Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Log-Analyse und Auswertung: GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 11.01.2013, 22:31   #1
bobsnyder
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Erst einmal Hallo an alle!

Ich habe mich jetzt ein klein wenig ins Forum eingelesen und schnell festgestellt, dass jeder dieser GVU-Trojaner Fälle für sich behandelt werden sollte.

Hier also nun mein Fall:

Zuerst das plötzlcihe Pop-Up und nichts ging mehr... Glücklicherweise konnte ich den Rechner im abgesicherten Modus neu starten und mit Avira (zumindest vorerst) die Symptome beheben.

Aus ähnlichen Fällen hier las ich , dass man zunächst OTL Logs und Malwarebytes drüberlaufen lassen sollte.

Nach einem ersten Check scheinen auch keine Daten verschlüsselt zu sein.
Nur befindet sich ein kleines weisse Quadrat in der Mitte des Desktops...

Hier meine gesammelten Log-Files:

Avira

Zitat:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 11. Januar 2013 18:24



Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2678' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:' <OS>
[0] Archivtyp: RSRC
--> C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\573e099c-52124fd0
[1] Archivtyp: ZIP
--> bagdfssdb.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-5076
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> bagdfssda.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.IL
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\573e099c-52124fd0
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.IL
--> C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\40286ca3-2f2083f5
[1] Archivtyp: ZIP
--> bagdfssdb.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-5076
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> bagdfssda.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.JAX-WS.C
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\40286ca3-2f2083f5
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.JAX-WS.C
--> C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\b88e765-4ec1c191
[1] Archivtyp: ZIP
--> hw.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Likinowl.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Likinowl.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test2.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rilly.BX.1
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\b88e765-4ec1c191
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rilly.BX.1
--> C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\72e13cf3-56a58574
[1] Archivtyp: ZIP
--> testesta.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-5076
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> testestb.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.JG
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\72e13cf3-56a58574
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.JG
--> C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\143efff4-47f3ac3d
[1] Archivtyp: ZIP
--> ewjvaiwebvhtuai124a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422.A
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\143efff4-47f3ac3d
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK

Beginne mit der Desinfektion:
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\143efff4-47f3ac3d
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5957cf44.qua' verschoben!
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\72e13cf3-56a58574
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.JG
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '41b6e0e1.qua' verschoben!
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\b88e765-4ec1c191
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rilly.BX.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1394ba0f.qua' verschoben!
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\40286ca3-2f2083f5
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.JAX-WS.C
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '75a9f5c5.qua' verschoben!
C:\Users\A93S\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\573e099c-52124fd0
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.IL
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '302cd8f2.qua' verschoben!


Ende des Suchlaufs: Freitag, 11. Januar 2013 19:55
Benötigte Zeit: 1:24:38 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

38146 Verzeichnisse wurden überprüft
1250793 Dateien wurden geprüft
16 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
5 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1250777 Dateien ohne Befall
11453 Archive wurden durchsucht
11 Warnungen
5 Hinweise
OTL

Zitat:
OTL logfile created on: 11.01.2013 20:34:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\A93S\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 4,48 Gb Available Physical Memory | 56,64% Memory free
15,82 Gb Paging File | 12,09 Gb Available in Paging File | 76,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,55 Gb Total Space | 138,75 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
Drive D: | 505,96 Gb Total Space | 505,86 Gb Free Space | 99,98% Space Free | Partition Type: NTFS

Computer Name: A93S-PC | User Name: A93S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.11 20:33:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A93S\Desktop\OTL.exe
PRC - [2013.01.10 20:13:11 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.01.09 06:23:44 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.12.11 19:37:45 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 19:37:34 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 19:37:34 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.11 19:37:33 | 000,387,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.12.04 08:33:09 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.09.24 17:18:05 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.06.10 18:49:10 | 002,255,360 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011.04.19 00:51:32 | 000,496,560 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2011.02.01 21:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 21:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.13 02:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.17 17:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.10.14 22:38:34 | 000,653,952 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009.05.06 00:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.10 20:13:11 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.01.09 21:24:42 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013.01.09 21:24:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013.01.09 20:19:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 20:18:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.09 20:18:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 20:18:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 20:18:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 20:18:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 20:18:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 20:18:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.09 06:24:09 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2013.01.09 06:23:42 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.01.09 06:23:42 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013.01.09 06:23:42 | 000,969,792 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013.01.09 06:23:42 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013.01.09 06:23:42 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.02.26 17:41:02 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.06.10 18:49:10 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2011.04.28 11:44:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011.02.19 05:23:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.01.21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011.01.25 22:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.09.17 09:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.01.10 20:13:11 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 06:23:44 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.11 19:37:45 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 19:37:34 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.18 18:21:56 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.02.01 21:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 21:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.11 19:37:49 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 19:37:48 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.10.02 23:21:00 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012.10.02 23:21:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.04 13:11:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 19:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.02.26 01:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011.02.10 22:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 22:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.31 11:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.30 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.17 09:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 09:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 09:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 09:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 19:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.22 19:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.12.20 20:04:20 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011.05.26 03:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Extras

Zitat:
OTL Extras logfile created on: 11.01.2013 20:34:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\A93S\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 4,48 Gb Available Physical Memory | 56,64% Memory free
15,82 Gb Paging File | 12,09 Gb Available in Paging File | 76,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,55 Gb Total Space | 138,75 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
Drive D: | 505,96 Gb Total Space | 505,86 Gb Free Space | 99,98% Space Free | Partition Type: NTFS

Computer Name: A93S-PC | User Name: A93S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00933061-BD59-420E-BC8D-1ADAB1FE6C7D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0215F8D6-B968-4FE3-91BD-8864EB4B7158}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0ECE856D-AB11-47DE-91F1-503CA21B8E1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1568E29B-95F7-4877-A759-718830D542A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25271552-6F39-4BCD-BFA7-4D17DC014BC7}" = rport=445 | protocol=6 | dir=out | app=system |
"{26A7C340-44EE-4EB9-9BE9-F0CD9C29BE0A}" = lport=445 | protocol=6 | dir=in | app=system |
"{31020684-C9DB-4CBF-B69C-B87128097E8A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33233E65-EE55-4B71-BD0C-0335FA366A63}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F3DECF1-46F3-4F5D-A359-80FCAAEA2FAC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{5095E4F3-1D02-4F0C-8E79-77C5BE83F542}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{54661A0E-34B1-4AFC-9A17-1673B9F99DA7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{75B72423-358A-425E-97D0-56D055799CDC}" = rport=138 | protocol=17 | dir=out | app=system |
"{78559E00-F7DA-4B5B-A646-F9857127008B}" = rport=139 | protocol=6 | dir=out | app=system |
"{7CFA8E02-C747-4B72-80E0-B89B773C44E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{830D70AC-FFE9-4649-96A3-1F83A9C089A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{842B40AC-9343-4B34-B3EA-E9B2268E3B9A}" = lport=137 | protocol=17 | dir=in | app=system |
"{881DFDDD-D8F4-46AC-83A0-93500DBF0182}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B351149-8040-41F4-8852-42C7258032C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{A93DA3C7-CD9F-4274-82E4-D2F271AAEBB1}" = lport=139 | protocol=6 | dir=in | app=system |
"{AE8B5EFD-478B-465F-96A8-1051148773FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B530513C-0CF2-4A03-9125-093CFC9461CA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EEE0F417-0C99-4C9E-806C-53BC27C5BC16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01041B1E-6350-479C-B015-1D1CB5AFBB20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{039F0CCC-B452-41AA-8807-876D3225FE6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0D73A0E7-0092-4CA9-8969-6820224F8469}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{0E0A8A30-71A8-4B82-98D4-F0CC7C2B1D70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{13CB715B-8C8C-48AF-A36D-FDB0FFAE3EAB}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{13E6A79B-DF46-4C2C-A251-F1F8B04FD48B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{14C7C97D-4431-4E56-AA67-EFD659FC9B4D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{17E72A1D-39A6-411C-9CF9-F835C74DDA09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{1D583306-102E-4F63-88D4-0176B5F2B1E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1FB9E5C1-9F81-4B23-9B79-6D52EAB80984}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman sniper challenge\hmsc.exe |
"{20057C6F-6B74-4774-9948-B00ADF0E47CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2B60F11A-896D-4358-84DD-76E0FBDEA4CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2B722D55-8641-4F5B-97DD-A8CE97BB88A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{2B9D92DC-F07A-45E8-B81E-9110E4FE46F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F402599-CF0A-4D33-B3C5-16FF6DECD065}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{34EFA528-71EB-457C-A6D5-190E6CCCC230}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38854C7E-1C24-49A9-A9A7-9A7C501EB2C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A010DCA-9804-40ED-89D3-F45ECEC3F9C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{3DD763C0-7B89-43EA-912F-A7D29312052D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{3F3BE4B2-1312-43A4-A409-FFE0E512C222}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FB00525-99E9-496C-93EF-59E20458F048}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43CA1F7A-1663-4889-A5C5-330559AECE88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman sniper challenge\hmsc.exe |
"{43EEC3AD-708B-45F1-A34D-6CFEE9C8E3C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{443E856B-BBD6-46D0-80BA-983BCC437C2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{496F537D-843D-4897-B431-671A6A1CD2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{53628422-81D3-4F17-B343-F7E1F956B5A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54C89097-B047-4DE6-BE27-FF5259C1489C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{5755315C-235A-4C22-BB29-33B8CFC7F0D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5FA37FC3-6B06-4511-BB62-D083FDE32DFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62C90FC0-D23B-465B-9C12-A4E05C9B4F06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{67C163E7-27F9-4D7C-8404-ADCF3A69370C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{69716434-798F-4E38-B077-9A519C01CA32}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{6FC75ECA-14C5-4A27-8E19-C4850483D769}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FD5D8F7-3520-47E6-A8D2-FE14C181480B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{75EC2227-0A52-4890-B405-A0C3ABABADB4}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{81A45328-C55E-490E-B241-08813A0994A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84D50712-EEE1-4809-8025-7CEDD0FD0505}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8FE4ADBC-E93D-45EB-9E82-108E9DF76E16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{9567E4B9-3222-4CAD-88CD-798F3B89ECA6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{95DC0087-3802-4376-BD53-17C52E7B9EBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9886C353-275F-4458-B266-FC8FD9833EAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{997E9AEF-137F-4272-9900-C12ECFFFAF6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BF90721-C9D6-4724-BDC9-3B1649B58EF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{A14F6DDA-16F2-4F93-A06E-B015229611E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{A5F27D26-C6D8-4BBA-8450-70EBDE27E337}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{A759F424-BBCE-4110-B7ED-555C2D3A49E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A7723673-AD78-40D9-AE99-C9960421D27D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{B2E8E9D9-CB30-46F0-A40C-C579E04BC618}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money demo\hitmanbloodmoney.exe |
"{B8719BAE-6DF4-41C2-8997-F7CC9FAB8713}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B924159C-6888-49A3-B3CB-3B4473F0146D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{C1AA6B01-167E-4F05-94AB-A796D87B636E}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{C686EBEA-A439-46E0-8E16-1D8B5F68CE71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money demo\hitmanbloodmoney.exe |
"{CE24DD01-26BB-4AB1-A56D-6962D96F63D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{D12E5B2B-583D-4E62-8E94-960AB4CD3B9F}" = protocol=6 | dir=out | app=system |
"{D7A33137-2889-4F1D-A5D8-4BB610C8DD2D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D7C84D72-C211-4D8B-A749-2651A46D366D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{D9ECB506-94E8-419C-A763-24E565C3EF95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{DB7DA4FF-E5E5-4495-8E12-F0BDAD2D922B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC94E749-3E13-481A-8800-B225508F2F8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E08609B2-7A9A-4D0B-84DA-9259F1075F69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{E1082C2E-A697-4A44-A017-987343BDDE8A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E7D2F640-B748-4E78-BBF7-A0BA97B999E3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E95470F8-97EF-421A-AB1F-09C714DC9491}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{EA8C54DF-5C99-4CF8-82E7-3D58AD6233B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{ED5DFAA6-63FB-4373-BC49-A7C6DD2C2996}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{F967FD31-7B79-45A4-B16B-77DF8BF52ED2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FFBC4C2E-A8E0-4FD1-969C-403B9AA0F047}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"TCP Query User{30058463-61FE-4128-B014-764DDACEFF4D}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{5A07D7AC-BE70-4BD6-991D-E09307A2FAA7}C:\program files (x86)\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{5A4D9BF2-421A-487B-A9EA-B4173989C7C8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{5FBCE382-BB1C-4DE0-B9E0-AD69251D4B87}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |
"TCP Query User{69255085-746C-4725-97CF-2E3A98423376}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{57E329CE-8187-407D-9311-4D0D5865805F}C:\program files (x86)\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{82F2F1D9-C721-46F6-BA00-9C35524EEC69}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{CF4F5E4D-FFF8-4A5B-B16C-1F6C059CC16F}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |
"UDP Query User{E8CCBCB4-1063-4FC8-AE3A-1FFB576ABEDD}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F3D62742-A69C-41E5-A3E6-01B4DA1AA899}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.11 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.1.1.144
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Bookworm Deluxe" = Bookworm Deluxe
"bwin Poker_is1" = bwin Poker 1.0.0
"Cooking Dash" = Cooking Dash
"DAEMON Tools Lite" = DAEMON Tools Lite
"Exif-Viewer" = Exif-Viewer 2.51
"Free Video Dub_is1" = Free Video Dub version 2.0.14.903
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.3.903
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.17.903
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PokerStars" = PokerStars
"Steam App 15100" = Assassin's Creed
"Steam App 203140" = Hitman: Absolution
"Steam App 205930" = Hitman: Sniper Challenge
"Steam App 219" = Half-Life 2: Demo
"Steam App 24240" = PAYDAY: The Heist
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4560" = Company of Heroes
"Steam App 50620" = Darksiders
"Steam App 550" = Left 4 Dead 2
"Steam App 55110" = Red Faction: Armageddon
"Steam App 55230" = Saints Row: The Third
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 6860" = Hitman: Blood Money
"Stellarium_is1" = Stellarium 0.11.2
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22.11.2012 14:22:05 | Computer Name = A93S-PC | Source = Google Update | ID = 20
Description =

