0965 3220	AVP             (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
17:19:44.0996 3220	AVP - ok
17:19:45.0090 3220	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:19:45.0137 3220	Beep - ok
17:19:45.0293 3220	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:19:45.0464 3220	BITS - ok
17:19:45.0511 3220	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:19:45.0589 3220	blbdrive - ok
17:19:45.0651 3220	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:19:45.0698 3220	bowser - ok
17:19:45.0761 3220	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:19:45.0807 3220	BrFiltLo - ok
17:19:45.0839 3220	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:19:45.0901 3220	BrFiltUp - ok
17:19:45.0917 3220	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:19:45.0979 3220	Browser - ok
17:19:46.0041 3220	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:19:46.0197 3220	Brserid - ok
17:19:46.0260 3220	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:19:46.0322 3220	BrSerWdm - ok
17:19:46.0353 3220	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:19:46.0431 3220	BrUsbMdm - ok
17:19:46.0447 3220	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:19:46.0525 3220	BrUsbSer - ok
17:19:46.0572 3220	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
17:19:46.0634 3220	BthEnum - ok
17:19:46.0759 3220	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:19:46.0853 3220	BTHMODEM - ok
17:19:46.0884 3220	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:19:46.0931 3220	BthPan - ok
17:19:47.0133 3220	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
17:19:47.0258 3220	BTHPORT - ok
17:19:47.0367 3220	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
17:19:47.0414 3220	BthServ - ok
17:19:47.0445 3220	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
17:19:47.0477 3220	BTHUSB - ok
17:19:47.0508 3220	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:19:47.0555 3220	cdfs - ok
17:19:47.0601 3220	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:19:47.0648 3220	cdrom - ok
17:19:47.0679 3220	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:19:47.0726 3220	CertPropSvc - ok
17:19:47.0789 3220	cfwids          (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
17:19:47.0804 3220	cfwids - ok
17:19:47.0851 3220	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:19:47.0898 3220	circlass - ok
17:19:47.0960 3220	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:19:47.0991 3220	CLFS - ok
17:19:48.0132 3220	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:19:48.0163 3220	clr_optimization_v2.0.50727_32 - ok
17:19:48.0241 3220	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:19:48.0257 3220	clr_optimization_v4.0.30319_32 - ok
17:19:48.0319 3220	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:19:48.0366 3220	CmBatt - ok
17:19:48.0413 3220	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:19:48.0428 3220	cmdide - ok
17:19:48.0444 3220	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:19:48.0459 3220	Compbatt - ok
17:19:48.0475 3220	COMSysApp - ok
17:19:48.0475 3220	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:19:48.0506 3220	crcdisk - ok
17:19:48.0537 3220	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:19:48.0600 3220	Crusoe - ok
17:19:48.0678 3220	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
17:19:48.0725 3220	CryptSvc - ok
17:19:48.0803 3220	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:19:48.0896 3220	DcomLaunch - ok
17:19:48.0959 3220	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:19:49.0037 3220	DfsC - ok
17:19:49.0317 3220	DfSdkS          (92ae26f2caf4a67e24a0ba6ddf32cc3c) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe
17:19:49.0395 3220	DfSdkS ( UnsignedFile.Multi.Generic ) - warning
17:19:49.0395 3220	DfSdkS - detected UnsignedFile.Multi.Generic (1)
17:19:49.0957 3220	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:19:50.0144 3220	DFSR - ok
17:19:50.0409 3220	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:19:50.0441 3220	Dhcp - ok
17:19:50.0519 3220	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:19:50.0550 3220	disk - ok
17:19:50.0612 3220	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
17:19:50.0628 3220	DKbFltr - ok
17:19:50.0675 3220	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:19:50.0721 3220	Dnscache - ok
17:19:50.0753 3220	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:19:50.0799 3220	dot3svc - ok
17:19:50.0846 3220	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:19:50.0909 3220	DPS - ok
17:19:51.0018 3220	DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
17:19:51.0033 3220	DritekPortIO - ok
17:19:51.0080 3220	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:19:51.0127 3220	drmkaud - ok
17:19:51.0267 3220	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:19:51.0392 3220	DXGKrnl - ok
17:19:51.0548 3220	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:19:51.0642 3220	E1G60 - ok
17:19:51.0689 3220	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:19:51.0720 3220	EapHost - ok
17:19:51.0782 3220	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:19:51.0813 3220	Ecache - ok
17:19:51.0938 3220	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:19:51.0985 3220	ehRecvr - ok
17:19:52.0016 3220	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:19:52.0063 3220	ehSched - ok