Error - 25.11.2012 17:26:55 | Computer Name = A93S-PC | Source = ESENT | ID = 455
Description = Windows (3788) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00021.log.

Error - 25.11.2012 17:26:55 | Computer Name = A93S-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 25.11.2012 17:26:56 | Computer Name = A93S-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 25.11.2012 17:26:57 | Computer Name = A93S-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 25.11.2012 17:26:57 | Computer Name = A93S-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 25.11.2012 17:26:58 | Computer Name = A93S-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 25.11.2012 17:26:58 | Computer Name = A93S-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 25.11.2012 17:26:58 | Computer Name = A93S-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 25.11.2012 17:26:58 | Computer Name = A93S-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 25.11.2012 17:26:58 | Computer Name = A93S-PC | Source = Windows Search Service | ID = 7010
Description =

[ System Events ]
Error - 05.06.2012 14:58:52 | Computer Name = A93S-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 05.06.2012 14:59:03 | Computer Name = A93S-PC | Source = DCOM | ID = 10005
Description =

Error - 05.06.2012 14:59:03 | Computer Name = A93S-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.

Error - 05.06.2012 14:59:03 | Computer Name = A93S-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 05.06.2012 14:59:03 | Computer Name = A93S-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.

Error - 05.06.2012 14:59:03 | Computer Name = A93S-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 22.06.2012 12:10:19 | Computer Name = A93S-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 22.06.2012 12:10:19 | Computer Name = A93S-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 22.06.2012 12:10:19 | Computer Name = A93S-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.

Error - 22.06.2012 12:10:19 | Computer Name = A93S-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.


< End of report >
Und zu guter letzt noch Malwarebytes
Zitat:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.11.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
A93S :: A93S-PC [Administrator]

11.01.2013 20:03:51
MBAM-log-2013-01-11 (22-10-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 488545
Laufzeit: 1 Stunde(n), 29 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\A93S\AppData\Roaming\skype.dat (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
Ich hoffe ihr könnt mir weiterhelfen.

Beste Grüße,

Snyder

Alt 12.01.2013, 00:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 12.01.2013, 09:48   #3
bobsnyder
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Ich habe am 23.10.12 mit Avira einen Scan durchgeführt: die Log Datei dazu ist nicht mehr vorhanden aber die Funde waren:

- EXP/JAVA.Ternub.Gen
- EXP/2011-3544DP.1
- EXP/CVE-2012-0507
- EXP/CVE-2010-0840.PC
- EXP/2011-3544.DO
- EXP/CVE-2011-3544.CF