17:19:52.0079 3220	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:19:52.0110 3220	ehstart - ok
17:19:52.0172 3220	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:19:52.0203 3220	elxstor - ok
17:19:52.0406 3220	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:19:52.0578 3220	EMDMgmt - ok
17:19:52.0812 3220	ePowerSvc       (926e9d64319454d1314858d348c3e963) C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
17:19:52.0905 3220	ePowerSvc - ok
17:19:53.0030 3220	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:19:53.0108 3220	ErrDev - ok
17:19:53.0295 3220	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:19:53.0342 3220	EventSystem - ok
17:19:53.0451 3220	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:19:53.0514 3220	exfat - ok
17:19:53.0545 3220	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:19:53.0592 3220	fastfat - ok
17:19:53.0639 3220	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:19:53.0701 3220	fdc - ok
17:19:53.0732 3220	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:19:53.0763 3220	fdPHost - ok
17:19:53.0841 3220	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:19:53.0904 3220	FDResPub - ok
17:19:53.0935 3220	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:19:53.0966 3220	FileInfo - ok
17:19:53.0982 3220	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:19:54.0044 3220	Filetrace - ok
17:19:54.0091 3220	FlashUSB        (5575ee5823de1558f8486eb4e33ffa99) C:\Windows\system32\DRIVERS\FlashUSB.sys
17:19:54.0138 3220	FlashUSB - ok
17:19:54.0481 3220	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:19:54.0543 3220	FLEXnet Licensing Service - ok
17:19:54.0575 3220	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:19:54.0668 3220	flpydisk - ok
17:19:54.0731 3220	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:19:54.0746 3220	FltMgr - ok
17:19:55.0323 3220	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:19:55.0464 3220	FontCache - ok
17:19:55.0651 3220	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:19:55.0698 3220	FontCache3.0.0.0 - ok
17:19:55.0760 3220	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:19:55.0854 3220	Fs_Rec - ok
17:19:56.0010 3220	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:19:56.0057 3220	gagp30kx - ok
17:19:56.0166 3220	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:19:56.0181 3220	GEARAspiWDM - ok
17:19:56.0275 3220	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:19:56.0400 3220	gpsvc - ok
17:19:56.0618 3220	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:19:56.0634 3220	gupdate - ok
17:19:56.0681 3220	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:19:56.0696 3220	gupdatem - ok
17:19:56.0759 3220	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:19:56.0821 3220	HdAudAddService - ok
17:19:56.0899 3220	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:19:57.0024 3220	HDAudBus - ok
17:19:57.0117 3220	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:19:57.0195 3220	HidBth - ok
17:19:57.0258 3220	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:19:57.0320 3220	HidIr - ok
17:19:57.0367 3220	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:19:57.0398 3220	hidserv - ok
17:19:57.0429 3220	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:19:57.0461 3220	HidUsb - ok
17:19:57.0539 3220	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:19:57.0601 3220	hkmsvc - ok
17:19:57.0648 3220	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:19:57.0663 3220	HpCISSs - ok
17:19:57.0804 3220	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:19:57.0882 3220	HSFHWAZL - ok
17:19:58.0116 3220	HsfXAudioService (1e7c79cbaf71aa92e0eee924907dcb55) C:\Windows\system32\XAudio32.dll
17:19:58.0209 3220	HsfXAudioService - ok
17:19:58.0303 3220	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:19:58.0397 3220	HTTP - ok
17:19:58.0443 3220	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:19:58.0475 3220	i2omp - ok
17:19:58.0537 3220	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:19:58.0568 3220	i8042prt - ok
17:19:58.0584 3220	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:19:58.0615 3220	iaStorV - ok
17:19:58.0646 3220	ICQ Service - ok
17:19:58.0943 3220	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:19:59.0005 3220	idsvc - ok
17:19:59.0145 3220	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:19:59.0177 3220	iirsp - ok
17:19:59.0286 3220	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:19:59.0364 3220	IKEEXT - ok
17:19:59.0645 3220	IntcAzAudAddService (de7d0a44de9eaf68165748a8d6af1c86) C:\Windows\system32\drivers\RTKVHDA.sys
17:19:59.0941 3220	IntcAzAudAddService - ok
17:20:00.0237 3220	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:20:00.0269 3220	intelide - ok
17:20:00.0300 3220	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:20:00.0362 3220	intelppm - ok
17:20:00.0409 3220	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:20:00.0456 3220	IPBusEnum - ok
17:20:00.0487 3220	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:00.0549 3220	IpFilterDriver - ok
17:20:00.0549 3220	IpInIp - ok
17:20:00.0596 3220	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:20:00.0659 3220	IPMIDRV - ok
17:20:00.0705 3220	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:20:00.0752 3220	IPNAT - ok
17:20:00.0815 3220	iPod Service - ok
17:20:00.0846 3220	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:20:00.0877 3220	IRENUM - ok