und noch einen GMER Log von gestern Abend:
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-12 09:39:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.JC45 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\A93S\AppData\Local\Temp\pxldrpoc.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                              0000000076bdefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                            0000000076c099b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                            0000000076c194d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                            0000000076c19640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                     0000000076c3a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                 000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                   000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                               000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                              000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\ole32.dll!CoCreateInstance                                                      000007fefec87490 11 bytes JMP 000007fffd340228
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                     000007fefec9bf00 7 bytes JMP 000007fffd340260
.text    C:\Windows\system32\Dwm.exe[1696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                              000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Windows\system32\Dwm.exe[1696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Windows\system32\Dwm.exe[1696] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                   000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Windows\system32\Dwm.exe[1696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                            000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Windows\system32\Dwm.exe[1696] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                             000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Windows\system32\Dwm.exe[1696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                           000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Windows\system32\Dwm.exe[1696] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                   000007fef91a4da4 7 bytes JMP 000007fff91900d8
.text    C:\Windows\system32\Dwm.exe[1696] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                  000007fef91c9af4 7 bytes JMP 000007fff9190110
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                       00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                       0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                       0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                         0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                            0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                          0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                              0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                 0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                         0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                           0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2220] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                 00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Windows\system32\taskeng.exe[2600] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                          000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Windows\system32\taskeng.exe[2600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                            000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Windows\system32\taskeng.exe[2600] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                               000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Windows\system32\taskeng.exe[2600] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                        000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Windows\system32\taskeng.exe[2600] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                         000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Windows\system32\taskeng.exe[2600] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                       000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Windows\system32\taskeng.exe[2600] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                               000007fefec87490 11 bytes JMP 000007fffd340228
.text    C:\Windows\system32\taskeng.exe[2600] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                              000007fefec9bf00 7 bytes JMP 000007fffd340260
.text    C:\Windows\system32\taskeng.exe[2680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                          000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Windows\system32\taskeng.exe[2680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                            000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Windows\system32\taskeng.exe[2680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                               000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Windows\system32\taskeng.exe[2680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                        000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Windows\system32\taskeng.exe[2680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                         000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Windows\system32\taskeng.exe[2680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                       000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Windows\system32\taskeng.exe[2680] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                               000007fefec87490 11 bytes JMP 000007fffd340228
.text    C:\Windows\system32\taskeng.exe[2680] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                              000007fefec9bf00 7 bytes JMP 000007fffd340260
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                         00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                  0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                     0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                   0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                       0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                          0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                  0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                    0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                 00000000747d1401 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                   00000000747d1419 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                 00000000747d1431 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                 00000000747d144a 2 bytes [7D, 74]
.text    ...                                                                                                                                                                * 9
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                    00000000747d14dd 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                             00000000747d14f5 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                    00000000747d150d 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                             00000000747d1525 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                   00000000747d153d 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                        00000000747d1555 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                 00000000747d156d 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                   00000000747d1585 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                      00000000747d159d 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                   00000000747d15b5 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                 00000000747d15cd 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                             00000000747d16b2 2 bytes [7D, 74]
.text    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                             00000000747d16bd 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                      00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                             00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                             0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                             0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                               0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                  0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                    0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                       0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                               0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                 0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                      00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                       00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                              00000000747d1401 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                00000000747d1419 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                              00000000747d1431 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                              00000000747d144a 2 bytes [7D, 74]
.text    ...                                                                                                                                                                * 9
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                 00000000747d14dd 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                          00000000747d14f5 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                 00000000747d150d 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                          00000000747d1525 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                00000000747d153d 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                     00000000747d1555 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                              00000000747d156d 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                00000000747d1585 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                   00000000747d159d 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                00000000747d15b5 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                              00000000747d15cd 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                          00000000747d16b2 2 bytes [7D, 74]
.text    C:\Windows\AsScrPro.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                          00000000747d16bd 2 bytes [7D, 74]
.text    C:\Windows\SysWOW64\ACEngSvr.exe[3004] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                         000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Windows\SysWOW64\ACEngSvr.exe[3004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                           000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Windows\SysWOW64\ACEngSvr.exe[3004] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                              000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Windows\SysWOW64\ACEngSvr.exe[3004] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                       000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Windows\SysWOW64\ACEngSvr.exe[3004] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Windows\SysWOW64\ACEngSvr.exe[3004] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                      000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Windows\SysWOW64\ACEngSvr.exe[3004] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                              000007fefec87490 11 bytes JMP 000007fffd340228
.text    C:\Windows\SysWOW64\ACEngSvr.exe[3004] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                             000007fefec9bf00 7 bytes JMP 000007fffd340260
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                        00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                               00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                               0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                               0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                 0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                    0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                  0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                      0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                         0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                 0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                   0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                        00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2348] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                         00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                        0000000076bdefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                      0000000076c099b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                      0000000076c194d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                      0000000076c19640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                               0000000076c3a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                           000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                             000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                         000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                          000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                        000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                000007fefec87490 11 bytes JMP 000007fffd340228
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[332] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                               000007fefec9bf00 7 bytes JMP 000007fffd340260
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                        0000000076bdefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                      0000000076c099b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                      0000000076c194d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                      0000000076c19640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                               0000000076c3a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                           000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                             000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                         000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                000007fefec87490 11 bytes JMP 000007fffd340228
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                               000007fefec9bf00 7 bytes JMP 000007fffd340260
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                          000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                        000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                 0000000076bdefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                               0000000076c099b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                               0000000076c194d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                               0000000076c19640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                        0000000076c3a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                    000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                      000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                         000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                  000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                   000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                 000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                         000007fefec87490 11 bytes JMP 000007fffd340228
.text    C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                        000007fefec9bf00 7 bytes JMP 000007fffd340260
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                      0000000076bdefe0 5 bytes JMP 000000016fff0148
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                    0000000076c099b0 7 bytes JMP 000000016fff00d8
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                    0000000076c194d0 5 bytes JMP 000000016fff0180
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                    0000000076c19640 5 bytes JMP 000000016fff0110
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                             0000000076c3a500 7 bytes JMP 000000016fff01b8
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                         000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                           000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                              000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                       000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                      000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                              000007fefec87490 11 bytes JMP 000007fffd340228
.text    C:\Windows\System32\igfxpers.exe[3360] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                             000007fefec9bf00 7 bytes JMP 000007fffd340260
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                 00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                        00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                        0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                        0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                          0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                             0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                           0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                               0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                  0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                          0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                            0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                 00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3392] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                  00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                0000000076bdefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                              0000000076c099b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                              0000000076c194d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                              0000000076c19640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                       0000000076c3a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                   000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                     000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                        000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                 000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3296] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW                                                  0000000076bdefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx                                                0000000076c099b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation                                                0000000076c194d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW                                                0000000076c19640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\KERNEL32.dll!RegSetValueExA                                                         0000000076c3a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                     000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                       000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                          000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                   000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                    000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                  000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\ole32.dll!CoCreateInstance                                                          000007fefec87490 11 bytes JMP 000007fffd340228
.text    C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3880] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                         000007fefec9bf00 7 bytes JMP 000007fffd340260
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                       00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                       0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                       0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                         0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                 0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                         0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                           0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4388] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                 00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                   00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                               0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                             0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                 0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                   00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                    00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                            0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4396] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                              0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\kernel32.dll!RegSetValueExA           00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW  00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx  0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation  0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW    0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW       0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW     0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW         0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary            0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList    0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo      0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket           00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4412] C:\Windows\syswow64\ole32.dll!CoCreateInstance            00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                 00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                        00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                        0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                        0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                          0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                             0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                           0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                               0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                  0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                          0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                            0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                 00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4496] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                  00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                          00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                 00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                 0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                 0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                   0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                      0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                    0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                        0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                           0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                   0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                     0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                          00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4508] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                           00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                  00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                         00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                         0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                         0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                           0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                              0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                            0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                   0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                           0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                             0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                  00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4604] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                   00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                       00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                       0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                       0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                         0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                            0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                          0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                              0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                 0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                         0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                           0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[4612] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                 00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                               00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                      00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                      0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                      0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                        0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                           0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                         0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                             0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                        0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                          0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                               00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\FreePDF_XP\fpassist.exe[4656] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                             00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                    00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                    0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                    0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                      0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                         0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                       0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                           0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                              0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                      0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                        0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                             00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4688] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                              00000000750f9d0b 5 bytes JMP 00000001718b122b
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                           0000000076bdefe0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                         0000000076c099b0 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                         0000000076c194d0 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                         0000000076c19640 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                  0000000076c3a500 7 bytes JMP 000000016fff01b8
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                              000007fefd353460 7 bytes JMP 000007fffd3400d8
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                000007fefd359940 6 bytes JMP 000007fffd340148
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                   000007fefd359fb0 5 bytes JMP 000007fffd340180
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                            000007fefd35a150 5 bytes JMP 000007fffd340110
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                             000007fefef889e0 8 bytes JMP 000007fffd3401f0
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                           000007fefef8be40 8 bytes JMP 000007fffd3401b8
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                     0000000074ad549c 5 bytes JMP 0000000100080800
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                           00000000747d1401 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                             00000000747d1419 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                           00000000747d1431 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                           00000000747d144a 2 bytes [7D, 74]
.text    ...                                                                                                                                                                * 9
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                              00000000747d14dd 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                       00000000747d14f5 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                              00000000747d150d 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                       00000000747d1525 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                             00000000747d153d 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                  00000000747d1555 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                           00000000747d156d 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                             00000000747d1585 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                00000000747d159d 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                             00000000747d15b5 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                           00000000747d15cd 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                       00000000747d16b2 2 bytes [7D, 74]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                       00000000747d16bd 2 bytes [7D, 74]
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                     00000000749d1429 7 bytes JMP 00000001718b128f
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                            00000000749eb223 5 bytes JMP 00000001718b159b
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                            0000000074a688f4 7 bytes JMP 00000001718b1339
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                            0000000074a68979 5 bytes JMP 00000001718b16b8
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                              0000000074a68ccf 5 bytes JMP 00000001718b101e
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                 0000000074ad1d1b 5 bytes JMP 00000001718b11d1
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                               0000000074ad1dc9 5 bytes JMP 00000001718b1019
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                   0000000074ad2aa4 5 bytes JMP 00000001718b154b
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                      0000000074ad2d0a 5 bytes JMP 00000001718b1276
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                              0000000074c2e9a2 5 bytes JMP 00000001718b15b4
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                0000000074c2ebdc 5 bytes JMP 00000001718b119a
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                     00000000750c5ea5 5 bytes JMP 00000001718b15e6
.text    C:\Users\A93S\Desktop\gmer-2.0.18444.exe[4928] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                      00000000750f9d0b 5 bytes JMP 00000001718b122b

---- Threads - GMER 2.0 ----

Thread    [2108:2128]                                                                                                                                                       0000000076ff3e45
Thread    [2108:2132]                                                                                                                                                       00000000755e7587
Thread    [2108:2152]                                                                                                                                                       0000000073e0c59c
Thread    [2108:2312]                                                                                                                                                       0000000073e0c59c
Thread    [2108:2316]                                                                                                                                                       0000000076ff2e25
Thread    [2108:2320]                                                                                                                                                       0000000073e0c41c
Thread    [2108:2556]                                                                                                                                                       000000007242e2db
Thread    [2108:2528]                                                                                                                                                       0000000073e0c59c
Thread    [2108:2508]                                                                                                                                                       0000000073e0c41c
Thread    [2108:2504]                                                                                                                                                       0000000073e0c41c
Thread    [2108:2516]                                                                                                                                                       0000000073e0c41c
Thread    [2108:2512]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3036]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3056]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3048]                                                                                                                                                       0000000073e0c41c
Thread    [2108:2212]                                                                                                                                                       0000000073e0c41c
Thread    [2108:1596]                                                                                                                                                       0000000073e0c41c
Thread    [2108:1588]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3076]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3080]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3084]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3088]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3092]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3096]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3100]                                                                                                                                                       0000000073e0c41c
Thread    [2108:3120]                                                                                                                                                       0000000073e0c59c
Thread    [2108:3124]                                                                                                                                                       00000000713e8de0
Thread    [2108:3132]                                                                                                                                                       00000000713e8de0
Thread    [2108:3140]                                                                                                                                                       00000000713e8de0
Thread    [2108:3144]                                                                                                                                                       00000000713e4e00
Thread    [2108:3168]                                                                                                                                                       0000000073e0c59c
Thread    [2108:4700]                                                                                                                                                       0000000073e0c59c
Thread    [2108:4868]                                                                                                                                                       0000000073e0c59c
Thread   C:\Program Files\P4G\BatteryLife.exe [2688:1580]                                                                                                                   0000000180001820
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:3888]                                                                                                                 000000006f3762ee
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:3864]                                                                                                                 0000000076ff2e25
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:292]                                                                                                                  00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:3672]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:1724]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:3660]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:3664]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4276]                                                                                                                 000000006bb30510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4280]                                                                                                                 000000006a12a510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4284]                                                                                                                 000000006a9328ad
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4336]                                                                                                                 0000000076ff3e45
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4360]                                                                                                                 000000006a12a510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4364]                                                                                                                 000000006a12a510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4368]                                                                                                                 000000006a12a510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:3368]                                                                                                                 000000006bb30510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4644]                                                                                                                 000000006bb30510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4832]                                                                                                                 00000000380b5970
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:1684]                                                                                                                 000000006bb30510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4900]                                                                                                                 000000006bb30510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:780]                                                                                                                  000000006bb30510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5040]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:1216]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:1412]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:1372]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:1432]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:872]                                                                                                                  00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4308]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4304]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4272]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4356]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:3312]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5056]                                                                                                                 000000006bb30510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5060]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:200]                                                                                                                  00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:288]                                                                                                                  00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:2188]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5136]                                                                                                                 000000006bc4b420
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5280]                                                                                                                 000000006bb30510
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5292]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5296]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5300]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5304]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5308]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5312]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5316]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5320]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5324]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5328]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5332]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5336]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5340]                                                                                                                 00000000301a81ce
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4892]                                                                                                                 0000000076ff3e45
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:5704]                                                                                                                 0000000076ff3e45
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:3652]                                                                                                                 0000000076ff3e45
Thread   C:\Program Files (x86)\Steam\Steam.exe [3384:4516]                                                                                                                 0000000076ff7111
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [952:4792]                                                                                                      000007fefb8b2a7c
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5448]                                                                                                     0000000062df628d
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5460]                                                                                                     0000000062df52c2
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5464]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5468]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5472]                                                                                                     000000006f3762ee
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5476]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5480]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5484]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5492]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5496]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5500]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5504]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5508]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5512]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5516]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5520]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5524]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5528]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5536]                                                                                                     0000000076ff2e25
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5540]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5552]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5556]                                                                                                     000000006fa627e1
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5564]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5924]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5928]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5956]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5960]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5964]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5980]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5984]                                                                                                     0000000073d332fb
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5992]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5996]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:6000]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:6024]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:6060]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:3240]                                                                                                     0000000076ff3e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:4064]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:4012]                                                                                                     0000000076ff3e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:3200]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5000]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:1168]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:4536]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:392]                                                                                                      0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5580]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:4312]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5384]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:3580]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5488]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:1896]                                                                                                     00000000710427c1
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5976]                                                                                                     0000000076ff3e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:1376]                                                                                                     0000000067b1c724
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:1160]                                                                                                     0000000076ff3e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5720]                                                                                                     00000000750dd864
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5812]                                                                                                     0000000076ff3e45
Thread   C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5432:5596]                                                                                                     0000000076ff7111
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:1708]                                                                                            0000000062df52c2
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5252]                                                                                            000000006fa627e1
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:1328]                                                                                            0000000076ff3e45
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5600]                                                                                            0000000076ff3e45
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5560]                                                                                            0000000076ff7111
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5616]                                                                                            0000000076ff3e45
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5604]                                                                                            000000005efcd33c
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5608]                                                                                            000000005efcd33c
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5628]                                                                                            000000005efcd33c
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5612]                                                                                            000000005efcd33c
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5632]                                                                                            000000005efcd33c
Thread   C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3272:5036]                                                                                            000000005efcd33c
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @  [2108]                                                                                                                                   0000000000d80000
Library  ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [952]                                                                                  000007fee6620000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                                        
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                                    