17:20:00.0955 3220	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:20:00.0971 3220	isapnp - ok
17:20:01.0033 3220	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:20:01.0064 3220	iScsiPrt - ok
17:20:01.0095 3220	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:20:01.0111 3220	iteatapi - ok
17:20:01.0158 3220	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:20:01.0173 3220	iteraid - ok
17:20:01.0251 3220	k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
17:20:01.0298 3220	k57nd60x - ok
17:20:01.0314 3220	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:20:01.0329 3220	kbdclass - ok
17:20:01.0345 3220	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:20:01.0439 3220	kbdhid - ok
17:20:01.0454 3220	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:01.0517 3220	KeyIso - ok
17:20:01.0579 3220	KL1             (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
17:20:01.0595 3220	KL1 - ok
17:20:01.0704 3220	kl2             (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
17:20:01.0719 3220	kl2 - ok
17:20:01.0797 3220	KLIF            (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
17:20:01.0829 3220	KLIF - ok
17:20:01.0875 3220	KLIM6           (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
17:20:01.0891 3220	KLIM6 - ok
17:20:01.0938 3220	klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
17:20:01.0969 3220	klmouflt - ok
17:20:02.0031 3220	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:20:02.0063 3220	KSecDD - ok
17:20:02.0125 3220	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:20:02.0219 3220	KtmRm - ok
17:20:02.0265 3220	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:20:02.0312 3220	LanmanServer - ok
17:20:02.0375 3220	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:20:02.0421 3220	LanmanWorkstation - ok
17:20:02.0468 3220	LgBttPort       (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
17:20:02.0484 3220	LgBttPort - ok
17:20:02.0499 3220	lgbusenum       (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
17:20:02.0531 3220	lgbusenum - ok
17:20:02.0546 3220	LGVMODEM        (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
17:20:02.0562 3220	LGVMODEM - ok
17:20:02.0593 3220	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:20:02.0640 3220	lltdio - ok
17:20:02.0718 3220	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:20:02.0749 3220	lltdsvc - ok
17:20:02.0765 3220	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:20:02.0827 3220	lmhosts - ok
17:20:02.0858 3220	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:20:02.0889 3220	LSI_FC - ok
17:20:02.0905 3220	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:20:02.0921 3220	LSI_SAS - ok
17:20:02.0967 3220	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:20:02.0999 3220	LSI_SCSI - ok
17:20:03.0014 3220	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:20:03.0061 3220	luafv - ok
17:20:03.0092 3220	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:20:03.0123 3220	MBAMProtector - ok
17:20:03.0217 3220	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:20:03.0248 3220	MBAMService - ok
17:20:03.0342 3220	McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0373 3220	McAfee SiteAdvisor Service - ok
17:20:03.0373 3220	McMPFSvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0389 3220	McMPFSvc - ok
17:20:03.0420 3220	mcmscsvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0435 3220	mcmscsvc - ok
17:20:03.0451 3220	McNASvc         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0482 3220	McNASvc - ok
17:20:03.0529 3220	McProxy         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:03.0545 3220	McProxy - ok
17:20:03.0623 3220	McShield        (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:20:03.0638 3220	McShield - ok
17:20:03.0685 3220	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:20:03.0716 3220	Mcx2Svc - ok
17:20:03.0763 3220	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:20:03.0794 3220	mdmxsdk - ok
17:20:03.0857 3220	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:20:03.0872 3220	megasas - ok
17:20:03.0935 3220	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:20:04.0013 3220	MegaSR - ok
17:20:04.0091 3220	mfeapfk         (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
17:20:04.0106 3220	mfeapfk - ok
17:20:04.0169 3220	mfeavfk         (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
17:20:04.0215 3220	mfeavfk - ok
17:20:04.0247 3220	mfebopk         (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
17:20:04.0278 3220	mfebopk - ok
17:20:04.0325 3220	mfefire         (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:20:04.0340 3220	mfefire - ok
17:20:04.0434 3220	mfefirek        (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
17:20:04.0481 3220	mfefirek - ok
17:20:04.0637 3220	mfehidk         (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
17:20:04.0668 3220	mfehidk - ok
17:20:04.0730 3220	mfenlfk         (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:20:04.0761 3220	mfenlfk - ok
17:20:04.0808 3220	mferkdet        (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
17:20:04.0824 3220	mferkdet - ok
17:20:04.0871 3220	mfevtp          (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
17:20:04.0902 3220	mfevtp - ok