---- EOF - GMER 2.0 ----
__________________
Alt 12.01.2013, 15:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.01.2013, 16:12   #5
bobsnyder
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Vielen Dank für deine Hilfe

Hier der Log vom 1. Scan:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
A93S :: A93S-PC [administrator]

12.01.2013 15:57:17
mbar-log-2013-01-12 (15-57-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30248
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\A93S\AppData\Roaming\skype.dat (Trojan.Agent) -> Delete on reboot.

(end)
im 2. Scan wurde keine Malware mehr gefunden:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
A93S :: A93S-PC [administrator]

12.01.2013 16:10:36
mbar-log-2013-01-12 (16-10-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30274
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Alt 12.01.2013, 16:46   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?

Alt 12.01.2013, 17:19   #7
bobsnyder
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Erledigt!

aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-12 17:02:00
-----------------------------
17:02:00.746    OS Version: Windows x64 6.1.7601 Service Pack 1
17:02:00.746    Number of processors: 8 586 0x2A07
17:02:00.747    ComputerName: A93S-PC  UserName: A93S
17:02:04.524    Initialize success
17:02:10.196    AVAST engine defs: 13011200
17:02:22.275    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:02:22.281    Disk 0 Vendor: ST310005 JC45 Size: 953869MB BusType: 3
17:02:22.299    Disk 0 MBR read successfully
17:02:22.305    Disk 0 MBR scan
17:02:22.319    Disk 0 Windows 7 default MBR code
17:02:22.330    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
17:02:22.339    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       410163 MB offset 52430848
17:02:22.348    Disk 0 Partition - 00     0F Extended LBA            518105 MB offset 892444672
17:02:22.377    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       518104 MB offset 892446720
17:02:22.411    Disk 0 scanning C:\Windows\system32\drivers
17:02:31.669    Service scanning
17:02:50.128    Modules scanning
17:02:50.146    Disk 0 trace - called modules:
17:02:50.176    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
17:02:50.184    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ae2790]
17:02:50.191    3 CLASSPNP.SYS[fffff88001b5843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80074e4050]
17:03:00.568    AVAST engine scan C:\Windows
17:03:02.782    AVAST engine scan C:\Windows\system32
17:06:56.042    AVAST engine scan C:\Windows\system32\drivers
17:07:07.479    AVAST engine scan C:\Users\A93S
17:09:23.811    AVAST engine scan C:\ProgramData
17:10:33.736    Scan finished successfully
17:11:15.942    Disk 0 MBR has been saved successfully to "C:\Users\A93S\Desktop\MBR.dat"
17:11:15.946    The log file has been saved successfully to "C:\Users\A93S\Desktop\aswMBR.txt"

TDSS:


Code:
ATTFilter
17:16:01.0556 5284  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:16:01.0687 5284  ============================================================
17:16:01.0687 5284  Current date / time: 2013/01/12 17:16:01.0687
17:16:01.0687 5284  SystemInfo:
17:16:01.0687 5284  
17:16:01.0687 5284  OS Version: 6.1.7601 ServicePack: 1.0
17:16:01.0687 5284  Product type: Workstation
17:16:01.0688 5284  ComputerName: A93S-PC
17:16:01.0688 5284  UserName: A93S
17:16:01.0688 5284  Windows directory: C:\Windows
17:16:01.0688 5284  System windows directory: C:\Windows
17:16:01.0688 5284  Running under WOW64
17:16:01.0688 5284  Processor architecture: Intel x64
17:16:01.0688 5284  Number of processors: 8
17:16:01.0688 5284  Page size: 0x1000
17:16:01.0688 5284  Boot type: Normal boot
17:16:01.0688 5284  ============================================================
17:16:02.0126 5284  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:16:02.0133 5284  ============================================================
17:16:02.0133 5284  \Device\Harddisk0\DR0:
17:16:02.0133 5284  MBR partitions:
17:16:02.0133 5284  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x32119800
17:16:02.0154 5284  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3531A800, BlocksNum 0x3F3EC000
17:16:02.0154 5284  ============================================================
17:16:02.0177 5284  C: <-> \Device\Harddisk0\DR0\Partition1
17:16:02.0209 5284  D: <-> \Device\Harddisk0\DR0\Partition2
17:16:02.0210 5284  ============================================================
17:16:02.0210 5284  Initialize success
17:16:02.0210 5284  ============================================================
17:16:10.0988 1640  ============================================================
17:16:10.0988 1640  Scan started
17:16:10.0988 1640  Mode: Manual; SigCheck; TDLFS; 
17:16:10.0988 1640  ============================================================
17:16:11.0309 1640  ================ Scan system memory ========================
17:16:11.0309 1640  System memory - ok
17:16:11.0309 1640  ================ Scan services =============================
17:16:11.0451 1640  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:16:11.0526 1640  1394ohci - ok
17:16:11.0538 1640  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:16:11.0551 1640  ACPI - ok
17:16:11.0568 1640  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:16:11.0620 1640  AcpiPmi - ok
17:16:11.0713 1640  [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:16:11.0744 1640  AdobeFlashPlayerUpdateSvc - ok
17:16:11.0766 1640  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:16:11.0794 1640  adp94xx - ok
17:16:11.0814 1640  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:16:11.0826 1640  adpahci - ok
17:16:11.0839 1640  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:16:11.0849 1640  adpu320 - ok
17:16:11.0887 1640  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:16:11.0982 1640  AeLookupSvc - ok
17:16:12.0029 1640  [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent        C:\Windows\system32\FBAgent.exe
17:16:12.0054 1640  AFBAgent - ok
17:16:12.0081 1640  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:16:12.0121 1640  AFD - ok
17:16:12.0145 1640  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:16:12.0153 1640  agp440 - ok
17:16:12.0174 1640  [ 14370049D8C9912EAC7603809A77C378 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
17:16:12.0182 1640  AiCharger - ok
17:16:12.0191 1640  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:16:12.0218 1640  ALG - ok
17:16:12.0221 1640  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:16:12.0228 1640  aliide - ok
17:16:12.0231 1640  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:16:12.0239 1640  amdide - ok
17:16:12.0241 1640  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:16:12.0267 1640  AmdK8 - ok
17:16:12.0270 1640  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:16:12.0293 1640  AmdPPM - ok
17:16:12.0329 1640  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:16:12.0338 1640  amdsata - ok
17:16:12.0351 1640  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:16:12.0361 1640  amdsbs - ok
17:16:12.0373 1640  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:16:12.0383 1640  amdxata - ok
17:16:12.0426 1640  [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
17:16:12.0450 1640  Amsp - ok
17:16:12.0552 1640  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:16:12.0578 1640  AntiVirSchedulerService - ok
17:16:12.0583 1640  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:16:12.0592 1640  AntiVirService - ok
17:16:12.0620 1640  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:16:12.0681 1640  AppID - ok
17:16:12.0713 1640  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:16:12.0787 1640  AppIDSvc - ok
17:16:12.0803 1640  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:16:12.0871 1640  Appinfo - ok
17:16:12.0875 1640  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:16:12.0885 1640  arc - ok
17:16:12.0888 1640  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:16:12.0897 1640  arcsas - ok
17:16:12.0955 1640  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
17:16:12.0981 1640  ASLDRService - ok
17:16:12.0990 1640  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
17:16:13.0009 1640  ASMMAP64 - ok
17:16:13.0070 1640  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:16:13.0094 1640  aspnet_state - ok
17:16:13.0106 1640  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:13.0168 1640  AsyncMac - ok
17:16:13.0184 1640  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:16:13.0194 1640  atapi - ok
17:16:13.0262 1640  [ F8633CDD09647A64EE8DB550630427FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:16:13.0340 1640  athr - ok
17:16:13.0351 1640  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
17:16:13.0363 1640  ATKGFNEXSrv - ok
17:16:13.0379 1640  [ AC31727F9946E9009480708E4D1B9986 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
17:16:13.0390 1640  ATKWMIACPIIO - ok
17:16:13.0429 1640  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:16:13.0500 1640  AudioEndpointBuilder - ok
17:16:13.0510 1640  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:16:13.0541 1640  AudioSrv - ok
17:16:13.0609 1640  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:16:13.0636 1640  avgntflt - ok
17:16:13.0653 1640  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:16:13.0677 1640  avipbb - ok
17:16:13.0688 1640  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:16:13.0701 1640  avkmgr - ok
17:16:13.0716 1640  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:16:13.0750 1640  AxInstSV - ok
17:16:13.0785 1640  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:16:13.0836 1640  b06bdrv - ok
17:16:13.0874 1640  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:16:13.0925 1640  b57nd60a - ok
17:16:13.0941 1640  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:16:13.0978 1640  BDESVC - ok
17:16:14.0015 1640  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:16:14.0064 1640  Beep - ok
17:16:14.0107 1640  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:16:14.0161 1640  BFE - ok
17:16:14.0191 1640  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:16:14.0246 1640  BITS - ok
17:16:14.0269 1640  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:16:14.0294 1640  blbdrive - ok
17:16:14.0320 1640  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:16:14.0350 1640  bowser - ok
17:16:14.0352 1640  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:16:14.0372 1640  BrFiltLo - ok
17:16:14.0374 1640  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:16:14.0403 1640  BrFiltUp - ok
17:16:14.0453 1640  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:16:14.0498 1640  Browser - ok
17:16:14.0523 1640  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:16:14.0556 1640  Brserid - ok
17:16:14.0567 1640  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:16:14.0603 1640  BrSerWdm - ok
17:16:14.0607 1640  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:16:14.0634 1640  BrUsbMdm - ok
17:16:14.0636 1640  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:16:14.0652 1640  BrUsbSer - ok
17:16:14.0694 1640  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:16:14.0790 1640  BthEnum - ok
17:16:14.0798 1640  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:16:14.0864 1640  BTHMODEM - ok
17:16:14.0869 1640  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:16:14.0906 1640  BthPan - ok
17:16:14.0944 1640  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:16:14.0977 1640  BTHPORT - ok
17:16:15.0007 1640  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:16:15.0048 1640  bthserv - ok
17:16:15.0060 1640  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:16:15.0078 1640  BTHUSB - ok
17:16:15.0111 1640  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:16:15.0179 1640  cdfs - ok
17:16:15.0200 1640  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:16:15.0211 1640  cdrom - ok
17:16:15.0234 1640  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:16:15.0282 1640  CertPropSvc - ok
17:16:15.0307 1640  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:16:15.0320 1640  circlass - ok
17:16:15.0338 1640  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:16:15.0351 1640  CLFS - ok
17:16:15.0411 1640  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:15.0432 1640  clr_optimization_v2.0.50727_32 - ok
17:16:15.0467 1640  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:16:15.0492 1640  clr_optimization_v2.0.50727_64 - ok
17:16:15.0541 1640  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:16:15.0553 1640  clr_optimization_v4.0.30319_32 - ok
17:16:15.0562 1640  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:16:15.0580 1640  clr_optimization_v4.0.30319_64 - ok
17:16:15.0593 1640  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:15.0625 1640  CmBatt - ok
17:16:15.0642 1640  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:16:15.0650 1640  cmdide - ok
17:16:15.0666 1640  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
17:16:15.0693 1640  CNG - ok
17:16:15.0707 1640  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:16:15.0715 1640  Compbatt - ok
17:16:15.0725 1640  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:16:15.0756 1640  CompositeBus - ok
17:16:15.0758 1640  COMSysApp - ok
17:16:15.0852 1640  [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
17:16:15.0884 1640  cphs - ok
17:16:15.0901 1640  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:16:15.0913 1640  crcdisk - ok
17:16:15.0963 1640  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:16:15.0996 1640  CryptSvc - ok
17:16:16.0030 1640  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:16:16.0094 1640  DcomLaunch - ok
17:16:16.0123 1640  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:16:16.0163 1640  defragsvc - ok
17:16:16.0181 1640  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:16:16.0217 1640  DfsC - ok
17:16:16.0249 1640  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:16:16.0271 1640  Dhcp - ok
17:16:16.0288 1640  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:16:16.0327 1640  discache - ok
17:16:16.0379 1640  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:16:16.0400 1640  Disk - ok
17:16:16.0433 1640  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:16:16.0466 1640  Dnscache - ok
17:16:16.0482 1640  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:16:16.0551 1640  dot3svc - ok
17:16:16.0568 1640  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:16:16.0622 1640  DPS - ok
17:16:16.0637 1640  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:16:16.0661 1640  drmkaud - ok
17:16:16.0746 1640  [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64      C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
17:16:16.0774 1640  DrvAgent64 - ok
17:16:16.0800 1640  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:16:16.0817 1640  dtsoftbus01 - ok
17:16:16.0844 1640  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:16:16.0874 1640  DXGKrnl - ok
17:16:16.0886 1640  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:16:16.0925 1640  EapHost - ok
17:16:16.0998 1640  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:16:17.0082 1640  ebdrv - ok
17:16:17.0116 1640  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:16:17.0162 1640  EFS - ok
17:16:17.0230 1640  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:16:17.0280 1640  ehRecvr - ok
17:16:17.0299 1640  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:16:17.0338 1640  ehSched - ok
17:16:17.0383 1640  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:16:17.0416 1640  elxstor - ok
17:16:17.0419 1640  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:16:17.0443 1640  ErrDev - ok
17:16:17.0492 1640  [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
17:16:17.0502 1640  ETD - ok
17:16:17.0528 1640  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:16:17.0566 1640  EventSystem - ok
17:16:17.0610 1640  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:16:17.0651 1640  exfat - ok
17:16:17.0678 1640  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:16:17.0715 1640  fastfat - ok
17:16:17.0749 1640  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:16:17.0784 1640  Fax - ok
17:16:17.0797 1640  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:16:17.0816 1640  fdc - ok
17:16:17.0836 1640  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:16:17.0899 1640  fdPHost - ok
17:16:17.0918 1640  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:16:17.0957 1640  FDResPub - ok
17:16:17.0971 1640  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:16:17.0979 1640  FileInfo - ok
17:16:17.0990 1640  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:16:18.0039 1640  Filetrace - ok
17:16:18.0041 1640  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:16:18.0054 1640  flpydisk - ok
17:16:18.0069 1640  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:16:18.0080 1640  FltMgr - ok
17:16:18.0102 1640  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:16:18.0137 1640  FontCache - ok
17:16:18.0181 1640  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:16:18.0188 1640  FontCache3.0.0.0 - ok
17:16:18.0198 1640  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:16:18.0207 1640  FsDepends - ok
17:16:18.0235 1640  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:16:18.0241 1640  fssfltr - ok
17:16:18.0328 1640  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:16:18.0390 1640  fsssvc - ok
17:16:18.0410 1640  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:16:18.0418 1640  Fs_Rec - ok
17:16:18.0429 1640  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:16:18.0442 1640  fvevol - ok
17:16:18.0463 1640  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:16:18.0471 1640  gagp30kx - ok
17:16:18.0492 1640  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:16:18.0540 1640  gpsvc - ok
17:16:18.0575 1640  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:16:18.0583 1640  gupdate - ok
17:16:18.0592 1640  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:16:18.0600 1640  gupdatem - ok
17:16:18.0610 1640  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:16:18.0620 1640  hcw85cir - ok
17:16:18.0626 1640  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:16:18.0652 1640  HdAudAddService - ok
17:16:18.0671 1640  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:16:18.0693 1640  HDAudBus - ok
17:16:18.0695 1640  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:16:18.0721 1640  HidBatt - ok
17:16:18.0724 1640  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:16:18.0744 1640  HidBth - ok
17:16:18.0760 1640  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:16:18.0772 1640  HidIr - ok
17:16:18.0783 1640  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:16:18.0822 1640  hidserv - ok
17:16:18.0848 1640  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:16:18.0872 1640  HidUsb - ok
17:16:18.0884 1640  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:16:18.0928 1640  hkmsvc - ok
17:16:18.0947 1640  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:16:18.0978 1640  HomeGroupListener - ok
17:16:19.0006 1640  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:16:19.0029 1640  HomeGroupProvider - ok
17:16:19.0045 1640  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:16:19.0054 1640  HpSAMD - ok
17:16:19.0075 1640  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:16:19.0123 1640  HTTP - ok
17:16:19.0146 1640  hwdatacard - ok
17:16:19.0153 1640  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:16:19.0162 1640  hwpolicy - ok
17:16:19.0165 1640  hwusbdev - ok
17:16:19.0172 1640  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:16:19.0182 1640  i8042prt - ok
17:16:19.0228 1640  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:16:19.0254 1640  iaStor - ok
17:16:19.0302 1640  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:16:19.0325 1640  IAStorDataMgrSvc - ok
17:16:19.0359 1640  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:16:19.0395 1640  iaStorV - ok
17:16:19.0438 1640  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:16:19.0464 1640  idsvc - ok
17:16:19.0581 1640  [ A1CF07D24EDCDC6870535471654D957C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:16:19.0709 1640  igfx - ok
17:16:19.0722 1640  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:16:19.0730 1640  iirsp - ok
17:16:19.0757 1640  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:16:19.0801 1640  IKEEXT - ok
17:16:19.0903 1640  [ E53B926B51CF92F50A3AD0C5016805DD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:16:19.0999 1640  IntcAzAudAddService - ok
17:16:20.0002 1640  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:16:20.0009 1640  intelide - ok
17:16:20.0021 1640  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:16:20.0047 1640  intelppm - ok
17:16:20.0073 1640  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:16:20.0148 1640  IPBusEnum - ok
17:16:20.0151 1640  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:16:20.0180 1640  IpFilterDriver - ok
17:16:20.0210 1640  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:16:20.0240 1640  iphlpsvc - ok
17:16:20.0243 1640  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:16:20.0266 1640  IPMIDRV - ok
17:16:20.0269 1640  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:16:20.0328 1640  IPNAT - ok
17:16:20.0345 1640  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:16:20.0372 1640  IRENUM - ok
17:16:20.0375 1640  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:16:20.0383 1640  isapnp - ok
17:16:20.0414 1640  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:16:20.0443 1640  iScsiPrt - ok
17:16:20.0454 1640  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:16:20.0462 1640  kbdclass - ok
17:16:20.0490 1640  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:16:20.0524 1640  kbdhid - ok
17:16:20.0539 1640  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
17:16:20.0552 1640  kbfiltr - ok
17:16:20.0571 1640  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:16:20.0588 1640  KeyIso - ok
17:16:20.0606 1640  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:16:20.0615 1640  KSecDD - ok
17:16:20.0641 1640  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:16:20.0650 1640  KSecPkg - ok
17:16:20.0653 1640  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:16:20.0679 1640  ksthunk - ok
17:16:20.0700 1640  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:16:20.0751 1640  KtmRm - ok
17:16:20.0769 1640  [ 033B4AED2C5519072C0D81E00804D003 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
17:16:20.0797 1640  L1C - ok
17:16:20.0814 1640  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:16:20.0850 1640  LanmanServer - ok
17:16:20.0868 1640  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:16:20.0907 1640  LanmanWorkstation - ok
17:16:20.0931 1640  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:16:20.0989 1640  lltdio - ok
17:16:21.0002 1640  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:16:21.0056 1640  lltdsvc - ok
17:16:21.0069 1640  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:16:21.0104 1640  lmhosts - ok
17:16:21.0172 1640  [ 98B16E756243BEA9410E32025B19C06F ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:16:21.0200 1640  LMS - ok
17:16:21.0224 1640  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:16:21.0241 1640  LSI_FC - ok
17:16:21.0246 1640  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:16:21.0256 1640  LSI_SAS - ok
17:16:21.0259 1640  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:16:21.0267 1640  LSI_SAS2 - ok
17:16:21.0271 1640  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:16:21.0279 1640  LSI_SCSI - ok
17:16:21.0294 1640  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:16:21.0355 1640  luafv - ok
17:16:21.0414 1640  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:16:21.0438 1640  MBAMProtector - ok
17:16:21.0504 1640  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:16:21.0532 1640  MBAMScheduler - ok
17:16:21.0555 1640  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:16:21.0582 1640  MBAMService - ok
17:16:21.0592 1640  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:16:21.0603 1640  Mcx2Svc - ok
17:16:21.0606 1640  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:16:21.0614 1640  megasas - ok
17:16:21.0619 1640  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:16:21.0630 1640  MegaSR - ok
17:16:21.0641 1640  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:16:21.0648 1640  MEIx64 - ok
17:16:21.0696 1640  Microsoft SharePoint Workspace Audit Service - ok
17:16:21.0705 1640  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:16:21.0784 1640  MMCSS - ok
17:16:21.0788 1640  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:16:21.0833 1640  Modem - ok
17:16:21.0853 1640  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:16:21.0873 1640  monitor - ok
17:16:21.0920 1640  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:16:21.0944 1640  mouclass - ok
17:16:21.0961 1640  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:16:21.0986 1640  mouhid - ok
17:16:22.0017 1640  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:16:22.0035 1640  mountmgr - ok
17:16:22.0069 1640  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:16:22.0088 1640  MozillaMaintenance - ok
17:16:22.0094 1640  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:16:22.0116 1640  mpio - ok
17:16:22.0125 1640  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:16:22.0167 1640  mpsdrv - ok
17:16:22.0201 1640  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:16:22.0248 1640  MpsSvc - ok
17:16:22.0252 1640  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:16:22.0288 1640  MRxDAV - ok
17:16:22.0305 1640  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:16:22.0333 1640  mrxsmb - ok
17:16:22.0351 1640  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:16:22.0371 1640  mrxsmb10 - ok
17:16:22.0382 1640  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:16:22.0408 1640  mrxsmb20 - ok
17:16:22.0432 1640  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:16:22.0441 1640  msahci - ok
17:16:22.0469 1640  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:16:22.0479 1640  msdsm - ok
17:16:22.0491 1640  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:16:22.0512 1640  MSDTC - ok
17:16:22.0530 1640  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:16:22.0569 1640  Msfs - ok
17:16:22.0596 1640  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:16:22.0662 1640  mshidkmdf - ok
17:16:22.0678 1640  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:16:22.0687 1640  msisadrv - ok
17:16:22.0703 1640  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:16:22.0745 1640  MSiSCSI - ok
17:16:22.0747 1640  msiserver - ok
17:16:22.0758 1640  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:16:22.0785 1640  MSKSSRV - ok
17:16:22.0796 1640  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:16:22.0835 1640  MSPCLOCK - ok
17:16:22.0856 1640  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:16:22.0925 1640  MSPQM - ok
17:16:22.0945 1640  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:16:22.0957 1640  MsRPC - ok
17:16:22.0967 1640  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:16:22.0975 1640  mssmbios - ok
17:16:22.0987 1640  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:16:23.0027 1640  MSTEE - ok
17:16:23.0048 1640  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:16:23.0078 1640  MTConfig - ok
17:16:23.0089 1640  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:16:23.0097 1640  Mup - ok
17:16:23.0124 1640  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:16:23.0155 1640  napagent - ok