17:20:04.0964 3220	mfewfpk         (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
17:20:04.0995 3220	mfewfpk - ok
17:20:05.0245 3220	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:20:05.0261 3220	Microsoft Office Groove Audit Service - ok
17:20:05.0292 3220	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:20:05.0339 3220	MMCSS - ok
17:20:05.0495 3220	MOBKbackup      (35176fa09a0fc58db630991a81a0ba39) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
17:20:05.0510 3220	MOBKbackup - ok
17:20:05.0541 3220	MOBKFilter      (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
17:20:05.0557 3220	MOBKFilter - ok
17:20:05.0604 3220	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:20:05.0682 3220	Modem - ok
17:20:05.0713 3220	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:20:05.0760 3220	monitor - ok
17:20:05.0775 3220	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:20:05.0791 3220	mouclass - ok
17:20:05.0822 3220	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:20:05.0869 3220	mouhid - ok
17:20:05.0885 3220	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:20:05.0900 3220	MountMgr - ok
17:20:05.0978 3220	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:20:05.0994 3220	MozillaMaintenance - ok
17:20:06.0228 3220	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:20:06.0275 3220	mpio - ok
17:20:06.0290 3220	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:20:06.0337 3220	mpsdrv - ok
17:20:06.0368 3220	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:20:06.0384 3220	Mraid35x - ok
17:20:06.0633 3220	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:20:06.0696 3220	MRxDAV - ok
17:20:06.0727 3220	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:06.0758 3220	mrxsmb - ok
17:20:06.0867 3220	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:06.0930 3220	mrxsmb10 - ok
17:20:06.0961 3220	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:06.0992 3220	mrxsmb20 - ok
17:20:07.0039 3220	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
17:20:07.0070 3220	msahci - ok
17:20:07.0117 3220	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:20:07.0148 3220	msdsm - ok
17:20:07.0179 3220	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:20:07.0226 3220	MSDTC - ok
17:20:07.0257 3220	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:20:07.0304 3220	Msfs - ok
17:20:07.0351 3220	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:20:07.0367 3220	msisadrv - ok
17:20:07.0398 3220	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:20:07.0507 3220	MSiSCSI - ok
17:20:07.0507 3220	msiserver - ok
17:20:07.0710 3220	MSK80Service    (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:07.0741 3220	MSK80Service - ok
17:20:07.0819 3220	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:20:07.0866 3220	MSKSSRV - ok
17:20:07.0897 3220	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:07.0944 3220	MSPCLOCK - ok
17:20:07.0975 3220	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:20:08.0006 3220	MSPQM - ok
17:20:08.0069 3220	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:20:08.0100 3220	MsRPC - ok
17:20:08.0131 3220	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:20:08.0162 3220	mssmbios - ok
17:20:08.0225 3220	MSSQL$MYMOVIES - ok
17:20:08.0256 3220	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:20:08.0271 3220	MSSQLServerADHelper - ok
17:20:08.0303 3220	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:20:08.0334 3220	MSTEE - ok
17:20:08.0396 3220	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:20:08.0412 3220	Mup - ok
17:20:08.0474 3220	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:20:08.0521 3220	napagent - ok
17:20:08.0568 3220	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:20:08.0599 3220	NativeWifiP - ok
17:20:08.0786 3220	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:20:08.0880 3220	NDIS - ok
17:20:08.0927 3220	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:08.0973 3220	NdisTapi - ok
17:20:09.0067 3220	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:09.0098 3220	Ndisuio - ok
17:20:09.0114 3220	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:09.0145 3220	NdisWan - ok
17:20:09.0192 3220	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:20:09.0223 3220	NDProxy - ok
17:20:09.0254 3220	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:20:09.0301 3220	NetBIOS - ok
17:20:09.0348 3220	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:20:09.0379 3220	netbt - ok
17:20:09.0410 3220	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:09.0441 3220	Netlogon - ok
17:20:09.0488 3220	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:20:09.0535 3220	Netman - ok
17:20:09.0566 3220	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:20:09.0644 3220	netprofm - ok
17:20:09.0785 3220	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:09.0816 3220	NetTcpPortSharing - ok
17:20:10.0799 3220	NETw5v32        (feb745e4669476c8d368f6c1ca7c7442) C:\Windows\system32\DRIVERS\NETw5v32.sys
17:20:11.0922 3220	NETw5v32 - ok
17:20:12.0140 3220	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:20:12.0156 3220	nfrd960 - ok
17:20:12.0187 3220	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:20:12.0234 3220	NlaSvc - ok
17:20:12.0327 3220	nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
17:20:12.0343 3220	nosGetPlusHelper - ok
17:20:12.0405 3220	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:20:12.0437 3220	Npfs - ok