17:16:23.0173 1640  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:16:23.0204 1640  NativeWifiP - ok
17:16:23.0260 1640  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:16:23.0282 1640  NDIS - ok
17:16:23.0289 1640  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:16:23.0316 1640  NdisCap - ok
17:16:23.0327 1640  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:16:23.0367 1640  NdisTapi - ok
17:16:23.0384 1640  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:16:23.0418 1640  Ndisuio - ok
17:16:23.0430 1640  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:16:23.0465 1640  NdisWan - ok
17:16:23.0487 1640  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:16:23.0526 1640  NDProxy - ok
17:16:23.0561 1640  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:16:23.0637 1640  NetBIOS - ok
17:16:23.0654 1640  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:16:23.0694 1640  NetBT - ok
17:16:23.0718 1640  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:16:23.0728 1640  Netlogon - ok
17:16:23.0756 1640  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:16:23.0803 1640  Netman - ok
17:16:23.0859 1640  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:16:23.0887 1640  NetMsmqActivator - ok
17:16:23.0896 1640  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:16:23.0903 1640  NetPipeActivator - ok
17:16:23.0916 1640  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:16:23.0962 1640  netprofm - ok
17:16:23.0965 1640  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:16:23.0973 1640  NetTcpActivator - ok
17:16:23.0976 1640  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:16:23.0983 1640  NetTcpPortSharing - ok
17:16:24.0006 1640  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:16:24.0015 1640  nfrd960 - ok
17:16:24.0056 1640  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:16:24.0080 1640  NlaSvc - ok
17:16:24.0095 1640  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:16:24.0122 1640  Npfs - ok
17:16:24.0129 1640  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:16:24.0166 1640  nsi - ok
17:16:24.0178 1640  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:16:24.0213 1640  nsiproxy - ok
17:16:24.0276 1640  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:16:24.0341 1640  Ntfs - ok
17:16:24.0354 1640  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:16:24.0421 1640  Null - ok
17:16:24.0466 1640  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
17:16:24.0502 1640  nusb3hub - ok
17:16:24.0529 1640  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:16:24.0571 1640  nusb3xhc - ok
17:16:24.0632 1640  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
17:16:24.0668 1640  NVHDA - ok
17:16:24.0722 1640  [ 65E6BB06A644533118BE007E9601B2C2 ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
17:16:24.0753 1640  nvkflt - ok
17:16:24.0964 1640  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:16:25.0248 1640  nvlddmkm - ok
17:16:25.0266 1640  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
17:16:25.0273 1640  nvpciflt - ok
17:16:25.0299 1640  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:16:25.0324 1640  nvraid - ok
17:16:25.0338 1640  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:16:25.0348 1640  nvstor - ok
17:16:25.0403 1640  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc           C:\Windows\system32\nvvsvc.exe
17:16:25.0439 1640  NVSvc - ok
17:16:25.0503 1640  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:16:25.0570 1640  nvUpdatusService - ok
17:16:25.0591 1640  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:16:25.0600 1640  nv_agp - ok
17:16:25.0603 1640  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:16:25.0627 1640  ohci1394 - ok
17:16:25.0682 1640  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:16:25.0705 1640  ose - ok
17:16:25.0846 1640  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:16:25.0955 1640  osppsvc - ok
17:16:25.0972 1640  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:16:25.0994 1640  p2pimsvc - ok
17:16:26.0023 1640  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:16:26.0046 1640  p2psvc - ok
17:16:26.0050 1640  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
17:16:26.0070 1640  Parport - ok
17:16:26.0094 1640  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:16:26.0103 1640  partmgr - ok
17:16:26.0111 1640  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:16:26.0134 1640  PcaSvc - ok
17:16:26.0152 1640  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:16:26.0163 1640  pci - ok
17:16:26.0176 1640  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:16:26.0184 1640  pciide - ok
17:16:26.0199 1640  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:16:26.0209 1640  pcmcia - ok
17:16:26.0218 1640  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:16:26.0226 1640  pcw - ok
17:16:26.0243 1640  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:16:26.0287 1640  PEAUTH - ok
17:16:26.0336 1640  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:16:26.0379 1640  PerfHost - ok
17:16:26.0437 1640  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:16:26.0532 1640  pla - ok
17:16:26.0591 1640  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:16:26.0638 1640  PlugPlay - ok
17:16:26.0649 1640  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:16:26.0675 1640  PNRPAutoReg - ok
17:16:26.0697 1640  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:16:26.0718 1640  PNRPsvc - ok
17:16:26.0745 1640  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:16:26.0807 1640  PolicyAgent - ok
17:16:26.0835 1640  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:16:26.0872 1640  Power - ok
17:16:26.0905 1640  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:16:26.0938 1640  PptpMiniport - ok
17:16:26.0957 1640  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:16:26.0983 1640  Processor - ok
17:16:27.0005 1640  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:16:27.0034 1640  ProfSvc - ok
17:16:27.0055 1640  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:16:27.0068 1640  ProtectedStorage - ok
17:16:27.0076 1640  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:16:27.0132 1640  Psched - ok
17:16:27.0206 1640  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:16:27.0287 1640  ql2300 - ok
17:16:27.0291 1640  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:16:27.0300 1640  ql40xx - ok
17:16:27.0328 1640  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:16:27.0343 1640  QWAVE - ok
17:16:27.0355 1640  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:16:27.0379 1640  QWAVEdrv - ok
17:16:27.0381 1640  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:16:27.0418 1640  RasAcd - ok
17:16:27.0449 1640  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:16:27.0521 1640  RasAgileVpn - ok
17:16:27.0547 1640  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:16:27.0584 1640  RasAuto - ok
17:16:27.0606 1640  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:16:27.0645 1640  Rasl2tp - ok
17:16:27.0677 1640  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:16:27.0707 1640  RasMan - ok
17:16:27.0719 1640  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:16:27.0757 1640  RasPppoe - ok
17:16:27.0769 1640  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:16:27.0806 1640  RasSstp - ok
17:16:27.0829 1640  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:16:27.0859 1640  rdbss - ok
17:16:27.0866 1640  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:16:27.0891 1640  rdpbus - ok
17:16:27.0913 1640  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:16:27.0940 1640  RDPCDD - ok
17:16:27.0957 1640  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:16:27.0999 1640  RDPENCDD - ok
17:16:28.0029 1640  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:16:28.0107 1640  RDPREFMP - ok
17:16:28.0164 1640  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:16:28.0206 1640  RdpVideoMiniport - ok
17:16:28.0229 1640  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:16:28.0264 1640  RDPWD - ok
17:16:28.0284 1640  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:16:28.0304 1640  rdyboost - ok
17:16:28.0325 1640  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:16:28.0391 1640  RemoteAccess - ok
17:16:28.0423 1640  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:16:28.0500 1640  RemoteRegistry - ok
17:16:28.0516 1640  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:16:28.0544 1640  RFCOMM - ok
17:16:28.0582 1640  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:16:28.0609 1640  RpcEptMapper - ok
17:16:28.0620 1640  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:16:28.0646 1640  RpcLocator - ok
17:16:28.0665 1640  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:16:28.0695 1640  RpcSs - ok
17:16:28.0707 1640  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:16:28.0734 1640  rspndr - ok
17:16:28.0779 1640  [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
17:16:28.0812 1640  RSUSBVSTOR - ok
17:16:28.0847 1640  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:16:28.0878 1640  RTL8167 - ok
17:16:28.0887 1640  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:16:28.0899 1640  SamSs - ok
17:16:28.0909 1640  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:16:28.0921 1640  sbp2port - ok
17:16:28.0938 1640  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:16:28.0975 1640  SCardSvr - ok
17:16:28.0988 1640  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:16:29.0025 1640  scfilter - ok
17:16:29.0063 1640  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:16:29.0122 1640  Schedule - ok
17:16:29.0153 1640  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:16:29.0178 1640  SCPolicySvc - ok
17:16:29.0190 1640  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:16:29.0210 1640  SDRSVC - ok
17:16:29.0230 1640  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:16:29.0271 1640  secdrv - ok
17:16:29.0285 1640  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:16:29.0323 1640  seclogon - ok
17:16:29.0344 1640  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:16:29.0386 1640  SENS - ok
17:16:29.0398 1640  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:16:29.0417 1640  SensrSvc - ok
17:16:29.0444 1640  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:16:29.0466 1640  Serenum - ok
17:16:29.0469 1640  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
17:16:29.0483 1640  Serial - ok
17:16:29.0504 1640  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:16:29.0527 1640  sermouse - ok
17:16:29.0557 1640  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:16:29.0592 1640  SessionEnv - ok
17:16:29.0594 1640  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:16:29.0625 1640  sffdisk - ok
17:16:29.0628 1640  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:16:29.0644 1640  sffp_mmc - ok
17:16:29.0646 1640  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:16:29.0665 1640  sffp_sd - ok
17:16:29.0668 1640  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:16:29.0684 1640  sfloppy - ok
17:16:29.0712 1640  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:16:29.0754 1640  SharedAccess - ok
17:16:29.0769 1640  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:16:29.0813 1640  ShellHWDetection - ok
17:16:29.0826 1640  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
17:16:29.0851 1640  SiSGbeLH - ok
17:16:29.0853 1640  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:16:29.0862 1640  SiSRaid2 - ok
17:16:29.0864 1640  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:16:29.0873 1640  SiSRaid4 - ok
17:16:29.0876 1640  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:16:29.0909 1640  Smb - ok
17:16:29.0935 1640  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:16:29.0970 1640  SNMPTRAP - ok
17:16:29.0989 1640  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:16:30.0003 1640  spldr - ok
17:16:30.0036 1640  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:16:30.0069 1640  Spooler - ok
17:16:30.0145 1640  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:16:30.0256 1640  sppsvc - ok
17:16:30.0280 1640  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:16:30.0322 1640  sppuinotify - ok
17:16:30.0346 1640  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:16:30.0377 1640  srv - ok
17:16:30.0397 1640  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:16:30.0426 1640  srv2 - ok
17:16:30.0452 1640  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:16:30.0490 1640  srvnet - ok
17:16:30.0521 1640  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:16:30.0579 1640  SSDPSRV - ok
17:16:30.0602 1640  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:16:30.0643 1640  SstpSvc - ok
17:16:30.0659 1640  Steam Client Service - ok
17:16:30.0717 1640  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:16:30.0743 1640  Stereo Service - ok
17:16:30.0764 1640  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:16:30.0778 1640  stexstor - ok
17:16:30.0812 1640  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:16:30.0863 1640  stisvc - ok
17:16:30.0879 1640  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:16:30.0894 1640  swenum - ok
17:16:30.0915 1640  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:16:30.0976 1640  swprv - ok
17:16:31.0011 1640  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:16:31.0068 1640  SysMain - ok
17:16:31.0081 1640  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:16:31.0110 1640  TabletInputService - ok
17:16:31.0125 1640  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:16:31.0164 1640  TapiSrv - ok
17:16:31.0188 1640  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:16:31.0226 1640  TBS - ok
17:16:31.0270 1640  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:16:31.0316 1640  Tcpip - ok
17:16:31.0353 1640  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:16:31.0381 1640  TCPIP6 - ok
17:16:31.0408 1640  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:16:31.0418 1640  tcpipreg - ok
17:16:31.0428 1640  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:16:31.0436 1640  TDPIPE - ok
17:16:31.0452 1640  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:16:31.0475 1640  TDTCP - ok
17:16:31.0488 1640  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:16:31.0529 1640  tdx - ok
17:16:31.0553 1640  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:16:31.0562 1640  TermDD - ok
17:16:31.0581 1640  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:16:31.0613 1640  TermService - ok
17:16:31.0626 1640  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:16:31.0652 1640  Themes - ok
17:16:31.0676 1640  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:16:31.0704 1640  THREADORDER - ok
17:16:31.0738 1640  [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService   C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
17:16:31.0748 1640  TiMiniService - ok
17:16:31.0768 1640  [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
17:16:31.0776 1640  tmactmon - ok
17:16:31.0788 1640  [ 360E61217D4E1E333583D0C721057F70 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
17:16:31.0797 1640  tmcomm - ok
17:16:31.0807 1640  [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
17:16:31.0815 1640  tmevtmgr - ok
17:16:31.0834 1640  [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
17:16:31.0842 1640  tmtdi - ok
17:16:31.0868 1640  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:16:31.0911 1640  TrkWks - ok
17:16:31.0972 1640  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:16:32.0059 1640  TrustedInstaller - ok
17:16:32.0080 1640  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:16:32.0106 1640  tssecsrv - ok
17:16:32.0142 1640  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:16:32.0195 1640  TsUsbFlt - ok
17:16:32.0214 1640  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:16:32.0241 1640  TsUsbGD - ok
17:16:32.0268 1640  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:16:32.0325 1640  tunnel - ok
17:16:32.0369 1640  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
17:16:32.0377 1640  TurboB - ok
17:16:32.0395 1640  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:16:32.0404 1640  TurboBoost - ok
17:16:32.0417 1640  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:16:32.0425 1640  uagp35 - ok
17:16:32.0435 1640  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:16:32.0475 1640  udfs - ok
17:16:32.0497 1640  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:16:32.0527 1640  UI0Detect - ok
17:16:32.0542 1640  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:16:32.0550 1640  uliagpkx - ok
17:16:32.0566 1640  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:16:32.0577 1640  umbus - ok
17:16:32.0590 1640  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:16:32.0607 1640  UmPass - ok
17:16:32.0714 1640  [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:16:32.0790 1640  UNS - ok
17:16:32.0810 1640  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:16:32.0840 1640  upnphost - ok
17:16:32.0879 1640  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:16:32.0900 1640  usbaudio - ok
17:16:32.0915 1640  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:16:32.0936 1640  usbccgp - ok
17:16:32.0952 1640  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:16:32.0981 1640  usbcir - ok
17:16:33.0004 1640  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:16:33.0028 1640  usbehci - ok
17:16:33.0054 1640  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:16:33.0083 1640  usbhub - ok
17:16:33.0098 1640  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:16:33.0107 1640  usbohci - ok
17:16:33.0115 1640  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:16:33.0140 1640  usbprint - ok
17:16:33.0164 1640  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:16:33.0188 1640  usbscan - ok
17:16:33.0199 1640  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:16:33.0223 1640  USBSTOR - ok
17:16:33.0233 1640  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:16:33.0252 1640  usbuhci - ok
17:16:33.0269 1640  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:16:33.0290 1640  usbvideo - ok
17:16:33.0313 1640  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:16:33.0341 1640  UxSms - ok
17:16:33.0357 1640  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:16:33.0366 1640  VaultSvc - ok
17:16:33.0380 1640  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:16:33.0388 1640  vdrvroot - ok
17:16:33.0402 1640  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:16:33.0447 1640  vds - ok
17:16:33.0450 1640  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:16:33.0462 1640  vga - ok
17:16:33.0490 1640  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:16:33.0535 1640  VgaSave - ok
17:16:33.0558 1640  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:16:33.0568 1640  vhdmp - ok
17:16:33.0571 1640  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:16:33.0579 1640  viaide - ok
17:16:33.0590 1640  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:16:33.0598 1640  volmgr - ok
17:16:33.0607 1640  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:16:33.0619 1640  volmgrx - ok
17:16:33.0627 1640  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:16:33.0638 1640  volsnap - ok
17:16:33.0657 1640  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:16:33.0666 1640  vsmraid - ok
17:16:33.0694 1640  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:16:33.0760 1640  VSS - ok
17:16:33.0769 1640  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:16:33.0793 1640  vwifibus - ok
17:16:33.0810 1640  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:16:33.0834 1640  vwififlt - ok
17:16:33.0852 1640  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:16:33.0899 1640  W32Time - ok
17:16:33.0903 1640  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:16:33.0928 1640  WacomPen - ok
17:16:33.0945 1640  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:16:33.0986 1640  WANARP - ok
17:16:33.0988 1640  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:16:34.0015 1640  Wanarpv6 - ok
17:16:34.0047 1640  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:16:34.0099 1640  wbengine - ok
17:16:34.0116 1640  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:16:34.0143 1640  WbioSrvc - ok
17:16:34.0149 1640  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:16:34.0186 1640  wcncsvc - ok
17:16:34.0199 1640  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:16:34.0221 1640  WcsPlugInService - ok
17:16:34.0224 1640  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:16:34.0232 1640  Wd - ok
17:16:34.0265 1640  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:16:34.0285 1640  Wdf01000 - ok
17:16:34.0288 1640  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:16:34.0314 1640  WdiServiceHost - ok
17:16:34.0317 1640  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:16:34.0331 1640  WdiSystemHost - ok
17:16:34.0357 1640  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:16:34.0386 1640  WebClient - ok
17:16:34.0406 1640  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:16:34.0451 1640  Wecsvc - ok
17:16:34.0469 1640  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:16:34.0510 1640  wercplsupport - ok
17:16:34.0535 1640  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:16:34.0602 1640  WerSvc - ok
17:16:34.0618 1640  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:16:34.0644 1640  WfpLwf - ok
17:16:34.0678 1640  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
17:16:34.0687 1640  WimFltr - ok
17:16:34.0698 1640  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:16:34.0706 1640  WIMMount - ok
17:16:34.0724 1640  WinDefend - ok
17:16:34.0728 1640  WinHttpAutoProxySvc - ok
17:16:34.0769 1640  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:16:34.0809 1640  Winmgmt - ok
17:16:34.0870 1640  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:16:34.0957 1640  WinRM - ok
17:16:35.0002 1640  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:16:35.0013 1640  WinUsb - ok
17:16:35.0042 1640  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:16:35.0077 1640  Wlansvc - ok
17:16:35.0133 1640  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:16:35.0156 1640  wlcrasvc - ok
17:16:35.0240 1640  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:16:35.0314 1640  wlidsvc - ok
17:16:35.0321 1640  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:16:35.0339 1640  WmiAcpi - ok
17:16:35.0353 1640  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:16:35.0373 1640  wmiApSrv - ok
17:16:35.0392 1640  WMPNetworkSvc - ok
17:16:35.0409 1640  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:16:35.0442 1640  WPCSvc - ok
17:16:35.0457 1640  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:16:35.0483 1640  WPDBusEnum - ok
17:16:35.0502 1640  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:16:35.0565 1640  ws2ifsl - ok
17:16:35.0577 1640  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:16:35.0600 1640  wscsvc - ok
17:16:35.0602 1640  WSearch - ok
17:16:35.0683 1640  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:16:35.0751 1640  wuauserv - ok
17:16:35.0765 1640  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:16:35.0787 1640  WudfPf - ok
17:16:35.0799 1640  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:16:35.0823 1640  WUDFRd - ok
17:16:35.0837 1640  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:16:35.0858 1640  wudfsvc - ok
17:16:35.0878 1640  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:16:35.0904 1640  WwanSvc - ok
17:16:35.0930 1640  ================ Scan global ===============================
17:16:35.0947 1640  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:16:35.0986 1640  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:16:36.0001 1640  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:16:36.0025 1640  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:16:36.0038 1640  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:16:36.0042 1640  [Global] - ok
17:16:36.0042 1640  ================ Scan MBR ==================================
17:16:36.0057 1640  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:16:36.0360 1640  \Device\Harddisk0\DR0 - ok
17:16:36.0361 1640  ================ Scan VBR ==================================
17:16:36.0366 1640  [ 2609D208C64B65A68FC81773C29445FC ] \Device\Harddisk0\DR0\Partition1
17:16:36.0369 1640  \Device\Harddisk0\DR0\Partition1 - ok
17:16:36.0394 1640  [ 49C3ABC80DE40F45577EE7B640A9DB80 ] \Device\Harddisk0\DR0\Partition2
17:16:36.0398 1640  \Device\Harddisk0\DR0\Partition2 - ok
17:16:36.0399 1640  ============================================================
17:16:36.0399 1640  Scan finished
17:16:36.0399 1640  ============================================================
17:16:36.0415 6092  Detected object count: 0
17:16:36.0415 6092  Actual detected object count: 0