17:20:12.0452 3220	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:20:12.0499 3220	nsi - ok
17:20:12.0530 3220	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:20:12.0561 3220	nsiproxy - ok
17:20:12.0671 3220	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:20:12.0733 3220	Ntfs - ok
17:20:12.0858 3220	NTI IScheduleSvc (952bf6dfc96e3e94d1d88fd0b78ec443) C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
17:20:12.0889 3220	NTI IScheduleSvc - ok
17:20:12.0905 3220	NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\Drivers\NTIDrvr.sys
17:20:12.0920 3220	NTIDrvr - ok
17:20:12.0951 3220	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:20:13.0014 3220	ntrigdigi - ok
17:20:13.0045 3220	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:20:13.0092 3220	Null - ok
17:20:13.0248 3220	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:20:13.0295 3220	nvraid - ok
17:20:13.0326 3220	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:20:13.0357 3220	nvstor - ok
17:20:13.0388 3220	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:20:13.0404 3220	nv_agp - ok
17:20:13.0404 3220	NwlnkFlt - ok
17:20:13.0419 3220	NwlnkFwd - ok
17:20:13.0825 3220	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:20:13.0997 3220	odserv - ok
17:20:14.0090 3220	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:20:14.0137 3220	ohci1394 - ok
17:20:14.0340 3220	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:20:14.0355 3220	ose - ok
17:20:14.0511 3220	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:14.0667 3220	p2pimsvc - ok
17:20:14.0683 3220	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:14.0745 3220	p2psvc - ok
17:20:14.0823 3220	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:20:14.0917 3220	Parport - ok
17:20:14.0964 3220	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
17:20:14.0995 3220	partmgr - ok
17:20:15.0026 3220	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:20:15.0089 3220	Parvdm - ok
17:20:15.0167 3220	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:20:15.0229 3220	PcaSvc - ok
17:20:15.0260 3220	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:20:15.0276 3220	pci - ok
17:20:15.0338 3220	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:20:15.0354 3220	pciide - ok
17:20:15.0416 3220	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:20:15.0447 3220	pcmcia - ok
17:20:15.0635 3220	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:20:15.0728 3220	PEAUTH - ok
17:20:15.0993 3220	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:20:16.0259 3220	pla - ok
17:20:16.0539 3220	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:20:16.0586 3220	PlugPlay - ok
17:20:16.0727 3220	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:16.0820 3220	PNRPAutoReg - ok
17:20:16.0820 3220	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:16.0961 3220	PNRPsvc - ok
17:20:17.0054 3220	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:20:17.0210 3220	PolicyAgent - ok
17:20:17.0288 3220	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:20:17.0351 3220	PptpMiniport - ok
17:20:17.0366 3220	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:20:17.0429 3220	Processor - ok
17:20:17.0475 3220	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:20:17.0507 3220	ProfSvc - ok
17:20:17.0538 3220	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:17.0553 3220	ProtectedStorage - ok
17:20:17.0585 3220	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:20:17.0616 3220	PSched - ok
17:20:17.0631 3220	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
17:20:17.0647 3220	PxHelp20 - ok
17:20:17.0772 3220	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:20:17.0834 3220	ql2300 - ok
17:20:17.0865 3220	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:20:17.0881 3220	ql40xx - ok
17:20:17.0928 3220	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:20:17.0975 3220	QWAVE - ok
17:20:18.0006 3220	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:20:18.0021 3220	QWAVEdrv - ok
17:20:18.0099 3220	RapiMgr         (eeac7aac7eeeda9de346bb2e0403f549) C:\Windows\WindowsMobile\rapimgr.dll
17:20:18.0115 3220	RapiMgr - ok
17:20:18.0131 3220	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:20:18.0177 3220	RasAcd - ok
17:20:18.0209 3220	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:20:18.0255 3220	RasAuto - ok
17:20:18.0271 3220	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:20:18.0318 3220	Rasl2tp - ok
17:20:18.0349 3220	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:20:18.0396 3220	RasMan - ok
17:20:18.0411 3220	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:20:18.0458 3220	RasPppoe - ok
17:20:18.0489 3220	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:20:18.0521 3220	RasSstp - ok
17:20:18.0567 3220	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:20:18.0630 3220	rdbss - ok
17:20:18.0661 3220	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:20:18.0692 3220	RDPCDD - ok
17:20:18.0723 3220	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:20:18.0770 3220	rdpdr - ok
17:20:18.0770 3220	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:20:18.0817 3220	RDPENCDD - ok
17:20:18.0848 3220	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
17:20:18.0895 3220	RDPWD - ok
17:20:18.0957 3220	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:20:18.0989 3220	RemoteAccess - ok
17:20:19.0020 3220	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:20:19.0051 3220	RemoteRegistry - ok
17:20:19.0082 3220	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
17:20:19.0129 3220	RFCOMM - ok
17:20:19.0145 3220	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:20:19.0191 3220	RpcLocator - ok
17:20:19.0238 3220	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:20:19.0301 3220	RpcSs - ok
17:20:19.0347 3220	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:20:19.0394 3220	rspndr - ok
17:20:19.0457 3220	RTHDMIAzAudService (a95b16ff762ff217847b97e6f05778ee) C:\Windows\system32\drivers\RtHDMIV.sys
17:20:19.0472 3220	RTHDMIAzAudService - ok
17:20:19.0519 3220	RTSTOR          (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
17:20:19.0550 3220	RTSTOR - ok
17:20:19.0581 3220	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:19.0597 3220	SamSs - ok
17:20:19.0628 3220	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:20:19.0644 3220	sbp2port - ok
17:20:19.0691 3220	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:20:19.0722 3220	SCardSvr - ok
17:20:20.0439 3220	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:20:20.0549 3220	Schedule - ok
17:20:20.0564 3220	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:20:20.0595 3220	SCPolicySvc - ok
17:20:20.0767 3220	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:20:20.0829 3220	SDRSVC - ok
17:20:20.0892 3220	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:20:20.0985 3220	secdrv - ok
17:20:21.0032 3220	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:20:21.0079 3220	seclogon - ok
17:20:21.0095 3220	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:20:21.0157 3220	SENS - ok
17:20:21.0173 3220	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:20:21.0235 3220	Serenum - ok
17:20:21.0547 3220	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:20:21.0641 3220	Serial - ok
17:20:21.0703 3220	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:20:21.0734 3220	sermouse - ok
17:20:21.0828 3220	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:20:21.0859 3220	SessionEnv - ok
17:20:21.0968 3220	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:20:21.0999 3220	sffdisk - ok
17:20:22.0015 3220	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:20:22.0077 3220	sffp_mmc - ok
17:20:22.0093 3220	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:20:22.0124 3220	sffp_sd - ok
17:20:22.0140 3220	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:20:22.0218 3220	sfloppy - ok
17:20:22.0249 3220	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:20:22.0296 3220	ShellHWDetection - ok
17:20:22.0327 3220	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:20:22.0343 3220	sisagp - ok
17:20:22.0389 3220	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:20:22.0405 3220	SiSRaid2 - ok
17:20:22.0452 3220	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:20:22.0483 3220	SiSRaid4 - ok
17:20:24.0339 3220	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:20:24.0698 3220	slsvc - ok
17:20:24.0885 3220	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:20:24.0932 3220	SLUINotify - ok
17:20:24.0979 3220	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:20:25.0026 3220	Smb - ok
17:20:25.0057 3220	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:20:25.0088 3220	SNMPTRAP - ok
17:20:25.0104 3220	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:20:25.0135 3220	spldr - ok
17:20:25.0166 3220	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:20:25.0213 3220	Spooler - ok
17:20:25.0275 3220	sptd            (a199171385be17973fd800fa91f8f78a) C:\Windows\System32\Drivers\sptd.sys
17:20:25.0385 3220	sptd - ok
17:20:25.0541 3220	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:20:25.0587 3220	SQLBrowser - ok
17:20:25.0697 3220	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:20:25.0712 3220	SQLWriter - ok
17:20:25.0853 3220	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:20:25.0931 3220	srv - ok
17:20:25.0962 3220	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:20:26.0009 3220	srv2 - ok
17:20:26.0024 3220	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:20:26.0071 3220	srvnet - ok
17:20:26.0118 3220	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:20:26.0149 3220	SSDPSRV - ok
17:20:26.0196 3220	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:20:26.0227 3220	SstpSvc - ok
17:20:26.0289 3220	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:20:26.0367 3220	stisvc - ok
17:20:26.0399 3220	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:20:26.0430 3220	swenum - ok
17:20:26.0492 3220	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:20:26.0539 3220	swprv - ok
17:20:26.0570 3220	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:20:26.0586 3220	Symc8xx - ok
17:20:26.0664 3220	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:20:26.0679 3220	Sym_hi - ok
17:20:26.0695 3220	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:20:26.0726 3220	Sym_u3 - ok
17:20:26.0773 3220	SynTP           (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
17:20:26.0820 3220	SynTP - ok
17:20:27.0116 3220	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:20:27.0225 3220	SysMain - ok
17:20:27.0241 3220	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:20:27.0288 3220	TabletInputService - ok