Alt 12.01.2013, 17:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.01.2013, 17:52   #9
bobsnyder
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Done, hier der Combofix-Log:

Code:
ATTFilter
ComboFix 13-01-12.01 - A93S 12.01.2013  17:30:56.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8101.5923 [GMT 1:00]
ausgeführt von:: c:\users\A93S\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\A93S\8341616.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-12 bis 2013-01-12  ))))))))))))))))))))))))))))))
.
.
2013-01-12 16:38 . 2013-01-12 16:38	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-01-12 16:38 . 2013-01-12 16:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-11 19:02 . 2013-01-11 19:02	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-11 19:02 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-11 19:02 . 2013-01-11 19:02	--------	d-----w-	c:\users\A93S\AppData\Local\Programs
2013-01-09 05:33 . 2012-11-22 05:44	800768	----a-w-	c:\windows\system32\usp10.dll
2012-12-31 14:31 . 2012-12-31 14:31	--------	d-----w-	c:\users\A93S\AppData\Local\4A Games
2012-12-31 14:31 . 2012-12-31 14:31	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-31 14:30 . 2008-10-15 05:22	519000	----a-w-	c:\windows\system32\d3dx10_40.dll
2012-12-31 14:30 . 2008-10-15 05:22	452440	----a-w-	c:\windows\SysWow64\d3dx10_40.dll
2012-12-23 07:48 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-23 07:48 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-23 07:48 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-23 07:48 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-20 19:16 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-12-20 19:16 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-12-20 19:16 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-12-20 19:16 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-20 19:16 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-12-20 19:16 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-12-20 19:16 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-12-20 19:16 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-12-20 19:16 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-12-20 19:04 . 2012-12-20 19:04	21712	----a-w-	c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-12-20 19:04 . 2012-12-20 19:04	--------	d-----w-	c:\users\A93S\AppData\Local\eSupport.com
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 14:58 . 2011-09-24 16:17	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-01-09 06:43 . 2011-11-29 05:20	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 18:37 . 2012-10-22 19:36	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-11 18:37 . 2012-10-22 19:36	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-30 04:45 . 2013-01-09 05:33	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 06:30	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 06:30	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 06:30	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 06:30	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 06:30	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 06:30	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 06:30	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 06:30	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 06:30	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 06:30	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 06:30	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 06:30	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 06:30	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 06:31	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 06:31	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 06:30	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 06:30	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 06:30	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 06:30	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 06:30	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 06:30	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 06:31	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 05:49	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 05:49	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 05:48	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 05:48	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-10-23 18:34 . 2012-10-23 18:35	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-10-23 18:34 . 2012-10-23 18:35	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-23 18:34 . 2011-11-19 08:34	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-18 17:21 . 2012-10-18 17:21	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-18 17:21 . 2011-11-14 07:03	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 05:48	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 05:48	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 05:48	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-18 496560]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\A93S\Desktop\mbar\mbar.exe" [2013-01-09 1356360]
.
c:\users\A93S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-24 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-12-20 21712]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-04 283200]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-02 284008]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 17870762
*NewlyCreated* - ASWMBR
*Deregistered* - 17870762
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-10 18:24	1606760	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 17:21]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-12 2213992]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\A93S\AppData\Roaming\Mozilla\Firefox\Profiles\dwq2sz6j.default\
FF - ExtSQL: 2012-12-09 11:30; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\A93S\AppData\Roaming\Mozilla\Firefox\Profiles\dwq2sz6j.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3317320276-4282056778-2070127895-1001\Software\SecuROM\License information*]
"datasecu"=hex:77,0b,8d,be,f6,ff,68,f5,64,77,9b,bc,fc,48,d5,5c,56,da,98,96,ad,
   5f,53,63,da,65,23,43,c2,ad,9a,a4,17,f8,19,6d,71,f4,01,b0,cd,f6,c0,0d,32,85,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-12  17:41:19
ComboFix-quarantined-files.txt  2013-01-12 16:41
.
Vor Suchlauf: 10 Verzeichnis(se), 151.249.547.264 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 150.954.405.888 Bytes frei
.
- - End Of File - - 5AA798840C01F55F0DC422C3A6E0D704