17:20:27.0335 3220	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:20:27.0381 3220	TapiSrv - ok
17:20:27.0397 3220	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:20:27.0444 3220	TBS - ok
17:20:27.0615 3220	Tcpip           (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
17:20:27.0662 3220	Tcpip - ok
17:20:27.0678 3220	Tcpip6          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
17:20:27.0709 3220	Tcpip6 - ok
17:20:27.0771 3220	tcpipreg        (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
17:20:27.0803 3220	tcpipreg - ok
17:20:27.0896 3220	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:20:27.0974 3220	TDPIPE - ok
17:20:28.0099 3220	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:20:28.0146 3220	TDTCP - ok
17:20:28.0317 3220	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:20:28.0349 3220	tdx - ok
17:20:28.0411 3220	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:20:28.0427 3220	TermDD - ok
17:20:28.0551 3220	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:20:28.0645 3220	TermService - ok
17:20:28.0879 3220	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:20:28.0941 3220	Themes - ok
17:20:28.0988 3220	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:20:29.0019 3220	THREADORDER - ok
17:20:29.0097 3220	TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
17:20:29.0113 3220	TomTomHOMEService - ok
17:20:29.0160 3220	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:20:29.0222 3220	TrkWks - ok
17:20:29.0300 3220	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:20:29.0331 3220	TrustedInstaller - ok
17:20:29.0363 3220	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:20:29.0409 3220	tssecsrv - ok
17:20:29.0472 3220	TuneUp.Defrag   (6a29cd69d1128bdf49a705befc614a5b) C:\Windows\System32\TuneUpDefragService.exe
17:20:29.0550 3220	TuneUp.Defrag - ok
17:20:29.0659 3220	TuneUp.ProgramStatisticsSvc (51ee2913ed525de18fda96dccbc5386a) C:\Windows\System32\TUProgSt.exe
17:20:29.0706 3220	TuneUp.ProgramStatisticsSvc - ok
17:20:29.0721 3220	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:20:29.0784 3220	tunmp - ok
17:20:29.0815 3220	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:20:29.0846 3220	tunnel - ok
17:20:29.0924 3220	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:20:29.0955 3220	uagp35 - ok
17:20:29.0971 3220	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
17:20:29.0987 3220	UBHelper - ok
17:20:30.0049 3220	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:20:30.0080 3220	udfs - ok
17:20:30.0111 3220	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:20:30.0174 3220	UI0Detect - ok
17:20:30.0189 3220	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:20:30.0221 3220	uliagpkx - ok
17:20:30.0267 3220	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:20:30.0283 3220	uliahci - ok
17:20:30.0314 3220	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:20:30.0345 3220	UlSata - ok
17:20:30.0361 3220	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:20:30.0408 3220	ulsata2 - ok
17:20:30.0423 3220	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:20:30.0470 3220	umbus - ok
17:20:30.0501 3220	UMPass          (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
17:20:30.0548 3220	UMPass - ok
17:20:30.0611 3220	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:20:30.0673 3220	upnphost - ok
17:20:30.0735 3220	usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
17:20:30.0767 3220	usbbus - ok
17:20:30.0813 3220	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:20:30.0845 3220	usbccgp - ok
17:20:30.0923 3220	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:20:30.0985 3220	usbcir - ok
17:20:31.0016 3220	UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
17:20:31.0063 3220	UsbDiag - ok
17:20:31.0141 3220	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:20:31.0172 3220	usbehci - ok
17:20:31.0203 3220	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:20:31.0250 3220	usbhub - ok
17:20:31.0328 3220	USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
17:20:31.0359 3220	USBModem - ok
17:20:31.0375 3220	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:20:31.0437 3220	usbohci - ok
17:20:31.0609 3220	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:20:31.0656 3220	usbprint - ok
17:20:31.0703 3220	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:20:31.0734 3220	usbscan - ok
17:20:31.0827 3220	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:20:31.0874 3220	USBSTOR - ok
17:20:31.0890 3220	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:20:31.0937 3220	usbuhci - ok
17:20:31.0983 3220	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:20:32.0015 3220	usbvideo - ok
17:20:32.0046 3220	usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
17:20:32.0093 3220	usb_rndisx - ok
17:20:32.0155 3220	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:20:32.0186 3220	UxSms - ok
17:20:32.0249 3220	UxTuneUp        (2e2e93041c8058bc7de6f0d743c4a0c6) C:\Windows\System32\uxtuneup.dll
17:20:32.0264 3220	UxTuneUp - ok
17:20:32.0295 3220	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:20:32.0389 3220	vds - ok
17:20:32.0467 3220	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:20:32.0514 3220	vga - ok
17:20:32.0545 3220	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:20:32.0607 3220	VgaSave - ok