Alt 13.01.2013, 19:17   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Code:
ATTFilter
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
Warum hast du Trendmicro und AntiVir drauf?! Zwei solcher Scanner nutzt man nicht gleichzeitig/parallel!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.01.2013, 20:27   #11
bobsnyder
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Trend Micro war vorinstalliert, ist aber nicht aktiviert.

Alt 13.01.2013, 20:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Es ist aber installiert! Allein das kann schon ein Problem sein. Bitte deinstalliere TrendMicro!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 05:34   #13
bobsnyder
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


Alles Klar, erledigt.

Alt 14.01.2013, 09:54   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 19:58   #15
bobsnyder
 
GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Standard

GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


erledigt, allerdings hatte ich bereits am 11.01 in Panik einen Lauf damit durchgeführt... ich hoffe es ist nicht allzu schlimm... sorry dafür!

hier beide logs

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 11/01/2013 um 22:50:11 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : A93S - A93S-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\A93S\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\A93S\AppData\Roaming\Mozilla\Firefox\Profiles\dwq2sz6j.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\A93S\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\A93S\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\A93S\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\A93S\AppData\Roaming\Mozilla\Firefox\Profiles\dwq2sz6j.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\A93S\AppData\Roaming\Mozilla\Firefox\Profiles\dwq2sz6j.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\A93S\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1704 octets] - [11/01/2013 22:50:11]

########## EOF - C:\AdwCleaner[S1].txt - [1764 octets] ##########
Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 14/01/2013 um 19:38:30 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : A93S - A93S-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\A93S\Desktop\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\A93S\AppData\Roaming\Mozilla\Firefox\Profiles\dwq2sz6j.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\A93S\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [868 octets] - [14/01/2013 19:38:30]
AdwCleaner[S1].txt - [1833 octets] - [11/01/2013 22:50:11]

########## EOF - C:\AdwCleaner[R1].txt - [987 octets] ##########

Antwort
Seite 1 von 2 1 2

Themen zu GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?
avira, black, converter, daten verschlüsselt, error, excel, fehler, firefox, flash player, focus, google, grand theft auto, home, install.exe, installation, logfile, mozilla, nvidia update, nvpciflt.sys, realtek, registry, rundll, scan, security, server, software, starten, svchost.exe, trojaner, viren, warnung, windows


« PC mit ZeuS/ZBot infiziert? Logs liegen vor. | GVU Virus heute eingefangen und gleich entfernt - ist mein PC wirklich sauber? Wie checken? »


Ähnliche Themen: GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?


  1. gvu trojaner abgesicherter modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (1)
  2. BKA Trojaner , abgesicherter Modus -> Endlosschleife
    Log-Analyse und Auswertung - 27.11.2014 (5)
  3. GVU-Trojaner abgesicherter Modus in Win 7
    Log-Analyse und Auswertung - 01.05.2014 (3)
  4. GVU-Trojaner abgesicherter Modus in Win 7 geht nicht
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (13)
  5. GVU Trojaner - abgesicherter Modus startet nicht
    Log-Analyse und Auswertung - 07.12.2013 (19)
  6. gvu trojaner - abgesicherter modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (2)
  7. GVU Trojaner Win 7, abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (1)
  8. GVU Trojaner, abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (11)
  9. BKA Trojaner, Abgesicherter Modus funktioniert eingeschränkt
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (23)
  10. GVU Trojaner, abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (25)
  11. GVU Trojaner - Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (13)
  12. GVU-Trojaner nichteinmal abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (19)
  13. GVU Trojaner abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 17.03.2013 (2)
  14. GVU Trojaner nur noch abgesicherter Modus
    Log-Analyse und Auswertung - 08.02.2013 (3)
  15. BKA Trojaner - Kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (11)
  16. bka-trojaner, abgesicherter modus, bluescreen
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (7)
  17. GVU/BKA Trojaner. Bluescreen abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? - Erst einmal Hallo an alle! Ich habe mich jetzt ein klein wenig ins Forum eingelesen und schnell festgestellt, dass jeder dieser GVU-Trojaner Fälle für sich behandelt werden sollte. Hier also - GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun?...
Archiv
Du betrachtest: GVU Trojaner --> abgesicherter Modus und Virenscan behebten die Symptome, was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131