17:20:32.0639 3220	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:20:32.0654 3220	viaagp - ok
17:20:32.0701 3220	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:20:32.0732 3220	ViaC7 - ok
17:20:32.0779 3220	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:20:32.0795 3220	viaide - ok
17:20:32.0826 3220	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:20:32.0841 3220	volmgr - ok
17:20:32.0919 3220	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:20:32.0982 3220	volmgrx - ok
17:20:33.0044 3220	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:20:33.0091 3220	volsnap - ok
17:20:33.0153 3220	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:20:33.0169 3220	vsmraid - ok
17:20:34.0167 3220	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:20:34.0308 3220	VSS - ok
17:20:34.0448 3220	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:20:34.0511 3220	W32Time - ok
17:20:34.0589 3220	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:20:34.0682 3220	WacomPen - ok
17:20:34.0729 3220	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:34.0760 3220	Wanarp - ok
17:20:34.0760 3220	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:34.0791 3220	Wanarpv6 - ok
17:20:35.0088 3220	WcesComm        (3f2b5d989666786e57bb0d8d35b84052) C:\Windows\WindowsMobile\wcescomm.dll
17:20:35.0135 3220	WcesComm - ok
17:20:35.0291 3220	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:20:35.0322 3220	wcncsvc - ok
17:20:35.0353 3220	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:20:35.0384 3220	WcsPlugInService - ok
17:20:35.0431 3220	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:20:35.0447 3220	Wd - ok
17:20:35.0525 3220	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:20:35.0571 3220	Wdf01000 - ok
17:20:35.0603 3220	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:20:35.0649 3220	WdiServiceHost - ok
17:20:35.0649 3220	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:20:35.0696 3220	WdiSystemHost - ok
17:20:35.0805 3220	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:20:35.0852 3220	WebClient - ok
17:20:35.0915 3220	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:20:35.0977 3220	Wecsvc - ok
17:20:36.0008 3220	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:20:36.0071 3220	wercplsupport - ok
17:20:36.0102 3220	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:20:36.0133 3220	WerSvc - ok
17:20:36.0133 3220	WinHttpAutoProxySvc - ok
17:20:36.0336 3220	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:20:36.0398 3220	Winmgmt - ok
17:20:36.0648 3220	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:20:36.0975 3220	WinRM - ok
17:20:37.0085 3220	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:20:37.0209 3220	Wlansvc - ok
17:20:37.0303 3220	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:20:37.0365 3220	WmiAcpi - ok
17:20:37.0755 3220	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:20:37.0787 3220	wmiApSrv - ok
17:20:37.0927 3220	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:20:38.0021 3220	WMPNetworkSvc - ok
17:20:38.0052 3220	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:20:38.0083 3220	WPCSvc - ok
17:20:38.0114 3220	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:20:38.0145 3220	WPDBusEnum - ok
17:20:38.0223 3220	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:20:38.0239 3220	WpdUsb - ok
17:20:38.0426 3220	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:20:38.0520 3220	WPFFontCache_v0400 - ok
17:20:38.0582 3220	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:20:38.0629 3220	ws2ifsl - ok
17:20:38.0645 3220	WSearch - ok
17:20:38.0832 3220	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:20:38.0925 3220	wuauserv - ok
17:20:39.0097 3220	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:20:39.0128 3220	WUDFRd - ok
17:20:39.0175 3220	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:20:39.0222 3220	wudfsvc - ok
17:20:39.0237 3220	XAudio          (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
17:20:39.0269 3220	XAudio - ok
17:20:39.0300 3220	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:20:39.0627 3220	\Device\Harddisk0\DR0 - ok
17:20:39.0627 3220	Boot (0x1200)   (691b351a0523192dd2e6e4eec7a66471) \Device\Harddisk0\DR0\Partition0
17:20:39.0627 3220	\Device\Harddisk0\DR0\Partition0 - ok
17:20:39.0627 3220	============================================================
17:20:39.0627 3220	Scan finished
17:20:39.0627 3220	============================================================
17:20:39.0705 0964	Detected object count: 1
17:20:39.0705 0964	Actual detected object count: 1
17:20:59.0564 0964	DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
17:20:59.0564 0964	DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ich will jetzt nicht umständlich werden aber was meinst Du z.B. mit "gewolltes" gefixt?

Waren das Fehleinstellungen oder AddOns die gefährlich waren/sind?

Mir geht es darum zukünftig Fehler zu vermeiden.

29.06.2012, 12:06	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph Wenn du wirklich sicher ein Backup machen willst, dann über eine Live-Umgebung, siehe Link mit Xubuntu in meiner Signatur __________________ --> Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph

01.07.2012, 14:50	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph

Log-Analyse und Auswertung: Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph